{"photon": [{"lastseen": "2021-11-03T17:50:09", "description": "An update of {'docker', 'linux', 'linux-esx'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 6.0}, "published": "2019-06-13T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2019-1.0-0238", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.2, "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15664", "CVE-2019-11833", "CVE-2019-15218", "CVE-2019-15219", "CVE-2019-15666", "CVE-2019-19966", "CVE-2019-5489", "CVE-2020-10720"], "modified": "2019-06-13T00:00:00", "id": "PHSA-2019-1.0-0238", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-238", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-10T16:01:15", "description": "Updates of ['linux-aws', 'docker', 'linux-secure', 'vim', 'linux-esx', 'linux', 'sqlite'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-11T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2019-0162", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15664", "CVE-2018-20961", "CVE-2019-12735", "CVE-2019-15666", "CVE-2019-19966", "CVE-2019-20095", "CVE-2019-8457"], "modified": "2019-06-11T00:00:00", "id": "PHSA-2019-0162", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-162", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-05T23:40:07", "description": "Updates of ['python2', 'elfutils', 'linux-esx', 'linux', 'linux-secure', 'linux-aws'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-20T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2019-0021", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18310", "CVE-2018-20836", "CVE-2019-10160", "CVE-2019-10639", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12378", "CVE-2019-12379", "CVE-2019-12380", "CVE-2019-12381", "CVE-2019-12382", "CVE-2019-12455", "CVE-2019-12456", "CVE-2019-13233", "CVE-2019-15216", "CVE-2019-15218", "CVE-2019-15219", "CVE-2019-15223", "CVE-2019-15666", "CVE-2019-19966", "CVE-2019-20095", "CVE-2019-5489", "CVE-2019-7148", "CVE-2019-7149", "CVE-2019-7150", "CVE-2020-10720"], "modified": "2019-06-20T00:00:00", "id": "PHSA-2019-0021", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-21", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-10T17:52:41", "description": "Updates of ['linux-aws', 'linux', 'elfutils', 'linux-secure', 'linux-esx', 'python2'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-20T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2019-3.0-0021", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18310", "CVE-2018-20836", "CVE-2019-10160", "CVE-2019-10639", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12378", "CVE-2019-12379", "CVE-2019-12380", "CVE-2019-12381", "CVE-2019-12382", "CVE-2019-12455", "CVE-2019-12456", "CVE-2019-13233", "CVE-2019-15216", "CVE-2019-15218", "CVE-2019-15219", "CVE-2019-15223", "CVE-2019-15666", "CVE-2019-19966", "CVE-2019-20095", "CVE-2019-5489", "CVE-2019-7148", "CVE-2019-7149", "CVE-2019-7150", "CVE-2020-10720"], "modified": "2019-06-20T00:00:00", "id": "PHSA-2019-3.0-0021", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-21", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-10T16:01:57", "description": "Updates of ['linux-aws', 'linux-secure', 'python3', 'linux-esx', 'openssh', 'linux', 'python2', 'zsh'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-20T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2019-0165", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0502", "CVE-2018-13259", "CVE-2019-10160", "CVE-2019-10639", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-12378", "CVE-2019-12379", "CVE-2019-12381", "CVE-2019-12382", "CVE-2019-12456", "CVE-2019-15218", "CVE-2019-15219", "CVE-2019-6110", "CVE-2020-10720"], "modified": "2019-06-20T00:00:00", "id": "PHSA-2019-0165", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-165", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-11-03T21:00:16", "description": "An update of {'sqlite', 'docker', 'vim'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-06-11T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2019-2.0-0162", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15664", "CVE-2019-12735", "CVE-2019-8457"], "modified": "2019-06-11T00:00:00", "id": "PHSA-2019-2.0-0162", "href": "https://github.com/vmware/photon/wiki/Security-Updates-2-162", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T18:52:34", "description": "Updates of ['bubblewrap', 'docker', 'go'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2019-06-10T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2019-0019", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15664", "CVE-2019-12439", "CVE-2019-6486"], "modified": "2019-06-10T00:00:00", "id": "PHSA-2019-0019", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-19", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-06-10T17:52:45", "description": "Updates of ['go', 'bubblewrap', 'docker'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2019-06-13T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2019-3.0-0019", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15664", "CVE-2019-12439", "CVE-2019-6486"], "modified": "2019-06-13T00:00:00", "id": "PHSA-2019-3.0-0019", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-19", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "ibm": [{"lastseen": "2023-02-27T21:49:29", "description": "## Summary\n\nKernel is used by IBM Netezza Host Management. This bulletin provides mitigation for the reported CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-15214](<https://vulners.com/cve/CVE-2019-15214>) \n** DESCRIPTION: **Linux Kernel could allow a physical attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the sound subsystem. By performing card disconnection actions, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165535](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165535>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-15217](<https://vulners.com/cve/CVE-2019-15217>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the yurex.c driver. By using a specially-crafted USB device, a physical attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 4.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165538](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165538>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-15218](<https://vulners.com/cve/CVE-2019-15218>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the smsusb.c driver. By using a specially-crafted USB device, a physical attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 4.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165539](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165539>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-15219](<https://vulners.com/cve/CVE-2019-15219>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the sisusb.c driver. By using a specially-crafted USB device, a physical attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 4.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165540](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165540>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-15291](<https://vulners.com/cve/CVE-2019-15291>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the flexcop_usb_probe function in the flexcop-usb.c driver. By using a specially-crafted USB device, a physical attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 4.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165548](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165548>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Netezza Host Management| All IBM Netezza Host Management starting 5.4.9.0 \n \n## Remediation/Fixes\n\nNone\n\n## Workarounds and Mitigations\n\nMitigation of the reported CVEs : CVE-2019-15214, CVE-2019-15217, CVE-2019-15218, CVE-2019-15219, CVE-2019-15291 blocklisting kernel modules **snd, zr364xx, smsusb, sisusbvga, b2c2-flexcop-usb** to prevent them from loading automatically on PureData System for Analytics N200x and N3001 is as follows:\n\n1\\. Change to user nz: \n[root@nzhost1 ~]# **su \u2013 nz**\n\n2\\. Check to see if Call Home is enabled: \n[nz@nzhost1 ~]$ **nzcallhome -status** \nIf enabled, disable it: \n[nz@nzhost1 ~]$ **nzcallhome \u2013off** \n** Note:** Ensure that nzcallhome returns status as disabled. If there are errors in the callHome.txt configuration file, errors are listed in the output, and call-Home is disabled.\n\n3\\. Check the state of the Netezza system: \n[nz@nzhost1 ~]$ **nzstate**\n\n4\\. If the system state is online, stop the system using the command: \n[nz@nzhost1 ~]$ **nzstop**\n\n5\\. Wait for the system to stop, using the command: \n[nz@nzhos1t ~]$ **nzstate** \nSystem state is 'Stopped'.\n\n6\\. Exit from the nz session to return to user root: \n[nz@nzhost1 ~]$ **exit**\n\n7\\. Logged into the active host as root, type the following commands to stop the heartbeat processes: \n[root@nzhost1 ~]# **ssh ha2 /sbin/service heartbeat stop** \n[root@nzhost1 ~]# **/sbin/service heartbeat stop**\n\n8\\. Run below commands as a root user to disable heartbeat from startup: \n[root@nzhost1 ~]# **ssh ha2 /sbin/chkconfig heartbeat off** \n[root@nzhost1 ~]# **/sbin/chkconfig heartbeat off**\n\n9\\. Type the following commands to stop the DRBD processes: \n[root@nzhost1 ~]# **ssh ha2 /sbin/service drbd stop** \n[root@nzhost1 ~]#** /sbin/service drbd stop**\n\n10\\. Run below commands as a root user to disable drbd from startup: \n[root@nzhost1 ~]# **ssh ha2 /sbin/chkconfig drbd off** \n[root@nzhost1 ~]# **/sbin/chkconfig drbd off**\n\n**Execute below steps using \"root\" user on both ha1/ha2 hosts**\n\n**Step 1:** Check if kernel modules are snd, zr364xx, smsusb, sisusbvga, b2c2-flexcop-usb loaded in the hosts\n\n**lsmod | grep snd** \n**lsmod | grep zr364xx** \n**lsmod | grep smsusb** \n**lsmod | grep sisusbvga** \n**lsmod | grep b2c2_flexcop_usb**\n\nexample: \n[root@ nzhost1 ~]# lsmod | grep snd \nsnd 74199 0 \nsoundcore 7990 1 snd \n[root@ nzhost1 ~]# lsmod | grep zr364xx \nzr364xx 20096 0 \nvideodev 76188 1 zr364xx \nvideobuf_vmalloc 5295 1 zr364xx \nvideobuf_core 20302 2 zr364xx,videobuf_vmalloc \n[root@ nzhost1 ~]# lsmod | grep smsusb \nsmsusb 8924 0 \nsmsmdtv 30790 1 smsusb \n[root@ nzhost1 ~]# lsmod | grep sisusbvga \nsisusbvga 51565 0 \n[root@ nzhost1 ~]# lsmod | grep b2c2_flexcop_usb \nb2c2_flexcop_usb 5306 0 \nb2c2_flexcop 28746 1 b2c2_flexcop_usb\n\n**Note:** No output on **Step 1** for any module indicates, that module is not loaded hence skip **Step 2** for that module, and proceed with **Step 3**\n\n**Step 2:** Unload kernel modules are snd, zr364xx, smsusb, sisusbvga, b2c2-flexcop-usb if they are loaded\n\n**modprobe -rv snd** \n**modprobe -rv zr364xx** \n**modprobe -rv smsusb** \n**modprobe -rv sisusbvga** \n**modprobe -rv b2c2-flexcop-usb**\n\nexample: \n[root@nzhost1 ~]# modprobe -rv snd \nrmmod /lib/modules/2.6.32-754.35.1.el6.x86_64/kernel/sound/core/snd.ko \nrmmod /lib/modules/2.6.32-754.35.1.el6.x86_64/kernel/sound/soundcore.ko \n[root@nzhost1 ~]# modprobe -rv zr364xx \nrmmod /lib/modules/2.6.32-754.35.1.el6.x86_64/kernel/drivers/media/video/zr364xx.ko \nrmmod /lib/modules/2.6.32-754.35.1.el6.x86_64/kernel/drivers/media/video/videodev.ko \nrmmod /lib/modules/2.6.32-754.35.1.el6.x86_64/kernel/drivers/media/video/v4l2-compat-ioctl32.ko \nrmmod /lib/modules/2.6.32-754.35.1.el6.x86_64/kernel/drivers/media/video/videobuf-vmalloc.ko \nrmmod /lib/modules/2.6.32-754.35.1.el6.x86_64/kernel/drivers/media/video/videobuf-core.ko \n[root@nzhost1 ~]# modprobe -rv smsusb \nrmmod /lib/modules/2.6.32-754.35.1.el6.x86_64/kernel/drivers/media/dvb/siano/smsusb.ko \nrmmod /lib/modules/2.6.32-754.35.1.el6.x86_64/kernel/drivers/media/dvb/siano/smsmdtv.ko \n[root@nzhost1 ~]# modprobe -rv sisusbvga \nrmmod /lib/modules/2.6.32-754.35.1.el6.x86_64/kernel/drivers/usb/misc/sisusbvga/sisusbvga.ko \n[root@nzhost1 ~]# modprobe -rv b2c2-flexcop-usb \nrmmod /lib/modules/2.6.32-754.35.1.el6.x86_64/kernel/drivers/media/dvb/b2c2/b2c2-flexcop-usb.ko \nrmmod /lib/modules/2.6.32-754.35.1.el6.x86_64/kernel/drivers/media/dvb/b2c2/b2c2-flexcop.ko \nrmmod /lib/modules/2.6.32-754.35.1.el6.x86_64/kernel/drivers/media/dvb/dvb-core/dvb-core.ko \nrmmod /lib/modules/2.6.32-754.35.1.el6.x86_64/kernel/drivers/media/dvb/frontends/cx24123.ko \nrmmod /lib/modules/2.6.32-754.35.1.el6.x86_64/kernel/drivers/media/dvb/frontends/cx24113.ko \nrmmod /lib/modules/2.6.32-754.35.1.el6.x86_64/kernel/drivers/media/dvb/frontends/s5h1420.ko\n\nKernel modules and their dependent modules will be unloaded in the reverse order that they are loaded, given that no processes depend on any of the modules being unloaded.\n\n**Step 3:** To prevent modules from being loaded directly you add the blocklist line to a configuration file specific to the system configuration.\n\n**echo \"blocklist snd\" >> /etc/modprobe.d/local-blocklist.conf** \n**echo \"blocklist zr364xx\" >> /etc/modprobe.d/local-blocklist.conf** \n**echo \"blocklist smsusb\" >> /etc/modprobe.d/local-blocklist.conf** \n**echo \"blocklist sisusbvga\" >> /etc/modprobe.d/local-blocklist.conf** \n**echo \"blocklist b2c2-flexcop-usb\" >> /etc/modprobe.d/local-blocklist.conf**\n\nexample : \n[root@nzhost1 ~]# echo \"blocklist snd\" >> /etc/modprobe.d/local-blocklist.conf \n[root@nzhost1 ~]# echo \"blocklist zr364xx\" >> /etc/modprobe.d/local-blocklist.conf \n[root@nzhost1 ~]# echo \"blocklist smsusb\" >> /etc/modprobe.d/local-blocklist.conf \n[root@nzhost1 ~]# echo \"blocklist sisusbvga\" >> /etc/modprobe.d/local-blocklist.conf \n[root@nzhost1 ~]# echo \"blocklist b2c2-flexcop-usb\" >> /etc/modprobe.d/local-blocklist.conf \n[root@nzhost1 ~]# cat /etc/modprobe.d/local-blocklist.conf | grep snd \nblocklist snd \n[root@nzhost1 ~]# cat /etc/modprobe.d/local-blocklist.conf | grep zr364xx \nblocklist zr364xx \n[root@nzhost1 ~]# cat /etc/modprobe.d/local-blocklist.conf | grep smsusb \nblocklist smsusb \n[root@nzhost1 ~]# cat /etc/modprobe.d/local-blocklist.conf | grep sisusbvga \nblocklist sisusbvga \n[root@nzhost1 ~]# cat /etc/modprobe.d/local-blocklist.conf | grep b2c2-flexcop-usb \nblocklist b2c2-flexcop-usb\n\n**Step 4:** Kernel modules can be loaded directly or loaded as a dependency from another module \nTo prevent installation as a dependency from another module follow below step:\n\n**echo \"install snd /bin/false\" >> /etc/modprobe.d/local-blocklist.conf** \n**echo \"install zr364xx /bin/false\" >> /etc/modprobe.d/local-blocklist.conf** \n**echo \"install smsusb /bin/false\" >> /etc/modprobe.d/local-blocklist.conf** \n**echo \"install sisusbvga /bin/false\" >> /etc/modprobe.d/local-blocklist.conf** \n**echo \"install b2c2-flexcop-usb /bin/false\" >> /etc/modprobe.d/local-blocklist.conf**\n\nexample: \n[root@nzhost1 ~]# echo \"install snd /bin/false\" >> /etc/modprobe.d/local-blocklist.conf \n[root@nzhost1 ~]# echo \"install zr364xx /bin/false\" >> /etc/modprobe.d/local-blocklist.conf \n[root@nzhost1 ~]# echo \"install smsusb /bin/false\" >> /etc/modprobe.d/local-blocklist.conf \n[root@nzhost1 ~]# echo \"install sisusbvga /bin/false\" >> /etc/modprobe.d/local-blocklist.conf \n[root@nzhost1 ~]# echo \"install b2c2-flexcop-usb /bin/false\" >> /etc/modprobe.d/local-blocklist.conf \n[root@nzhost1 ~]# cat /etc/modprobe.d/local-blocklist.conf | grep snd \nblocklist snd \ninstall snd /bin/false \n[root@nzhost1 ~]# cat /etc/modprobe.d/local-blocklist.conf | grep zr364xx \nblocklist zr364xx \ninstall zr364xx /bin/false \n[root@nzhost1 ~]# cat /etc/modprobe.d/local-blocklist.conf | grep smsusb \nblocklist smsusb \ninstall smsusb /bin/false \n[root@nzhost1 ~]# cat /etc/modprobe.d/local-blocklist.conf | grep sisusbvga \nblocklist sisusbvga \ninstall sisusbvga /bin/false \n[root@nzhost1 ~]# cat /etc/modprobe.d/local-blocklist.conf | grep b2c2-flexcop-usb \nblocklist b2c2-flexcop-usb \ninstall b2c2-flexcop-usb /bin/false\n\nThe install line simply causes /bin/false to be run instead of installing a module.\n\n**Step 5:** Make a backup copy of your initramfs.\n\n**cp /boot/initramfs-$(uname -r).img /boot/initramfs-$(uname -r).img.$(date +%m-%d-%H%M%S).bak**\n\nExample: \n[root@nzhost1 ~]# cp /boot/initramfs-$(uname -r).img /boot/initramfs-$(uname -r).img.$(date +%m-%d-%H%M%S).bak \n[root@nzhost1 ~]# uname -r \n2.6.32-754.35.1.el6.x86_64 \n[root@nzhost1 ~]# ll /boot/initramfs-2.6.32-754.35.1.el6.x86_64.img.10-28-041219.bak \n-rw------- 1 root root 22387682 Oct 28 04:12 /boot/initramfs-2.6.32-754.35.1.el6.x86_64.img.10-28-041219.bak\n\n**Step 6:** If the kernel module is part of the initramfs (boot configuration), rebuild your initial ramdisk image, omitting the module to be avoided\n\n**dracut --omit-drivers snd -f** \n**dracut --omit-drivers zr364xx -f** \n**dracut --omit-drivers smsusb -f** \n**dracut --omit-drivers sisusbvga -f** \n**dracut --omit-drivers b2c2-flexcop-usb -f**\n\nexample: \n[root@nzhost1 ~]# dracut --omit-drivers snd -f \n[root@nzhost1 ~]# dracut --omit-drivers zr364xx -f \n[root@nzhost1 ~]# dracut --omit-drivers smsusb -f \n[root@nzhost1 ~]# dracut --omit-drivers sisusbvga -f \n[root@nzhost1 ~]# dracut --omit-drivers b2c2-flexcop-usb -f \n[root@nzhost1 ~]# lsinitrd /boot/initramfs-2.6.32-754.35.1.el6.x86_64.img | grep snd \n[root@nzhost1 ~]# lsinitrd /boot/initramfs-2.6.32-754.35.1.el6.x86_64.img | grep zr364xx \n[root@nzhost1 ~]# lsinitrd /boot/initramfs-2.6.32-754.35.1.el6.x86_64.img | grep smsusb \n[root@nzhost1 ~]# lsinitrd /boot/initramfs-2.6.32-754.35.1.el6.x86_64.img | grep sisusbvga \n[root@nzhost1 ~]# lsinitrd /boot/initramfs-2.6.32-754.35.1.el6.x86_64.img | grep b2c2-flexcop-usb\n\n**Step 7:** Append module_name.blocklist to the kernel cmdline. We give it an invalid parameter of blocklist and set it to 1 as a way to preclude the kernel from loading it.\n\nsed --follow-symlinks -i '/\\s*kernel \\/vmlinuz/s/$/ snd.blocklist=1/' /etc/grub.conf \nsed --follow-symlinks -i '/\\s*kernel \\/vmlinuz/s/$/ zr364xx.blocklist=1/' /etc/grub.conf \nsed --follow-symlinks -i '/\\s*kernel \\/vmlinuz/s/$/ smsusb.blocklist=1/' /etc/grub.conf \nsed --follow-symlinks -i '/\\s*kernel \\/vmlinuz/s/$/ sisusbvga.blocklist=1/' /etc/grub.conf \nsed --follow-symlinks -i '/\\s*kernel \\/vmlinuz/s/$/ b2c2-flexcop-usb.blocklist=1/' /etc/grub.conf\n\nexample : \n[root@nzhost1 ~]# sed --follow-symlinks -i '/\\s*kernel \\/vmlinuz/s/$/ snd.blocklist=1/' /etc/grub.conf \n[root@nzhost1 ~]# sed --follow-symlinks -i '/\\s*kernel \\/vmlinuz/s/$/ zr364xx.blocklist=1/' /etc/grub.conf \n[root@nzhost1 ~]# sed --follow-symlinks -i '/\\s*kernel \\/vmlinuz/s/$/ smsusb.blocklist=1/' /etc/grub.conf \n[root@nzhost1 ~]# sed --follow-symlinks -i '/\\s*kernel \\/vmlinuz/s/$/ sisusbvga.blocklist=1/' /etc/grub.conf \n[root@nzhost1 ~]# sed --follow-symlinks -i '/\\s*kernel \\/vmlinuz/s/$/ b2c2-flexcop-usb.blocklist=1/' /etc/grub.conf\n\n**Step 8:** blocklist the kernel module in kdump's configuration file.\n\n**echo \"blocklist snd\" >> /etc/kdump.conf** \n**echo \"blocklist zr364xx\" >> /etc/kdump.conf** \n**echo \"blocklist smsusb\" >> /etc/kdump.conf** \n**echo \"blocklist sisusbvga\" >> /etc/kdump.conf** \n**echo \"blocklist b2c2-flexcop-usb\" >> /etc/kdump.conf**\n\nexample: \n[root@nzhost1 ~]# echo \"blocklist snd\" >> /etc/kdump.conf \n[root@nzhost1 ~]# echo \"blocklist zr364xx\" >> /etc/kdump.conf \n[root@nzhost1 ~]# echo \"blocklist smsusb\" >> /etc/kdump.conf \n[root@nzhost1 ~]# echo \"blocklist sisusbvga\" >> /etc/kdump.conf \n[root@nzhost1 ~]# echo \"blocklist b2c2-flexcop-usb\" >> /etc/kdump.conf \n[root@nzhost1 ~]# cat /etc/kdump.conf | grep snd \nblocklist snd \n[root@nzhost1 ~]# cat /etc/kdump.conf | grep zr364xx \nblocklist zr364xx \n[root@nzhost1 ~]# cat /etc/kdump.conf | grep smsusb \nblocklist zr364xx \n[root@nzhost1 ~]# cat /etc/kdump.conf | grep sisusbvga \nblocklist sisusbvga \n[root@nzhost1 ~]# cat /etc/kdump.conf | grep b2c2-flexcop-usb \nblocklist b2c2-flexcop-usb\n\n**Note:** Perform **Step 9** if kexec-tools is installed and kdump is configured else continue with **Step 10**. \nPerform below commands to check if kexec-tools is installed and Kdump is operational \n[root@nzhost1 ~]# rpm -qa | grep kexec-tools \n[root@nzhost1 ~]# service kdump status\n\n**Step 9:** Restart the kdump service to pick up the changes to kdump's initrd.\n\n**service kdump restart**\n\nexample: \n[root@nzhost1 ~]# service kdump restart \nStopping kdump: [ OK ] \nDetected change(s) the following file(s):\n\n/etc/kdump.conf \nRebuilding /boot/initrd-2.6.32-754.31.1.el6.x86_64kdump.img \nStarting kdump: [ OK ]\n\n**Step 10:** Reboot the system at a convenient time to have the changes take effect. \nMake sure the secondary host is up by pinging or logging in before rebooting the primary host.\n\n**/sbin/shutdown -r now**\n\nexample: \n[root@nzhost1 ~]# /sbin/shutdown -r now \nMake sure the primary server comes up and is reachable before performing Mitigation steps on the secondary server.\n\n** After applying the mitigation:**\n\n1\\. Start the services using following: \n[root@nzhost1 ~]# **service heartbeat start** \n[root@nzhost1 ~]#** ssh ha2 service heartbeat start** \n[root@nzhost1 ~]# **service drbd start** \n[root@nzhost1 ~]# **ssh ha2 service drbd start**\n\n2\\. Check the stat of the system. Type: \n[root@nzhost1 ~]# **crm_mon -i5**\n\nResult: When the cluster manager comes up and is ready, status appears as follows. \nMake sure that nzinit has started before you proceed. (This could take a few minutes.) \nNode: nps61074 (e890696b-ab7b-42c0-9e91-4c1cdacbe3f9): online \nNode: nps61068 (72043b2e-9217-4666-be6f-79923aef2958): online \nResource Group: nps \ndrbd_exphome_device(heartbeat:drbddisk): Started nps61074 \ndrbd_nz_device(heartbeat:drbddisk): Started nps61074 \nexphome_filesystem(heartbeat::ocf:Filesystem): Started nps61074 \nnz_filesystem (heartbeat::ocf:Filesystem): Started nps61074 \nfabric_ip (heartbeat::ocf:IPaddr): Started nps61074 \nwall_ip (heartbeat::ocf:IPaddr): Started nps61074 \nnzinit (lsb:nzinit): Started nps61074 \nfencing_route_to_ha1(stonith:apcmaster): Started nps61074 \nfencing_route_to_ha2(stonith:apcmaster): Started nps61068\n\n3\\. From host 1 (ha1), press Ctrl+C to break out of crm_mon.\n\n4\\. Turn on heartbeat and DRBD using the chkconfig: \n** ssh ha2 /sbin/chkconfig drbd on** \n** /sbin/chkconfig drbd on** \n** ssh ha2 /sbin/chkconfig heartbeat on** \n** /sbin/chkconfig heartbeat on**\n\n## ", "cvss3": {"exploitabilityScore": 0.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.4, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-28T13:21:38", "type": "ibm", "title": "Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-15214", "CVE-2019-15217", "CVE-2019-15218", "CVE-2019-15219", "CVE-2019-15291"], "modified": "2020-10-28T13:21:38", "id": "3D1FD9B5927004B8B7B1CB77FE467A67DED4E5A078A791448C81D1500BA2A09E", "href": "https://www.ibm.com/support/pages/node/6356437", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-23T21:45:03", "description": "## Summary\n\nIBM Cloud Automation Manager is affected by an issue with docker cp command that is vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-15664](<https://vulners.com/cve/CVE-2018-15664>) \n**DESCRIPTION:** Docker could allow a remote attacker to traverse directories on the system, caused by symlink-exchange race attacks in docker cp. By allowing the execution of container processes while conducting filesystem operations on the container, an attacker could exploit this vulnerability to gain read and write access to any path on the host. \nCVSS Base Score: 9.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/161681> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nIBM Cloud Automation Manager 3.1.x, 3.2.0\n\n## Remediation/Fixes\n\nIBM Cloud Automation Manager Content Runtime deployment installs either Docker CE or Docker EE on the Content Runtime system based on user selection. Docker CE is installed either using Docker provided convenience scripts or using the installation binary provided by the user. Docker EE is installed using the Docker EE repository URL provided by the user or the installation binary provided by the user. \n\nThis instruction assumes that you already upgraded your docker engine for CVE 2019-5736 https://www.ibm.com/support/docview.wss?uid=ibm10871642. After applying the fix for CVE 2019-5736, you must be running one of the following docker versions: Docker CE 18.06.3 or higher, Docker CE 18.09.2 or higher, Docker EE 18.03.1-ee.6 or higher, Docker EE 18.09.2 or higher\n\nTo fix the vulnerability described in CVE 2018-15664, you need to upgrade your\n\n * Docker CE version 18.09.x to 18.09.7 or higher\n * Docker EE version 18.03.x to 18.03.1-ee.9 or higher\n * Docker EE version 18.09.x to 18.09.7 or higher\n\nNote: If you are using Docker CE 18.06.x, then you must upgrade to Docker CE 19.03. Docker CE 18.06.x is no longer supported.\n\n**Before you upgrade the Docker Engine:**\n\n**1\\. Execute the following command to verify the docker engine version that is running on your Content Runtime system. **\n\ndocker version\n\n**If the version is lower than Docker CE 18.09.7, Docker EE 18.03.1-ee.9 or Docker EE 18.09.7 then you need to upgrade. **\n\n**2\\. Make sure you have no middleware content template deployments or destructions or deletes in \u201cProgress\u201d state. If they are in Progress state, then wait for them to complete.**\n\n**3\\. Execute the following command to bring down the pattern manager and software repository containers on the Content Runtime system. **\n\ncd /root/advanced-content-runtime\n\ndocker-compose -f docker-compose.yml down\n\n**Upgrade Docker CE on Ubuntu**\n\n1\\. Execute the following command to update the apt packages \n\nsudo apt-get update\n\n2\\. List the versions available in your repo. Verify if the version you need is in the list. \n\nsudo apt-cache madison docker-ce\n\n3\\. Install a specific version by its fully qualified package name. \n\nsudo apt-get install docker-ce=<VERSION_STRING> docker-ce cli=<VERSION_STRING> containerd.io\n \n \n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 where version string is the second column from output of step 2\n \n \n \u00a0\u00a0\u00a0Example: \n \n \n \u00a0\u00a0\u00a0sudo apt-get install docker-ce= 5:18.09.8~3-0~ubuntu-xenial \n docker-ce-cli= 5:18.09.8~3-0~ubuntu-xenial containerd.io\n \n\n4\\. Verify the docker version using the following command \n \n \n sudo docker version\n\n5\\. Restart the containers using the following command \n\ncd /root/advanced-content-runtime\n\ndocker-compose -f docker-compose.yml up -d\n\n6\\. Verify if the containers are started by executing the following command.\n\nsudo docker ps\n\nFor more details on install and upgrade of Docker CE on Ubuntu refer to https://docs.docker.com/install/linux/docker-ce/ubuntu/\n\n**Upgrade Docker EE on Ubuntu**\n\n1\\. Execute the following command to set up the repository for Docker Engine 18.03 or 18.09. If your current version is Docker EE 18.03, then set up 18.03 repository. If your current version is Docker EE 18.09, then set up 18.09 repository.\n \n \n sudo add-apt-repository \"deb [arch=amd64] <YOUR_DOCKER_EE_REPO_URL>/ubuntu \n <YOUR_UBUNTU_VERSION> stable-18.03\"\n \n \n or\n \n \n sudo add-apt-repository \"deb [arch=amd64] <YOUR_DOCKER_EE_REPO_URL>/ubuntu \n <YOUR_UBUNTU_VERSION> stable-18.09\"\n \n Example: sudo add-apt-repository \"deb [arch=amd64] \n https://storebits.docker.com/ee/trial/sub-xxx/ubuntu xenial stable-18.03\"\n Example: sudo add-apt-repository \"deb [arch=amd64] \n https://storebits.docker.com/ee/trial/sub-xxx/ubuntu xenial stable-18.09\"\n \n \n\n2\\. Execute the following command to update the apt packages\n\nsudo apt-get update\n\n3\\. List the versions available in your repo. Verify if the version you need is in the list.\n \n \n sudo apt-cache madison docker-ee\n\n4\\. Based on your current docker version, install a specific version by its fully qualified package name\n\nTo upgrade 18.03 execute:\n \n \n sudo apt-get install docker-ee=<VERSION>\n \n \n To upgrade 18.09 execute: \n \n \n sudo apt-get install docker-ee=<VERSION_STRING> \n docker-ee-cli=<VERSION_STRING> containerd.io\u00a0 \n\nWhere version_string is the second column from output of step 3\n\nExample: sudo `apt-get install docker-ee`=3:18.03.1~ee~3~3-0~ubuntu\n\nExample: sudo apt-get install docker-ee= 5:18.09.3~3-0~ubuntu-xenial docker-ee-cli= 5:18.09.3~3-0~ubuntu-xenial containerd.io\n\n5\\. Verify the docker version using the following command \n \n \n sudo docker version\n\n6\\. Restart the containers using the following command \n\ncd /root/advanced-content-runtime\n\ndocker-compose -f docker-compose.yml up -d\n\n7\\. Verify if the containers are started by executing the following command.\n\nsudo docker ps\n \n \n For more details on install and upgrade of Docker EE on Ubuntu refer to \n <https://docs.docker.com/install/linux/docker-ee/ubuntu/>\n\n**Upgrade Docker EE on Red Hat Linux**\n\n1\\. Execute the following command to set up the repository for Docker Engine 18.03 or 18.09. If your current version is Docker EE 18.03, then set up 18.03 repository. If your current version is Docker EE 18.09, then set up 18.09 repository.\n \n \n sudo yum-config-manager --enable docker-ee-stable-18.03 or\n sudo yum-config-manager --enable docker-ee-stable-18.09\n\n2\\. List the versions available in your repository. Verify if the version you need is in the list. \n \n \n sudo yum list docker-ee --showduplicates | sort -r\n\n3\\. Based on your current docker version, install either 18.03 or 18.09 docker engine\n \n \n To upgrade 18.03 execute: \n \n \n sudo yum -y install docker-ee-<version_string>\n \n \n To upgrade 18.09 execute: \n \n \n sudo yum -y install docker-ee-< version_string > \n docker-ee-cli-< version_string > containerd.io\n \n \n where version_string is the second column from output of step 2 \n starting at the first colon (:), up to the first hyphen.\n \n Example: \n sudo yum -y install docker-ee-18.09.3 docker-ee-cli-18.09.3 containerd.io\n Example: \n sudo yum -y install docker-ee-18.03.1.ee.7\n\n4\\. Verify the docker version using the following command \n \n \n sudo docker version\n\n5\\. Restart the containers using the following command \n\ncd /root/advanced-content-runtime\n\ndocker-compose -f docker-compose.yml up -d\n\n6\\. Verify if the containers are started by executing the following command.\n\nsudo docker ps\n \n \n For more details on install and upgrade of Docker EE on Red Hat Linux refer to \n https://docs.docker.com/install/linux/docker-ee/rhel/\n\n**Upgrade Docker installed using binary files**\n \n \n If you installed Docker on Content Runtime virtual machine using the Docker Installation file option \n during Content Runtime deployment, then you need to download the debian or rpm package from Docker \n and upgrade the package. \n \n \n For more information, depending on your operating system and Docker Engine Edition, refer to Upgrade \n section in one of the following links\n \n \n [https://docs.docker.com/install/linux/docker-ce/ubuntu/#install-from-a-package](<https://docs.docker.com/install/linux/docker-ce/ubuntu/#install-from-a-package>), \n [https://docs.docker.com/install/linux/docker-ee/rhel/#install-with-a-package](<https://docs.docker.com/install/linux/docker-ee/rhel/#install-with-a-package>), or \n [https://docs.docker.com/install/linux/docker-ee/ubuntu/#install-from-a-package](<https://docs.docker.com/install/linux/docker-ee/ubuntu/#install-from-a-package>) .\n \n \n If you are using Docker CE 18.06.x, then you must upgrade to Docker CE 19.03. \n Docker CE 18.06.x is no longer supported.\n \n\nNote: You must download and install docker-cli, containerd.io and docker-ce.\n \n \n For Ubuntu execute the following steps\n\n1\\. Upgrade to new version using\n \n \n sudo dpkg -i <PATH_TO_UPGRADE_PACKAGE>\n\n2\\. Verify the docker version using \n \n \n docker version\n\n3\\. Restart the containers using the following command \n\ncd /root/advanced-content-runtime\n\ndocker-compose -f docker-compose.yml up -d\n\n4\\. Verify if the containers are started by executing the following command.\n\ndocker ps\n \n \n For Red Hat execute the following steps\n\n1\\. Upgrade to new version using\n \n \n sudo yum -y upgrade <PATH_TO_UPGRADE_PACKAGE>\n\n2\\. Verify the docker version using \n \n \n docker version\n\n3\\. Restart the containers using the following command \n\ncd /root/advanced-content-runtime\n\ndocker-compose -f docker-compose.yml up -d\n\n4\\. Verify if the containers are started by executing the following command.\n\ndocker ps\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2019-07-26T20:01:51", "type": "ibm", "title": "Security Bulletin: IBM Cloud Automation Manager is affected by an issue with API endpoints behind the 'docker cp'", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.2, "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15664"], "modified": "2019-07-26T20:01:51", "id": "29926C943847DC5D9E1CEB516438A067D67F9658B9B30186756B68AA408DF52F", "href": "https://www.ibm.com/support/pages/node/960227", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-23T21:44:41", "description": "## Summary\n\nA Security Vulnerability affects IBM Cloud Private - Docker (CVE-2018-15664)\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-15664](<https://vulners.com/cve/CVE-2018-15664>) \n**DESCRIPTION:** Docker could allow a remote attacker to traverse directories on the system, caused by symlink-exchange race attacks in docker cp. By allowing the execution of container processes while conducting filesystem operations on the container, an attacker could exploit this vulnerability to gain read and write access to any path on the host. \nCVSS Base Score: 9.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/161681> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nIBM Cloud Private 2.1.x, 3.1.0, 3.1.1, 3.1.2, 3.2.0\n\n## Remediation/Fixes\n\nUpgrade to Docker version xxxx (waiting on fix from Docker community) from <link>\n\nIf using the IBM Cloud Private supplied Docker package, apply the appropriate patch. \n\nProduct defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages\n\n * IBM Cloud Private 3.2.0\n * IBM Cloud Private 3.1.2\n\nFor IBM Cloud Private 3.2.0, apply patch:\n\n * [Docker](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.0-build527828-26053&includeSupersedes=0>)\n\nFor IBM Cloud Private 3.1.2, apply patch:\n\n * [Docker](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.1.2-build527827-26053&includeSupersedes=0>)\n\nFor IBM Cloud Private, 2.1.x, 3.1.0, 3.1.1:\n\n * Upgrade to the latest Continuous Delivery (CD) update package, IBM Cloud Private 3.2 and apply the patch for Docker\n * If required, individual product fixes can be made available between CD update packages for resolution of problems. Contact IBM support for assistance\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2019-08-16T23:05:55", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability affects IBM Cloud Private - Docker (CVE-2018-15664)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.2, "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15664"], "modified": "2019-08-16T23:05:55", "id": "E5236E91681D8FBF63527B2F5A703EFE433AABE71FC32A8CA3F3B468E9DFBA61", "href": "https://www.ibm.com/support/pages/node/887861", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:49:46", "description": "## Summary\n\nThere are security vulnerabilities in versions of the Linux Kernel that are shipped with the Elastic Storage System. A fix for these vulnerabilities in available.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-1749](<https://vulners.com/cve/CVE-2020-1749>) \n** DESCRIPTION: **Linux Kernel could allow a remote attacker to obtain sensitive information, caused by an error in the implementation of some ipv6 protocols in encrypted Ipsec tunnels. By using man-in-the-middle attack techniques, an attacker could exploit this vulnerability to read the traffic unencrypted. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181872](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181872>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-10720](<https://vulners.com/cve/CVE-2020-10720>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a use-after-free read in napi_gro_frags(). By providing a page fragment of exactly 14 bytes, a remote attacker could exploit this vulnerability to crash the system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181869](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181869>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Elastic Storage System| 6.0.0 - 6.0.1.0 \n \n## Remediation/Fixes\n\nIBM recommends that you fix this vulnerability by upgrading affected versions of IBM Elastic Storage System 3000 and 5000 to the following code levels or higher:\n\nV6.0.1.1\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&release=6.0.0&platform=Linux+64-bit,x86_64&function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+%28ESS%29&release=6.0.0&platform=Linux+64-bit,x86_64&function=all>)\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&release=6.0.0&platform=Linux+PPC64LE&function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+%28ESS%29&release=6.0.0&platform=Linux+PPC64LE&function=all>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-19T09:30:34", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10720", "CVE-2020-1749"], "modified": "2020-10-19T09:30:34", "id": "CF6E536B8BF01E2B0096F9F1D4C7911DD105359E60689B78C9199DE25B362636", "href": "https://www.ibm.com/support/pages/node/6349193", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T17:44:00", "description": "## Summary\n\nIBM Security Guardium has addressed the following vulnerabilities. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-11884](<https://vulners.com/cve/CVE-2019-11884>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to obtain sensitive information, caused by a flaw in the do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c. By using a HIDPCONNADD command, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161261](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161261>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-11833](<https://vulners.com/cve/CVE-2019-11833>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by the failure to zero out the unused memory region in the extent tree block in extents.c. By reading uninitialized data in the filesystem, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161235](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161235>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Security Guardium| 11.0 \nIBM Security Guardium| 11.1 \n \n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**Remediation / First Fix** \n \n---|---|--- \nIBM Security Guardium| 11.0| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Secur\u2026](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=All&function=fixId&fixids=SqlGuard_11.0p20_Bundle_Mar-04-2020&includeSupersedes=0&source=fc>) \nIBM Security Guardium| 11.1| | | \n\n[http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Secur\u2026](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=All&function=fixId&fixids=SqlGuard_11.0p106_Bundle_Mar-31-2020&includeSupersedes=0&source=fc>) \n \n---|--- \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-07T16:07:22", "type": "ibm", "title": "Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11833", "CVE-2019-11884"], "modified": "2020-10-07T16:07:22", "id": "E76CF6F7C58DE085B1D5F988B60566AC28A05EF3B19F25A856F2533F5B3684AE", "href": "https://www.ibm.com/support/pages/node/6129291", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "veracode": [{"lastseen": "2022-07-26T16:41:42", "description": "Linux Kernel is vulnerable to Denial Of Service (DoS). This issue is rated as having Moderate impact because it appears to be limited to only to a crash. A flaw was found in the Linux kernel's implementation of GRO. This flaw allows an attacker with local access to crash the system. A flaw was found in the Linux kernels implementation of GRO. This flaw allows an attacker with local access to crash the system.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-02-10T07:00:56", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10720"], "modified": "2022-04-19T18:44:25", "id": "VERACODE:29336", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-29336/summary", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-04-18T12:56:55", "description": "linux is vulnerable to denial of service (DoS). The vulnerability exists through a use-after-free in `cpia2_exit()` in `drivers/media/usb/cpia2/cpia2_v4l.c`.\n", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.6, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-21T06:26:00", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19966"], "modified": "2022-12-20T23:47:48", "id": "VERACODE:26925", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-26925/summary", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-27T10:31:44", "description": "kernel is vulnerable to denial of service. An out-of-bounds array access in `__xfrm_policy_unlink` allows an attacker to crash the OS due to the way directory validation are handled.\n", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-26T02:15:42", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-15666"], "modified": "2020-04-27T03:49:32", "id": "VERACODE:22791", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-22791/summary", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-04-18T13:40:35", "description": "Docker is vulnerable to directory traversal. The `daemon/archive.go` does not perform archive operations on a frozen filesystem or from within a chroot, allowing an attacker to perform a symlink-exchange attack using the `docker cp` command that results in arbitrary read-write access to the host filesystem with root privileges.\n", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2019-05-24T11:10:46", "type": "veracode", "title": "Directory Traversal", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.2, "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15664"], "modified": "2023-01-12T13:49:09", "id": "VERACODE:20317", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-20317/summary", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-04-18T14:22:43", "description": "kernel is vulnerablbe to information disclosure. The vulnerability exists as fs/ext4/extents.c leads to information disclosure.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-08T00:07:20", "type": "veracode", "title": "Information Disclosure", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11833"], "modified": "2023-03-01T17:59:26", "id": "VERACODE:21066", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-21066/summary", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-27T11:00:29", "description": "kernel is vulnerable to information disclosure. The vulnerability exists through page cache side channel attacks.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-08T00:07:22", "type": "veracode", "title": "Information Disclosure", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-5489"], "modified": "2019-08-20T05:02:13", "id": "VERACODE:21073", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-21073/summary", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2023-05-18T15:00:01", "description": "According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability :\n\n - [3.10.0-862.20.2.vz7.73.24 to 3.10.0-1062.4.2.vz7.116.7] Use-after-free read in napi_gro_frags(). A flaw was found in the implementation of GRO, which allows an attacker with local access to trigger a use-after-free read in napi_gro_frags() and, potentially, crash the system.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-05-22T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : readykernel-patch (VZA-2020-038)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10720"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:readykernel", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZA-2020-038.NASL", "href": "https://www.tenable.com/plugins/nessus/136805", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136805);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2020-10720\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2020-038)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerability :\n\n - [3.10.0-862.20.2.vz7.73.24 to\n 3.10.0-1062.4.2.vz7.116.7] Use-after-free read in\n napi_gro_frags(). A flaw was found in the\n implementation of GRO, which allows an attacker with\n local access to trigger a use-after-free read in\n napi_gro_frags() and, potentially, crash the system.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://virtuozzosupport.force.com/s/article/VZA-2020-038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1781204\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-116.7-106.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9bf4ecc2\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-131.10-106.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?66935457\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-73.24-106.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?43e08109\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-73.29-106.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?31659d32\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-85.17-106.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?65761ae2\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-86.2-106.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?64d4773b\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-96.21-106.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?05d98896\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.20.2.vz7.73.24\",\n \"patch\",\"readykernel-patch-116.7-106.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.20.2.vz7.73.29\",\n \"patch\",\"readykernel-patch-131.10-106.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-957.10.1.vz7.85.17\",\n \"patch\",\"readykernel-patch-73.24-106.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-957.12.2.vz7.86.2\",\n \"patch\",\"readykernel-patch-73.29-106.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-957.12.2.vz7.96.21\",\n \"patch\",\"readykernel-patch-85.17-106.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-1062.4.2.vz7.116.7\",\n \"patch\",\"readykernel-patch-86.2-106.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-1062.12.1.vz7.131.10\",\n \"patch\",\"readykernel-patch-96.21-106.0-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_WARNING, release:\"Virtuozzo-7\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:11", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-4870 advisory.\n\n - An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. (CVE-2019-15219)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-12-10T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4870)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-15219"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2019-4870.NASL", "href": "https://www.tenable.com/plugins/nessus/131916", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4870.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131916);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2019-15219\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4870)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2019-4870 advisory.\n\n - An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a\n malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. (CVE-2019-15219)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4870.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15219\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.34.1.el6uek', '4.1.12-124.34.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4870');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.34.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.34.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.34.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.34.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.34.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.34.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.34.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.34.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.34.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.34.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.34.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.34.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:01", "description": "The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-4680 advisory.\n\n - In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot). (CVE-2018-15664)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-06-17T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : docker-engine (ELSA-2019-4680)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15664"], "modified": "2023-05-03T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:docker-cli", "p-cpe:/a:oracle:linux:docker-engine", "p-cpe:/a:oracle:linux:runc"], "id": "ORACLELINUX_ELSA-2019-4680.NASL", "href": "https://www.tenable.com/plugins/nessus/125938", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4680.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125938);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/03\");\n\n script_cve_id(\"CVE-2018-15664\");\n\n script_name(english:\"Oracle Linux 7 : docker-engine (ELSA-2019-4680)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2019-4680 advisory.\n\n - In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a\n symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host\n filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen\n filesystem (or from within a chroot). (CVE-2018-15664)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4680.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected docker-cli, docker-engine and / or runc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"manual\");\n script_set_attribute(attribute:\"cvss_score_rationale\", value:\"Score based on analysis of the vendor notes.\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-15664\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:docker-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:docker-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:runc\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'docker-cli-18.09.1.ol-1.0.8.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'docker-cli-18.09.1.ol-1.0.8.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'docker-engine-18.09.1.ol-1.0.8.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'docker-engine-18.09.1.ol-1.0.8.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'runc-1.0.0-19.rc5.git4bb1fe4.0.4.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'runc-1.0.0-19.rc5.git4bb1fe4.0.4.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'docker-cli / docker-engine / runc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:15", "description": "An update for docker is now available for Red Hat Enterprise Linux 7 Extras.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nDocker is an open source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere.\n\nSecurity Fix(es) :\n\n* docker: symlink-exchange race attacks in docker cp (CVE-2018-15664)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* slowness of system shutdown when containers are being stopped - dockerd is unable to communicate with rhel-push-plugin (BZ#1714032)\n\n* journald Log() in dockerd causes nil pointer dereference when PutMessage() is called before reading msg.Source (BZ#1720363)\n\n* regression: docker cp: Rel: can't make /..../a relative to a (BZ#1723491)\n\n* Regression: docker cp: can no longer pull image files (BZ#1727488)", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "RHEL 7 : docker (RHSA-2019:1910)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15664"], "modified": "2020-01-06T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:docker", "p-cpe:/a:redhat:enterprise_linux:docker-client", "p-cpe:/a:redhat:enterprise_linux:docker-common", "p-cpe:/a:redhat:enterprise_linux:docker-debuginfo", "p-cpe:/a:redhat:enterprise_linux:docker-logrotate", "p-cpe:/a:redhat:enterprise_linux:docker-lvm-plugin", "p-cpe:/a:redhat:enterprise_linux:docker-novolume-plugin", "p-cpe:/a:redhat:enterprise_linux:docker-rhel-push-plugin", "p-cpe:/a:redhat:enterprise_linux:docker-v1.10-migrator", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-1910.NASL", "href": "https://www.tenable.com/plugins/nessus/127627", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1910. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127627);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/06\");\n\n script_cve_id(\"CVE-2018-15664\");\n script_xref(name:\"RHSA\", value:\"2019:1910\");\n\n script_name(english:\"RHEL 7 : docker (RHSA-2019:1910)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for docker is now available for Red Hat Enterprise Linux 7\nExtras.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nDocker is an open source engine that automates the deployment of any\napplication as a lightweight, portable, self-sufficient container that\nruns virtually anywhere.\n\nSecurity Fix(es) :\n\n* docker: symlink-exchange race attacks in docker cp (CVE-2018-15664)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* slowness of system shutdown when containers are being stopped -\ndockerd is unable to communicate with rhel-push-plugin (BZ#1714032)\n\n* journald Log() in dockerd causes nil pointer dereference when\nPutMessage() is called before reading msg.Source (BZ#1720363)\n\n* regression: docker cp: Rel: can't make /..../a relative to a\n(BZ#1723491)\n\n* Regression: docker cp: can no longer pull image files (BZ#1727488)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-15664\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:docker-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:docker-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:docker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:docker-logrotate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:docker-lvm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:docker-novolume-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:docker-rhel-push-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:docker-v1.10-migrator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1910\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"docker-1.13.1-102.git7f2769b.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"docker-1.13.1-102.git7f2769b.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"docker-client-1.13.1-102.git7f2769b.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"docker-client-1.13.1-102.git7f2769b.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"docker-common-1.13.1-102.git7f2769b.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"docker-common-1.13.1-102.git7f2769b.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"docker-debuginfo-1.13.1-102.git7f2769b.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"docker-debuginfo-1.13.1-102.git7f2769b.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"docker-logrotate-1.13.1-102.git7f2769b.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"docker-logrotate-1.13.1-102.git7f2769b.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"docker-lvm-plugin-1.13.1-102.git7f2769b.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"docker-lvm-plugin-1.13.1-102.git7f2769b.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"docker-novolume-plugin-1.13.1-102.git7f2769b.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"docker-novolume-plugin-1.13.1-102.git7f2769b.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"docker-rhel-push-plugin-1.13.1-102.git7f2769b.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"docker-rhel-push-plugin-1.13.1-102.git7f2769b.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"docker-v1.10-migrator-1.13.1-102.git7f2769b.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"docker-v1.10-migrator-1.13.1-102.git7f2769b.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker / docker-client / docker-common / docker-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:24:51", "description": "This update for docker fixes the following issues :\n\nSecurity issue fixed: 	 \n\n - CVE-2018-15664: Fixed an issue which could make docker cp vulnerable to symlink-exchange race attacks (bsc#1096726).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2019-06-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : docker (openSUSE-2019-1621)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15664"], "modified": "2020-09-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:docker", "p-cpe:/a:novell:opensuse:docker-bash-completion", "p-cpe:/a:novell:opensuse:docker-debuginfo", "p-cpe:/a:novell:opensuse:docker-debugsource", "p-cpe:/a:novell:opensuse:docker-test", "p-cpe:/a:novell:opensuse:docker-test-debuginfo", "p-cpe:/a:novell:opensuse:docker-zsh-completion", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2019-1621.NASL", "href": "https://www.tenable.com/plugins/nessus/126236", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1621.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126236);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/23\");\n\n script_cve_id(\"CVE-2018-15664\");\n\n script_name(english:\"openSUSE Security Update : docker (openSUSE-2019-1621)\");\n script_summary(english:\"Check for the openSUSE-2019-1621 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for docker fixes the following issues :\n\nSecurity issue fixed: 	 \n\n - CVE-2018-15664: Fixed an issue which could make docker\n cp vulnerable to symlink-exchange race attacks\n (bsc#1096726).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1096726\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected docker packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-zsh-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"docker-18.09.6_ce-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"docker-bash-completion-18.09.6_ce-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"docker-debuginfo-18.09.6_ce-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"docker-debugsource-18.09.6_ce-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"docker-test-18.09.6_ce-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"docker-test-debuginfo-18.09.6_ce-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"docker-zsh-completion-18.09.6_ce-lp151.2.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker / docker-bash-completion / docker-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:25:44", "description": "This update for docker fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2018-15664: Fixed an issue which could make docker cp vulnerable to symlink-exchange race attacks (bsc#1096726).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-06-19T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : docker (SUSE-SU-2019:1562-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15664"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:docker", "p-cpe:/a:novell:suse_linux:docker-debuginfo", "p-cpe:/a:novell:suse_linux:docker-debugsource", "p-cpe:/a:novell:suse_linux:docker-test", "p-cpe:/a:novell:suse_linux:docker-test-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-1562-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126047", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1562-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126047);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-15664\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : docker (SUSE-SU-2019:1562-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for docker fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2018-15664: Fixed an issue which could make docker cp vulnerable\nto symlink-exchange race attacks (bsc#1096726).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15664/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191562-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cfa5500c\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1562=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-1562=1\n\nSUSE Linux Enterprise Module for Containers 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Containers-15-SP1-2019-1562=1\n\nSUSE Linux Enterprise Module for Containers 15:zypper in -t patch\nSUSE-SLE-Module-Containers-15-2019-1562=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:docker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:docker-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:docker-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:docker-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"docker-18.09.6_ce-6.20.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"docker-debuginfo-18.09.6_ce-6.20.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"docker-debugsource-18.09.6_ce-6.20.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"docker-test-18.09.6_ce-6.20.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"docker-test-debuginfo-18.09.6_ce-6.20.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"docker-18.09.6_ce-6.20.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"docker-debuginfo-18.09.6_ce-6.20.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"docker-debugsource-18.09.6_ce-6.20.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"docker-test-18.09.6_ce-6.20.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"docker-test-debuginfo-18.09.6_ce-6.20.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"docker-debuginfo-18.09.6_ce-6.20.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"docker-debugsource-18.09.6_ce-6.20.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"docker-test-18.09.6_ce-6.20.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"docker-test-debuginfo-18.09.6_ce-6.20.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"docker-debuginfo-18.09.6_ce-6.20.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"docker-debugsource-18.09.6_ce-6.20.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"docker-test-18.09.6_ce-6.20.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"docker-test-debuginfo-18.09.6_ce-6.20.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:06", "description": "An update of the docker package has been released.", "cvss3": {}, "published": "2019-06-25T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Docker PHSA-2019-1.0-0238", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15664"], "modified": "2020-01-09T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:docker", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2019-1_0-0238_DOCKER.NASL", "href": "https://www.tenable.com/plugins/nessus/126190", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-1.0-0238. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126190);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/09\");\n\n script_cve_id(\"CVE-2018-15664\");\n\n script_name(english:\"Photon OS 1.0: Docker PHSA-2019-1.0-0238\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the docker package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-238.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15664\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"docker-18.03.0-5.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"docker-doc-18.03.0-5.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:05", "description": "An update of the docker package has been released.", "cvss3": {}, "published": "2019-06-25T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Docker PHSA-2019-2.0-0162", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15664"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:docker", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2019-2_0-0162_DOCKER.NASL", "href": "https://www.tenable.com/plugins/nessus/126209", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-2.0-0162. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126209);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\"CVE-2018-15664\");\n\n script_name(english:\"Photon OS 2.0: Docker PHSA-2019-2.0-0162\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the docker package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-162.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15664\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"docker-18.06.2-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"docker-doc-18.06.2-3.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:24:41", "description": "An update of the docker package has been released.", "cvss3": {}, "published": "2019-06-25T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Docker PHSA-2019-3.0-0019", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15664"], "modified": "2020-01-09T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:docker", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2019-3_0-0019_DOCKER.NASL", "href": "https://www.tenable.com/plugins/nessus/126192", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-3.0-0019. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126192);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/09\");\n\n script_cve_id(\"CVE-2018-15664\");\n\n script_name(english:\"Photon OS 3.0: Docker PHSA-2019-3.0-0019\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the docker package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0019.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15664\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"docker-18.06.2-3.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"docker-doc-18.06.2-3.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:35", "description": "A flaw was discovered in the API endpoint behind the 'docker cp' command. The endpoint is vulnerable to a Time Of Check to Time Of Use (TOCTOU) vulnerability in the way it handles symbolic links inside a container. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator tries to copy a file from/to the container.\n(CVE-2018-15664)", "cvss3": {}, "published": "2019-07-26T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : docker (ALAS-2019-1245)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15664"], "modified": "2020-01-06T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:docker", "p-cpe:/a:amazon:linux:docker-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2019-1245.NASL", "href": "https://www.tenable.com/plugins/nessus/127073", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1245.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127073);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/06\");\n\n script_cve_id(\"CVE-2018-15664\");\n script_xref(name:\"ALAS\", value:\"2019-1245\");\n\n script_name(english:\"Amazon Linux AMI : docker (ALAS-2019-1245)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was discovered in the API endpoint behind the 'docker cp'\ncommand. The endpoint is vulnerable to a Time Of Check to Time Of Use\n(TOCTOU) vulnerability in the way it handles symbolic links inside a\ncontainer. An attacker who has compromised an existing container can\ncause arbitrary files on the host filesystem to be read/written when\nan administrator tries to copy a file from/to the container.\n(CVE-2018-15664)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1245.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update docker' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:docker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"docker-18.06.1ce-10.32.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"docker-debuginfo-18.06.1ce-10.32.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker / docker-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:25:58", "description": "The 5.0.19 update contains a number of important fixes across the tree\n\n----\n\nThe 5.0.18 kernel update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-06-04T00:00:00", "type": "nessus", "title": "Fedora 29 : kernel / kernel-headers / kernel-tools (2019-48b34fc991)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11833"], "modified": "2020-01-13T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "p-cpe:/a:fedoraproject:fedora:kernel-headers", "p-cpe:/a:fedoraproject:fedora:kernel-tools", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-48B34FC991.NASL", "href": "https://www.tenable.com/plugins/nessus/125684", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-48b34fc991.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125684);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/13\");\n\n script_cve_id(\"CVE-2019-11833\");\n script_xref(name:\"FEDORA\", value:\"2019-48b34fc991\");\n\n script_name(english:\"Fedora 29 : kernel / kernel-headers / kernel-tools (2019-48b34fc991)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 5.0.19 update contains a number of important fixes across the tree\n\n----\n\nThe 5.0.18 kernel update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-48b34fc991\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected kernel, kernel-headers and / or kernel-tools\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-11833\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2019-48b34fc991\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"kernel-5.0.19-200.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"kernel-headers-5.0.19-200.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"kernel-tools-5.0.19-200.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers / kernel-tools\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:05:49", "description": "According to the version of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - A new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to reduce effectiveness of cryptographic strength by monitoring algorithmic behavior, infer access patterns of memory to determine code paths taken, and exfiltrate data to a blinded attacker through page-granularity access times as a side-channel.i1/4^CVE-2019-5489i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-04-09T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1221)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-5489"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "cpe:/o:huawei:euleros:uvp:2.5.3"], "id": "EULEROS_SA-2019-1221.NASL", "href": "https://www.tenable.com/plugins/nessus/123907", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123907);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-5489\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1221)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - A new software page cache side channel attack scenario\n was discovered in operating systems that implement the\n very common 'page cache' caching mechanism. A malicious\n user/process could use 'in memory' page-cache knowledge\n to infer access timings to shared memory and gain\n knowledge which can be used to reduce effectiveness of\n cryptographic strength by monitoring algorithmic\n behavior, infer access patterns of memory to determine\n code paths taken, and exfiltrate data to a blinded\n attacker through page-granularity access times as a\n side-channel.i1/4^CVE-2019-5489i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1221\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?81f3f548\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.3\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.3\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.44.5.10_126\",\n \"kernel-devel-3.10.0-514.44.5.10_126\",\n \"kernel-headers-3.10.0-514.44.5.10_126\",\n \"kernel-tools-3.10.0-514.44.5.10_126\",\n \"kernel-tools-libs-3.10.0-514.44.5.10_126\",\n \"kernel-tools-libs-devel-3.10.0-514.44.5.10_126\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T12:22:44", "description": "A flaw was found in the Linux kernel's freescale hypervisor manager implementation. A parameter passed via to an ioctl was incorrectly validated and used in size calculations for the page size calculation.\nAn attacker can use this flaw to crash the system or corrupt memory or, possibly, create other adverse security affects.(CVE-2019-10142)\n\nA new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to reduce effectiveness of cryptographic strength by monitoring algorithmic behavior, infer access patterns of memory to determine code paths taken, and exfiltrate data to a blinded attacker through page-granularity access times as a side-channel.\n(CVE-2019-5489)\n\nThe do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\\0' character.(CVE-2019-11884)\n\nA flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS).(CVE-2019-3882)\n\nIf the Wake-up on Wireless LAN functionality is configured in the brcmfmac driver, which only works with Broadcom FullMAC chipsets, a malicious event frame can be constructed to trigger a heap buffer overflow in the brcmf_wowl_nd_results() function. This vulnerability can be exploited by compromised chipsets to compromise the host, or when used in combination with another brcmfmac driver flaw (CVE-2019-9503), can be used remotely. This can result in a remote denial of service (DoS). Due to the nature of the flaw, a remote privilege escalation cannot be fully ruled out.(CVE-2019-9500)\n\nA flaw was found in the Linux kernel's implementation of ext4 extent management. The kernel doesn't correctly initialize memory regions in the extent tree block which may be exported to a local user to obtain sensitive information by reading empty/uninitialized data from the filesystem. (CVE-2019-11833)", "cvss3": {}, "published": "2019-05-31T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALAS-2019-1214)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10142", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-3882", "CVE-2019-5489", "CVE-2019-9500"], "modified": "2020-01-31T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1214.NASL", "href": "https://www.tenable.com/plugins/nessus/125598", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1214.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125598);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/31\");\n\n script_cve_id(\"CVE-2019-10142\", \"CVE-2019-11833\", \"CVE-2019-11884\", \"CVE-2019-3882\", \"CVE-2019-5489\", \"CVE-2019-9500\");\n script_xref(name:\"ALAS\", value:\"2019-1214\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALAS-2019-1214)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the Linux kernel's freescale hypervisor manager\nimplementation. A parameter passed via to an ioctl was incorrectly\nvalidated and used in size calculations for the page size calculation.\nAn attacker can use this flaw to crash the system or corrupt memory\nor, possibly, create other adverse security affects.(CVE-2019-10142)\n\nA new software page cache side channel attack scenario was discovered\nin operating systems that implement the very common 'page cache'\ncaching mechanism. A malicious user/process could use 'in memory'\npage-cache knowledge to infer access timings to shared memory and gain\nknowledge which can be used to reduce effectiveness of cryptographic\nstrength by monitoring algorithmic behavior, infer access patterns of\nmemory to determine code paths taken, and exfiltrate data to a blinded\nattacker through page-granularity access times as a side-channel.\n(CVE-2019-5489)\n\nThe do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the\nLinux kernel before 5.0.15 allows a local user to obtain potentially\nsensitive information from kernel stack memory via a HIDPCONNADD\ncommand, because a name field may not end with a '\\0'\ncharacter.(CVE-2019-11884)\n\nA flaw was found in the Linux kernel's vfio interface implementation\nthat permits violation of the user's locked memory limit. If a device\nis bound to a vfio driver, such as vfio-pci, and the local attacker is\nadministratively granted ownership of the device, it may cause a\nsystem memory exhaustion and thus a denial of service\n(DoS).(CVE-2019-3882)\n\nIf the Wake-up on Wireless LAN functionality is configured in the\nbrcmfmac driver, which only works with Broadcom FullMAC chipsets, a\nmalicious event frame can be constructed to trigger a heap buffer\noverflow in the brcmf_wowl_nd_results() function. This vulnerability\ncan be exploited by compromised chipsets to compromise the host, or\nwhen used in combination with another brcmfmac driver flaw\n(CVE-2019-9503), can be used remotely. This can result in a remote\ndenial of service (DoS). Due to the nature of the flaw, a remote\nprivilege escalation cannot be fully ruled out.(CVE-2019-9500)\n\nA flaw was found in the Linux kernel's implementation of ext4 extent\nmanagement. The kernel doesn't correctly initialize memory regions in\nthe extent tree block which may be exported to a local user to obtain\nsensitive information by reading empty/uninitialized data from the\nfilesystem. (CVE-2019-11833)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1214.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9500\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-devel-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"kernel-headers-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-devel-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"perf-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"perf-debuginfo-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"python-perf-4.14.121-109.96.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-4.14.121-109.96.amzn2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-18T15:05:28", "description": "This update for the Linux Kernel 4.4.121-92_117 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437).\n\nCVE-2019-15666: Fixed an out of bounds read __xfrm_policy_unlink, which could have led to denial of service (bsc#1172140).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1767-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-15666", "CVE-2020-10757"], "modified": "2020-12-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_114-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_117-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_120-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-1767-1.NASL", "href": "https://www.tenable.com/plugins/nessus/138298", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1767-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138298);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/07\");\n\n script_cve_id(\"CVE-2019-15666\", \"CVE-2020-10757\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1767-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for the Linux Kernel 4.4.121-92_117 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon\nmmap could have caused user PTE access (bsc#1172437).\n\nCVE-2019-15666: Fixed an out of bounds read __xfrm_policy_unlink,\nwhich could have led to denial of service (bsc#1172140).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-15666/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-10757/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201767-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ac95bf23\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1766=1\nSUSE-SLE-SAP-12-SP2-2020-1767=1 SUSE-SLE-SAP-12-SP2-2020-1768=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-1766=1\nSUSE-SLE-SERVER-12-SP2-2020-1767=1 SUSE-SLE-SERVER-12-SP2-2020-1768=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10757\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_114-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_117-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_120-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_114-default-10-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_117-default-9-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_120-default-8-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:04:01", "description": "This update for the Linux Kernel 4.4.180-94_100 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437).\n\nCVE-2019-15666: Fixed an out of bounds read __xfrm_policy_unlink, which could have led to denial of service (bsc#1172140).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1784-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-15666", "CVE-2020-10757"], "modified": "2020-12-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_103-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_103-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_97-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_97-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-1784-1.NASL", "href": "https://www.tenable.com/plugins/nessus/138306", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1784-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138306);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/07\");\n\n script_cve_id(\"CVE-2019-15666\", \"CVE-2020-10757\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1784-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for the Linux Kernel 4.4.180-94_100 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon\nmmap could have caused user PTE access (bsc#1172437).\n\nCVE-2019-15666: Fixed an out of bounds read __xfrm_policy_unlink,\nwhich could have led to denial of service (bsc#1172140).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-15666/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-10757/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201784-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4276541e\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1782=1\nSUSE-SLE-SAP-12-SP3-2020-1783=1 SUSE-SLE-SAP-12-SP3-2020-1784=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1782=1\nSUSE-SLE-SERVER-12-SP3-2020-1783=1 SUSE-SLE-SERVER-12-SP3-2020-1784=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10757\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_103-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_103-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_97-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_97-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_100-default-8-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_100-default-debuginfo-8-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_103-default-8-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_103-default-debuginfo-8-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_97-default-10-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_97-default-debuginfo-10-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:14", "description": "Aleksa Sarai discovered that Docker was vulnerable to a directory traversal attack. An attacker could use this vulnerability to read and write arbitrary files on the host filesystem as root.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-07-09T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : Docker vulnerabilities (USN-4048-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15664", "CVE-2019-5736"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:docker.io", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:19.04"], "id": "UBUNTU_USN-4048-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126564", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4048-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126564);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2018-15664\", \"CVE-2019-5736\");\n script_xref(name:\"USN\", value:\"4048-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : Docker vulnerabilities (USN-4048-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Aleksa Sarai discovered that Docker was vulnerable to a directory\ntraversal attack. An attacker could use this vulnerability to read and\nwrite arbitrary files on the host filesystem as root.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4048-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected docker.io package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Docker Container Escape Via runC Overwrite');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:docker.io\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|18\\.10|19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 18.10 / 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"docker.io\", pkgver:\"18.09.7-0ubuntu1~16.04.4\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"docker.io\", pkgver:\"18.09.7-0ubuntu1~18.04.3\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"docker.io\", pkgver:\"18.09.7-0ubuntu1~18.10.3\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"docker.io\", pkgver:\"18.09.7-0ubuntu1~19.04.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker.io\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:32:09", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568)\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-12-03T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2019:4056)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-9568", "CVE-2019-5489"], "modified": "2019-12-09T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6.5"], "id": "REDHAT-RHSA-2019-4056.NASL", "href": "https://www.tenable.com/plugins/nessus/131530", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:4056. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131530);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/09\");\n\n script_cve_id(\"CVE-2018-9568\", \"CVE-2019-5489\");\n script_xref(name:\"RHSA\", value:\"2019:4056\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2019:4056)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.5\nAdvanced Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* kernel: Memory corruption due to incorrect socket cloning\n(CVE-2018-9568)\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:4056\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-9568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-5489\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6\\.5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.5\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-9568\", \"CVE-2019-5489\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:4056\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:4056\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-2.6.32-431.97.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"kernel-abi-whitelists-2.6.32-431.97.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-431.97.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-431.97.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-431.97.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-431.97.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-431.97.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-431.97.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"kernel-doc-2.6.32-431.97.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"kernel-firmware-2.6.32-431.97.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-431.97.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"perf-2.6.32-431.97.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-431.97.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-431.97.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-431.97.1.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:05", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4528 advisory.\n\n - The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (CVE-2019-5489)\n\n - The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c. (CVE-2018-18397)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-02-04T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4528)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18397", "CVE-2019-5489"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2019-4528.NASL", "href": "https://www.tenable.com/plugins/nessus/121566", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4528.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121566);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2018-18397\", \"CVE-2019-5489\");\n script_xref(name:\"IAVA\", value:\"2020-A-0325-S\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4528)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2019-4528 advisory.\n\n - The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers\n to observe page cache access patterns of other processes on the same system, potentially allowing sniffing\n of secret information. (Fixing this affects the output of the fincore program.) Limited remote\n exploitation may be possible, as demonstrated by latency differences in accessing public files from an\n Apache HTTP Server. (CVE-2019-5489)\n\n - The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain\n UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if\n the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and\n mm/userfaultfd.c. (CVE-2018-18397)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4528.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-5489\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.24.5.el6uek', '4.1.12-124.24.5.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4528');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.24.5.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.24.5.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.24.5.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.24.5.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.24.5.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.24.5.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.24.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.24.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.24.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.24.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.24.5.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.24.5.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:56:10", "description": "According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - [3.10.0-693.21.1.vz7.46.7 to 3.10.0-957.12.2.vz7.96.21] Page cache side channel attacks via mincore(). It was discovered that a local attacker could exploit mincore() system call to obtain information about memory pages of the running applications from the page cache even if the contents of these memory pages were not available to the attacker.\n\n - [3.10.0-693.21.1.vz7.46.7 to 3.10.0-957.12.2.vz7.96.21] infiniband: use-after-free in ucma_leave_multicast().\n It was found that ucma_leave_multicast() function from 'rdma_ucm' module could try to access a certain data structure after the structure had been freed. This allows an attacker to induce kernel memory corruption, leading to a system crash or other unspecified impact.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-02-04T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : readykernel-patch (VZA-2019-085)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14734", "CVE-2019-5489"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:readykernel", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZA-2019-085.NASL", "href": "https://www.tenable.com/plugins/nessus/133462", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133462);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2018-14734\",\n \"CVE-2019-5489\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2019-085)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - [3.10.0-693.21.1.vz7.46.7 to 3.10.0-957.12.2.vz7.96.21]\n Page cache side channel attacks via mincore(). It was\n discovered that a local attacker could exploit\n mincore() system call to obtain information about\n memory pages of the running applications from the page\n cache even if the contents of these memory pages were\n not available to the attacker.\n\n - [3.10.0-693.21.1.vz7.46.7 to 3.10.0-957.12.2.vz7.96.21]\n infiniband: use-after-free in ucma_leave_multicast().\n It was found that ucma_leave_multicast() function from\n 'rdma_ucm' module could try to access a certain data\n structure after the structure had been freed. This\n allows an attacker to induce kernel memory corruption,\n leading to a system crash or other unspecified impact.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://virtuozzosupport.force.com/s/article/VZA-2019-085\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-46.7-90.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0a4d8519\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-48.2-90.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ffc54f42\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-63.3-90.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1dc1187c\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-64.7-90.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ce183e85\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-73.24-90.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7b768cfa\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-73.29-90.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7b672cab\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-85.17-90.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a4161ae2\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-86.2-90.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?52498069\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-96.21-90.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?818cf162\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.21.1.vz7.46.7\",\n \"patch\",\"readykernel-patch-46.7-90.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.21.1.vz7.48.2\",\n \"patch\",\"readykernel-patch-48.2-90.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.11.6.vz7.64.7\",\n \"patch\",\"readykernel-patch-63.3-90.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.20.2.vz7.73.24\",\n \"patch\",\"readykernel-patch-64.7-90.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.20.2.vz7.73.29\",\n \"patch\",\"readykernel-patch-73.24-90.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.9.1.vz7.63.3\",\n \"patch\",\"readykernel-patch-73.29-90.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-957.10.1.vz7.85.17\",\n \"patch\",\"readykernel-patch-85.17-90.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-957.12.2.vz7.86.2\",\n \"patch\",\"readykernel-patch-86.2-90.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-957.12.2.vz7.96.21\",\n \"patch\",\"readykernel-patch-96.21-90.0-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_WARNING, release:\"Virtuozzo-7\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-27T14:34:32", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\n* kernel: a NULL pointer dereference in drivers/scsi/megaraid/ megaraid_sas_base.c leading to DoS (CVE-2019-11810)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* [RHEL7.7] Refined TSC clocksource calibration occasionally fails on some SkyLake-X servers (BZ#1719781)\n\n* tc: incorrect flows statistic on bond device (shared block) (BZ#1719786)\n\n* Qlogic qla2xxx driver version 10.x.x.x pins all irq requests to cpu0 and associated cores (BZ#1720956)\n\n* libceph: handle an empty authorize reply (BZ#1722769)\n\n* RHEL7.6 - pkey: Indicate old mkvp only if old and curr. mkvp are different (BZ#1723153)\n\n* RHEL7.6 - qdio: clear intparm during shutdown (BZ#1723154)\n\n* [RHEL7] Fix Spectre V1 vulnerability in vhost code (BZ#1724079)\n\n* [Stratus] 802.3ad bond group member disabled after reboot (or I/O failure testing) (BZ#1725037)\n\n* Accept validate negotiate if server returns NT_STATUS_NOT_SUPPORTED.\n(BZ# 1726563)\n\n* [Regression] RHEL7.6 - losing dirty bit during THP splitting, possible memory corruption (mm-) (BZ#1727108)\n\n* [Intel 7.7 BUG] BUG: unable to handle kernel paging request at 000000006b4fd010 (BZ#1727110)\n\n* KVM tracebacks causing significant latency to VM (BZ#1728174)\n\n* NULL pointer dereference in vxlan_dellink+0xaa (BZ#1728198)\n\n* [rhel7]NULL pointer dereference at vxlan_fill_metadata_dst (BZ#1728199)\n\n* After update to RHEL 7.6 (3.10.0-957.1.3.el7.x86_64) from 7.4, customer has experienced multiple panics in kernel at BUG at drivers/iommu/iova.c:859! (BZ#1731300)\n\n* kernel build: speed up debuginfo extraction (BZ#1731464)\n\n* hpsa driver hard lockup trying to complete a no longer valid completion on the stack (BZ#1731980)\n\n* XFS: forced shutdown in xfs_trans_cancel during create near ENOSPC (BZ# 1731982)\n\n* TCP packets are segmented when sent to the VLAN device when coming from VXLAN dev. (BZ#1732812)\n\n* panic handing smb2_reconnect due to a use after free (BZ#1737381)\n\n* Backport TCP follow-up for small buffers (BZ#1739129)", "cvss3": {}, "published": "2019-09-23T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2019:2837)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11810", "CVE-2019-5489"], "modified": "2019-12-27T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7.6"], "id": "REDHAT-RHSA-2019-2837.NASL", "href": "https://www.tenable.com/plugins/nessus/129149", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2837. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129149);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/27\");\n\n script_cve_id(\"CVE-2019-11810\", \"CVE-2019-5489\");\n script_xref(name:\"RHSA\", value:\"2019:2837\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2019:2837)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.6\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\n* kernel: a NULL pointer dereference in drivers/scsi/megaraid/\nmegaraid_sas_base.c leading to DoS (CVE-2019-11810)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* [RHEL7.7] Refined TSC clocksource calibration occasionally fails on\nsome SkyLake-X servers (BZ#1719781)\n\n* tc: incorrect flows statistic on bond device (shared block)\n(BZ#1719786)\n\n* Qlogic qla2xxx driver version 10.x.x.x pins all irq requests to cpu0\nand associated cores (BZ#1720956)\n\n* libceph: handle an empty authorize reply (BZ#1722769)\n\n* RHEL7.6 - pkey: Indicate old mkvp only if old and curr. mkvp are\ndifferent (BZ#1723153)\n\n* RHEL7.6 - qdio: clear intparm during shutdown (BZ#1723154)\n\n* [RHEL7] Fix Spectre V1 vulnerability in vhost code (BZ#1724079)\n\n* [Stratus] 802.3ad bond group member disabled after reboot (or I/O\nfailure testing) (BZ#1725037)\n\n* Accept validate negotiate if server returns NT_STATUS_NOT_SUPPORTED.\n(BZ# 1726563)\n\n* [Regression] RHEL7.6 - losing dirty bit during THP splitting,\npossible memory corruption (mm-) (BZ#1727108)\n\n* [Intel 7.7 BUG] BUG: unable to handle kernel paging request at\n000000006b4fd010 (BZ#1727110)\n\n* KVM tracebacks causing significant latency to VM (BZ#1728174)\n\n* NULL pointer dereference in vxlan_dellink+0xaa (BZ#1728198)\n\n* [rhel7]NULL pointer dereference at vxlan_fill_metadata_dst\n(BZ#1728199)\n\n* After update to RHEL 7.6 (3.10.0-957.1.3.el7.x86_64) from 7.4,\ncustomer has experienced multiple panics in kernel at BUG at\ndrivers/iommu/iova.c:859! (BZ#1731300)\n\n* kernel build: speed up debuginfo extraction (BZ#1731464)\n\n* hpsa driver hard lockup trying to complete a no longer valid\ncompletion on the stack (BZ#1731980)\n\n* XFS: forced shutdown in xfs_trans_cancel during create near ENOSPC\n(BZ# 1731982)\n\n* TCP packets are segmented when sent to the VLAN device when coming\nfrom VXLAN dev. (BZ#1732812)\n\n* panic handing smb2_reconnect due to a use after free (BZ#1737381)\n\n* Backport TCP follow-up for small buffers (BZ#1739129)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:2837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-5489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11810\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-5489\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.6\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-11810\", \"CVE-2019-5489\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:2837\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2837\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", reference:\"kernel-abi-whitelists-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", reference:\"kernel-doc-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"perf-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"perf-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"python-perf-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-957.35.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"6\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-957.35.1.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:32:30", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568)\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-12-18T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2019:4255)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-9568", "CVE-2019-5489"], "modified": "2019-12-20T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6.6"], "id": "REDHAT-RHSA-2019-4255.NASL", "href": "https://www.tenable.com/plugins/nessus/132232", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:4255. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132232);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/20\");\n\n script_cve_id(\"CVE-2018-9568\", \"CVE-2019-5489\");\n script_xref(name:\"RHSA\", value:\"2019:4255\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2019:4255)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.6\nAdvanced Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* kernel: Memory corruption due to incorrect socket cloning\n(CVE-2018-9568)\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:4255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-9568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-5489\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6\\.6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.6\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-9568\", \"CVE-2019-5489\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:4255\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:4255\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-504.82.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"kernel-abi-whitelists-2.6.32-504.82.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-504.82.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-504.82.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-504.82.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-504.82.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-504.82.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-504.82.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"kernel-doc-2.6.32-504.82.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"kernel-firmware-2.6.32-504.82.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-504.82.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"perf-2.6.32-504.82.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-504.82.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-504.82.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-504.82.1.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:45", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\nThis updated advisory text mentions the additional non-security changes and notes the need to install new binary packages.\n\nCVE-2019-0136\n\nIt was discovered that the wifi soft-MAC implementation (mac80211) did not properly authenticate Tunneled Direct Link Setup (TDLS) messages.\nA nearby attacker could use this for denial of service (loss of wifi connectivity).\n\nCVE-2019-9506\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered a weakness in the Bluetooth pairing protocols, dubbed the 'KNOB attack'. An attacker that is nearby during pairing could use this to weaken the encryption used between the paired devices, and then to eavesdrop on and/or spoof communication between them.\n\nThis update mitigates the attack by requiring a minimum encryption key length of 56 bits.\n\nCVE-2019-11487\n\nJann Horn discovered that the FUSE (Filesystem-in-Userspace) facility could be used to cause integer overflow in page reference counts, leading to a use-after-free. On a system with sufficient physical memory, a local user permitted to create arbitrary FUSE mounts could use this for privilege escalation.\n\nBy default, unprivileged users can only mount FUSE filesystems through fusermount, which limits the number of mounts created and should completely mitigate the issue.\n\nCVE-2019-15211\n\nThe syzkaller tool found a bug in the radio-raremono driver that could lead to a use-after-free. An attacker able to add and remove USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15212\n\nThe syzkaller tool found that the rio500 driver does not work correctly if more than one device is bound to it. An attacker able to add USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15215\n\nThe syzkaller tool found a bug in the cpia2_usb driver that leads to a use-after-free. An attacker able to add and remove USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15216\n\nThe syzkaller tool found a bug in the yurex driver that leads to a use-after-free. An attacker able to add and remove USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15218\n\nThe syzkaller tool found that the smsusb driver did not validate that USB devices have the expected endpoints, potentially leading to a NULL pointer dereference. An attacker able to add USB devices could use this to cause a denial of service (BUG/oops).\n\nCVE-2019-15219\n\nThe syzkaller tool found that a device initialisation error in the sisusbvga driver could lead to a NULL pointer dereference. An attacker able to add USB devices could use this to cause a denial of service (BUG/oops).\n\nCVE-2019-15220\n\nThe syzkaller tool found a race condition in the p54usb driver which could lead to a use-after-free. An attacker able to add and remove USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15221\n\nThe syzkaller tool found that the line6 driver did not validate USB devices' maximum packet sizes, which could lead to a heap buffer overrun. An attacker able to add USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15292\n\nThe Hulk Robot tool found missing error checks in the Appletalk protocol implementation, which could lead to a use-after-free. The security impact of this is unclear.\n\nCVE-2019-15538\n\nBenjamin Moody reported that operations on XFS hung after a chgrp command failed due to a disk quota. A local user on a system using XFS and disk quotas could use this for denial of service.\n\nCVE-2019-15666\n\nThe Hulk Robot tool found an incorrect range check in the network transformation (xfrm) layer, leading to out-of-bounds memory accesses.\nA local user with CAP_NET_ADMIN capability (in any user namespace) could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15807\n\nJian Luo reported that the Serial Attached SCSI library (libsas) did not correctly handle failure to discover devices beyond a SAS expander. This could lead to a resource leak and crash (BUG). The security impact of this is unclear.\n\nCVE-2019-15924\n\nThe Hulk Robot tool found a missing error check in the fm10k Ethernet driver, which could lead to a NULL pointer dereference and crash (BUG/oops). The security impact of this is unclear.\n\nCVE-2019-15926\n\nIt was found that the ath6kl wifi driver did not consistently validate traffic class numbers in received control packets, leading to out-of-bounds memory accesses. A nearby attacker on the same wifi network could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 4.9.189-3. This version also includes a fix for Debian bug #930904, and other fixes included in upstream stable updates.\n\nWe recommend that you upgrade your linux-4.9 and linux-latest-4.9 packages. You will need to use 'apt-get upgrade --with-new-pkgs' or 'apt upgrade' as the binary package names have changed.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-09-16T00:00:00", "type": "nessus", "title": "Debian DLA-1919-2 : linux-4.9 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0136", "CVE-2019-11487", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15218", "CVE-2019-15219", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15292", "CVE-2019-15538", "CVE-2019-15666", "CVE-2019-15807", "CVE-2019-15924", "CVE-2019-15926", "CVE-2019-9506"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm", "p-cpe:/a:debian:debian_linux:linux-doc-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.9", "p-cpe:/a:debian:debian_linux:linux-manual-4.9", "p-cpe:/a:debian:debian_linux:linux-perf-4.9", "p-cpe:/a:debian:debian_linux:linux-source-4.9", "p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1919.NASL", "href": "https://www.tenable.com/plugins/nessus/128779", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1919-2. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128779);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-0136\", \"CVE-2019-11487\", \"CVE-2019-15211\", \"CVE-2019-15212\", \"CVE-2019-15215\", \"CVE-2019-15216\", \"CVE-2019-15218\", \"CVE-2019-15219\", \"CVE-2019-15220\", \"CVE-2019-15221\", \"CVE-2019-15292\", \"CVE-2019-15538\", \"CVE-2019-15666\", \"CVE-2019-15807\", \"CVE-2019-15924\", \"CVE-2019-15926\", \"CVE-2019-9506\");\n\n script_name(english:\"Debian DLA-1919-2 : linux-4.9 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nThis updated advisory text mentions the additional non-security\nchanges and notes the need to install new binary packages.\n\nCVE-2019-0136\n\nIt was discovered that the wifi soft-MAC implementation (mac80211) did\nnot properly authenticate Tunneled Direct Link Setup (TDLS) messages.\nA nearby attacker could use this for denial of service (loss of wifi\nconnectivity).\n\nCVE-2019-9506\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen\ndiscovered a weakness in the Bluetooth pairing protocols, dubbed the\n'KNOB attack'. An attacker that is nearby during pairing could use\nthis to weaken the encryption used between the paired devices, and\nthen to eavesdrop on and/or spoof communication between them.\n\nThis update mitigates the attack by requiring a minimum\nencryption key length of 56 bits.\n\nCVE-2019-11487\n\nJann Horn discovered that the FUSE (Filesystem-in-Userspace) facility\ncould be used to cause integer overflow in page reference counts,\nleading to a use-after-free. On a system with sufficient physical\nmemory, a local user permitted to create arbitrary FUSE mounts could\nuse this for privilege escalation.\n\nBy default, unprivileged users can only mount FUSE\nfilesystems through fusermount, which limits the number of\nmounts created and should completely mitigate the issue.\n\nCVE-2019-15211\n\nThe syzkaller tool found a bug in the radio-raremono driver that could\nlead to a use-after-free. An attacker able to add and remove USB\ndevices could use this to cause a denial of service (memory corruption\nor crash) or possibly for privilege escalation.\n\nCVE-2019-15212\n\nThe syzkaller tool found that the rio500 driver does not work\ncorrectly if more than one device is bound to it. An attacker able to\nadd USB devices could use this to cause a denial of service (memory\ncorruption or crash) or possibly for privilege escalation.\n\nCVE-2019-15215\n\nThe syzkaller tool found a bug in the cpia2_usb driver that leads to a\nuse-after-free. An attacker able to add and remove USB devices could\nuse this to cause a denial of service (memory corruption or crash) or\npossibly for privilege escalation.\n\nCVE-2019-15216\n\nThe syzkaller tool found a bug in the yurex driver that leads to a\nuse-after-free. An attacker able to add and remove USB devices could\nuse this to cause a denial of service (memory corruption or crash) or\npossibly for privilege escalation.\n\nCVE-2019-15218\n\nThe syzkaller tool found that the smsusb driver did not validate that\nUSB devices have the expected endpoints, potentially leading to a NULL pointer dereference. An attacker able to add USB devices could use\nthis to cause a denial of service (BUG/oops).\n\nCVE-2019-15219\n\nThe syzkaller tool found that a device initialisation error in the\nsisusbvga driver could lead to a NULL pointer dereference. An attacker\nable to add USB devices could use this to cause a denial of service\n(BUG/oops).\n\nCVE-2019-15220\n\nThe syzkaller tool found a race condition in the p54usb driver which\ncould lead to a use-after-free. An attacker able to add and remove USB\ndevices could use this to cause a denial of service (memory corruption\nor crash) or possibly for privilege escalation.\n\nCVE-2019-15221\n\nThe syzkaller tool found that the line6 driver did not validate USB\ndevices' maximum packet sizes, which could lead to a heap buffer\noverrun. An attacker able to add USB devices could use this to cause a\ndenial of service (memory corruption or crash) or possibly for\nprivilege escalation.\n\nCVE-2019-15292\n\nThe Hulk Robot tool found missing error checks in the Appletalk\nprotocol implementation, which could lead to a use-after-free. The\nsecurity impact of this is unclear.\n\nCVE-2019-15538\n\nBenjamin Moody reported that operations on XFS hung after a chgrp\ncommand failed due to a disk quota. A local user on a system using XFS\nand disk quotas could use this for denial of service.\n\nCVE-2019-15666\n\nThe Hulk Robot tool found an incorrect range check in the network\ntransformation (xfrm) layer, leading to out-of-bounds memory accesses.\nA local user with CAP_NET_ADMIN capability (in any user namespace)\ncould use this to cause a denial of service (memory corruption or\ncrash) or possibly for privilege escalation.\n\nCVE-2019-15807\n\nJian Luo reported that the Serial Attached SCSI library (libsas) did\nnot correctly handle failure to discover devices beyond a SAS\nexpander. This could lead to a resource leak and crash (BUG). The\nsecurity impact of this is unclear.\n\nCVE-2019-15924\n\nThe Hulk Robot tool found a missing error check in the fm10k Ethernet\ndriver, which could lead to a NULL pointer dereference and crash\n(BUG/oops). The security impact of this is unclear.\n\nCVE-2019-15926\n\nIt was found that the ath6kl wifi driver did not consistently validate\ntraffic class numbers in received control packets, leading to\nout-of-bounds memory accesses. A nearby attacker on the same wifi\nnetwork could use this to cause a denial of service (memory corruption\nor crash) or possibly for privilege escalation.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n4.9.189-3. This version also includes a fix for Debian bug #930904,\nand other fixes included in upstream stable updates.\n\nWe recommend that you upgrade your linux-4.9 and linux-latest-4.9\npackages. You will need to use 'apt-get upgrade --with-new-pkgs' or\n'apt upgrade' as the binary package names have changed.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux-4.9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-arm\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-686\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-686-pae\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-amd64\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-armel\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-armhf\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-i386\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-amd64\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-armmp\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-armmp-lpae\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-common\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-common-rt\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-marvell\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-rt-686-pae\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-rt-amd64\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686-pae\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686-pae-dbg\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-amd64\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-amd64-dbg\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-armmp\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-armmp-lpae\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-marvell\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-686-pae\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-amd64\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-amd64-dbg\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-4.9\", reference:\"4.9.189-3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-4.9.0-0.bpo.7\", reference:\"4.9.189-3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:06", "description": "The SUSE Linux Enterprise 12 kernel version 3.12.61 was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586).\n\nCVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection.\n\nCVE-2019-11479: It was possible to send a crafted sequence of SACKs which would fragment the RACK send map. A remote attacker may have been able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values.\n\nCVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424)\n\nCVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843)\n\nCVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281)\n\nCVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. (bnc#1131543)\n\nCVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\\0' character. (bnc#1134848)\n\nCVE-2018-17972: An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel It did not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. (bnc#1110785)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-06-25T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1692-1) (SACK Panic) (SACK Slowness)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17972", "CVE-2019-11190", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-3846", "CVE-2019-5489"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_154-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_154-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-1692-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126240", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1692-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126240);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-17972\",\n \"CVE-2019-11190\",\n \"CVE-2019-11477\",\n \"CVE-2019-11478\",\n \"CVE-2019-11479\",\n \"CVE-2019-11833\",\n \"CVE-2019-11884\",\n \"CVE-2019-3846\",\n \"CVE-2019-5489\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0456\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1692-1) (SACK Panic) (SACK Slowness)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 kernel version 3.12.61 was updated to\nreceive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-11477: A sequence of SACKs may have been crafted by a remote\nattacker such that one can trigger an integer overflow, leading to a\nkernel panic. (bsc#1137586).\n\nCVE-2019-11478: It was possible to send a crafted sequence of SACKs\nwhich would fragment the TCP retransmission queue. A remote attacker\nmay have been able to further exploit the fragmented queue to cause an\nexpensive linked-list walk for subsequent SACKs received for that same\nTCP connection.\n\nCVE-2019-11479: It was possible to send a crafted sequence of SACKs\nwhich would fragment the RACK send map. A remote attacker may have\nbeen able to further exploit the fragmented send map to cause an\nexpensive linked-list walk for subsequent SACKs received for that same\nTCP connection. This would have resulted in excess resource\nconsumption due to low mss values.\n\nCVE-2019-3846: A flaw that allowed an attacker to corrupt memory and\npossibly escalate privileges was found in the mwifiex kernel module\nwhile connecting to a malicious wireless network. (bnc#1136424)\n\nCVE-2019-5489: The mincore() implementation in mm/mincore.c in the\nLinux kernel allowed local attackers to observe page cache access\npatterns of other processes on the same system, potentially allowing\nsniffing of secret information. (Fixing this affects the output of the\nfincore program.) Limited remote exploitation may have been possible,\nas demonstrated by latency differences in accessing public files from\nan Apache HTTP Server. (bnc#1120843)\n\nCVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out\nthe unused memory region in the extent tree block, which might have\nallowed local users to obtain sensitive information by reading\nuninitialized data in the filesystem. (bnc#1135281)\n\nCVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on\nsetuid programs (such as /bin/su) because install_exec_creds() is\ncalled too late in load_elf_binary() in fs/binfmt_elf.c, and thus the\nptrace_may_access() check has a race condition when reading\n/proc/pid/stat. (bnc#1131543)\n\nCVE-2019-11884: The do_hidp_sock_ioctl function in\nnet/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to\nobtain potentially sensitive information from kernel stack memory via\na HIDPCONNADD command, because a name field may not end with a '\\0'\ncharacter. (bnc#1134848)\n\nCVE-2018-17972: An issue was discovered in the proc_pid_stack function\nin fs/proc/base.c in the Linux kernel It did not ensure that only root\nmay inspect the kernel stack of an arbitrary task, allowing a local\nattacker to exploit racy stack unwinding and leak kernel task stack\ncontents. (bnc#1110785)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110785\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125931\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134848\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-17972/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11190/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11477/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11478/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11479/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11833/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11884/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3846/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-5489/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191692-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a20de32a\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2019-1692=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2019-1692=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_154-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_154-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.61-52.154.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.61-52.154.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.61-52.154.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.61-52.154.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.61-52.154.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.61-52.154.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_154-default-1-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_154-xen-1-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.61-52.154.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-3.12.61-52.154.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-3.12.61-52.154.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-debuginfo-3.12.61-52.154.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debuginfo-3.12.61-52.154.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debugsource-3.12.61-52.154.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-devel-3.12.61-52.154.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-syms-3.12.61-52.154.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:24:37", "description": "The SUSE Linux Enterprise 12 SP1 kernel version 3.12.74 was updated to to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586).\n\nCVE-2019-11478: It is possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. A remote attacker may be able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection.\n\nCVE-2019-11479: It was possible to send a crafted sequence of SACKs which will fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values.\n\nCVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424)\n\nCVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843)\n\nCVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281)\n\nCVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. (bnc#1131543)\n\nCVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\\0' character. (bnc#1134848)\n\nCVE-2018-17972: An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel It did not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. (bnc#1110785)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-06-18T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1533-1) (SACK Panic) (SACK Slowness)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17972", "CVE-2019-11190", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-3846", "CVE-2019-5489"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_115-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_115-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-1533-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125994", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1533-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125994);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-17972\",\n \"CVE-2019-11190\",\n \"CVE-2019-11477\",\n \"CVE-2019-11478\",\n \"CVE-2019-11479\",\n \"CVE-2019-11833\",\n \"CVE-2019-11884\",\n \"CVE-2019-3846\",\n \"CVE-2019-5489\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0456\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1533-1) (SACK Panic) (SACK Slowness)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP1 kernel version 3.12.74 was updated to\nto receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-11477: A sequence of SACKs may have been crafted by a remote\nattacker such that one can trigger an integer overflow, leading to a\nkernel panic. (bsc#1137586).\n\nCVE-2019-11478: It is possible to send a crafted sequence of SACKs\nwhich will fragment the TCP retransmission queue. A remote attacker\nmay be able to further exploit the fragmented queue to cause an\nexpensive linked-list walk for subsequent SACKs received for that same\nTCP connection.\n\nCVE-2019-11479: It was possible to send a crafted sequence of SACKs\nwhich will fragment the RACK send map. A remote attacker may be able\nto further exploit the fragmented send map to cause an expensive\nlinked-list walk for subsequent SACKs received for that same TCP\nconnection. This would have resulted in excess resource consumption\ndue to low mss values.\n\nCVE-2019-3846: A flaw that allowed an attacker to corrupt memory and\npossibly escalate privileges was found in the mwifiex kernel module\nwhile connecting to a malicious wireless network. (bnc#1136424)\n\nCVE-2019-5489: The mincore() implementation in mm/mincore.c in the\nLinux kernel allowed local attackers to observe page cache access\npatterns of other processes on the same system, potentially allowing\nsniffing of secret information. (Fixing this affects the output of the\nfincore program.) Limited remote exploitation may be possible, as\ndemonstrated by latency differences in accessing public files from an\nApache HTTP Server. (bnc#1120843)\n\nCVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out\nthe unused memory region in the extent tree block, which might allow\nlocal users to obtain sensitive information by reading uninitialized\ndata in the filesystem. (bnc#1135281)\n\nCVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on\nsetuid programs (such as /bin/su) because install_exec_creds() is\ncalled too late in load_elf_binary() in fs/binfmt_elf.c, and thus the\nptrace_may_access() check has a race condition when reading\n/proc/pid/stat. (bnc#1131543)\n\nCVE-2019-11884: The do_hidp_sock_ioctl function in\nnet/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to\nobtain potentially sensitive information from kernel stack memory via\na HIDPCONNADD command, because a name field may not end with a '\\0'\ncharacter. (bnc#1134848)\n\nCVE-2018-17972: An issue was discovered in the proc_pid_stack function\nin fs/proc/base.c in the Linux kernel It did not ensure that only root\nmay inspect the kernel stack of an arbitrary task, allowing a local\nattacker to exploit racy stack unwinding and leak kernel task stack\ncontents. (bnc#1110785)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104367\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110785\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125931\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134848\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-17972/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11190/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11477/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11478/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11479/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11833/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11884/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3846/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-5489/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191533-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2e90a680\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2019-1533=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2019-1533=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2019-1533=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_115-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_115-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.74-60.64.115.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.74-60.64.115.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.74-60.64.115.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.74-60.64.115.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.74-60.64.115.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.74-60.64.115.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_115-default-1-2.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_115-xen-1-2.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.74-60.64.115.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-3.12.74-60.64.115.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-3.12.74-60.64.115.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-debuginfo-3.12.74-60.64.115.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debuginfo-3.12.74-60.64.115.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debugsource-3.12.74-60.64.115.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-devel-3.12.74-60.64.115.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-syms-3.12.74-60.64.115.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:01", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\nCVE-2019-3846, CVE-2019-10126\n\nhuangwen reported multiple buffer overflows in the Marvell wifi (mwifiex) driver, which a local user could use to cause denial of service or the execution of arbitrary code.\n\nCVE-2019-5489\n\nDaniel Gruss, Erik Kraft, Trishita Tiwari, Michael Schwarz, Ari Trachtenberg, Jason Hennessey, Alex Ionescu, and Anders Fogh discovered that local users could use the mincore() system call to obtain sensitive information from other processes that access the same memory-mapped file.\n\nCVE-2019-11477\n\nJonathan Looney reported that a specially crafted sequence of TCP selective acknowledgements (SACKs) allows a remotely triggerable kernel panic.\n\nCVE-2019-11478\n\nJonathan Looney reported that a specially crafted sequence of TCP selective acknowledgements (SACKs) will fragment the TCP retransmission queue, allowing an attacker to cause excessive resource usage.\n\nCVE-2019-11479\n\nJonathan Looney reported that an attacker could force the Linux kernel to segment its responses into multiple TCP segments, each of which contains only 8 bytes of data, drastically increasing the bandwidth required to deliver the same amount of data.\n\nThis update introduces a new sysctl value to control the minimal MSS (net.ipv4.tcp_min_snd_mss), which by default uses the formerly hard- coded value of 48. We recommend raising this to 512 unless you know that your network requires a lower value. (This value applies to Linux 3.16 only.)\n\nCVE-2019-11810\n\nIt was discovered that the megaraid_sas driver did not correctly handle a failed memory allocation during initialisation, which could lead to a double-free. This might have some security impact, but it cannot be triggered by an unprivileged user.\n\nCVE-2019-11833\n\nIt was discovered that the ext4 filesystem implementation writes uninitialised data from kernel memory to new extent blocks. A local user able to write to an ext4 filesystem and then read the filesystem image, for example using a removable drive, might be able to use this to obtain sensitive information.\n\nCVE-2019-11884\n\nIt was discovered that the Bluetooth HIDP implementation did not ensure that new connection names were null-terminated. A local user with CAP_NET_ADMIN capability might be able to use this to obtain sensitive information from the kernel stack.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 3.16.68-2. Packages for PC architectures (amd64 and i386) are already available, and packages for Arm architectures (armel and armhf) will be available soon.\n\nWe recommend that you upgrade your linux packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-06-18T00:00:00", "type": "nessus", "title": "Debian DLA-1823-1 : linux security update (SACK Panic) (SACK Slowness)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10126", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11810", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-3846", "CVE-2019-5489"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.8-arm", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.8-x86", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-x86", "p-cpe:/a:debian:debian_linux:linux-doc-3.16", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-586", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-common", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-ixp4xx", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-kirkwood", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-orion5x", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-versatile", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-586", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-ixp4xx", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-kirkwood", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-orion5x", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-versatile", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:linux-manual-3.16", "p-cpe:/a:debian:debian_linux:linux-source-3.16", "p-cpe:/a:debian:debian_linux:linux-support-3.16.0-9", "p-cpe:/a:debian:debian_linux:xen-linux-system-3.16.0-9-amd64", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1823.NASL", "href": "https://www.tenable.com/plugins/nessus/125958", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1823-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125958);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-10126\",\n \"CVE-2019-11477\",\n \"CVE-2019-11478\",\n \"CVE-2019-11479\",\n \"CVE-2019-11810\",\n \"CVE-2019-11833\",\n \"CVE-2019-11884\",\n \"CVE-2019-3846\",\n \"CVE-2019-5489\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0456\");\n\n script_name(english:\"Debian DLA-1823-1 : linux security update (SACK Panic) (SACK Slowness)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2019-3846, CVE-2019-10126\n\nhuangwen reported multiple buffer overflows in the Marvell wifi\n(mwifiex) driver, which a local user could use to cause denial of\nservice or the execution of arbitrary code.\n\nCVE-2019-5489\n\nDaniel Gruss, Erik Kraft, Trishita Tiwari, Michael Schwarz, Ari\nTrachtenberg, Jason Hennessey, Alex Ionescu, and Anders Fogh\ndiscovered that local users could use the mincore() system call to\nobtain sensitive information from other processes that access the same\nmemory-mapped file.\n\nCVE-2019-11477\n\nJonathan Looney reported that a specially crafted sequence of TCP\nselective acknowledgements (SACKs) allows a remotely triggerable\nkernel panic.\n\nCVE-2019-11478\n\nJonathan Looney reported that a specially crafted sequence of TCP\nselective acknowledgements (SACKs) will fragment the TCP\nretransmission queue, allowing an attacker to cause excessive resource\nusage.\n\nCVE-2019-11479\n\nJonathan Looney reported that an attacker could force the Linux kernel\nto segment its responses into multiple TCP segments, each of which\ncontains only 8 bytes of data, drastically increasing the bandwidth\nrequired to deliver the same amount of data.\n\nThis update introduces a new sysctl value to control the\nminimal MSS (net.ipv4.tcp_min_snd_mss), which by default\nuses the formerly hard- coded value of 48. We recommend\nraising this to 512 unless you know that your network\nrequires a lower value. (This value applies to Linux 3.16\nonly.)\n\nCVE-2019-11810\n\nIt was discovered that the megaraid_sas driver did not correctly\nhandle a failed memory allocation during initialisation, which could\nlead to a double-free. This might have some security impact, but it\ncannot be triggered by an unprivileged user.\n\nCVE-2019-11833\n\nIt was discovered that the ext4 filesystem implementation writes\nuninitialised data from kernel memory to new extent blocks. A local\nuser able to write to an ext4 filesystem and then read the filesystem\nimage, for example using a removable drive, might be able to use this\nto obtain sensitive information.\n\nCVE-2019-11884\n\nIt was discovered that the Bluetooth HIDP implementation did not\nensure that new connection names were null-terminated. A local user\nwith CAP_NET_ADMIN capability might be able to use this to obtain\nsensitive information from the kernel stack.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.16.68-2. Packages for PC architectures (amd64 and i386) are already\navailable, and packages for Arm architectures (armel and armhf) will\nbe available soon.\n\nWe recommend that you upgrade your linux packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/jessie/linux\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3846\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.8-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.8-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-3.16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-586\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-ixp4xx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-kirkwood\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-orion5x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-586\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-ixp4xx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-kirkwood\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-orion5x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-3.16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-3.16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-3.16.0-9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-linux-system-3.16.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-arm\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-x86\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-x86\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-3.16\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-586\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-686-pae\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-amd64\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armel\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armhf\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-i386\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-amd64\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp-lpae\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-common\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-ixp4xx\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-kirkwood\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-orion5x\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-versatile\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-586\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae-dbg\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64-dbg\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp-lpae\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-ixp4xx\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-kirkwood\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-orion5x\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-versatile\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-libc-dev\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-3.16\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-3.16\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-3.16.0-9\", reference:\"3.16.68-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-linux-system-3.16.0-9-amd64\", reference:\"3.16.68-2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:34", "description": "This is a version update for podman to version 1.4.4 (bsc#1143386).\n\nAdditional changes by SUSE on top :\n\nRemove fuse-overlayfs because it's (currently) an unsatisfied dependency on SLE (bsc#1143386)\n\nUpdate libpod.conf to use correct infra_command\n\nUpdate libpod.conf to use better versioned pause container\n\nUpdate libpod.conf to use official kubic pause container\n\nUpdate libpod.conf to match latest features set: detach_keys, lock_type, runtime_supports_json\n\nAdd podman-remote varlink client\n\nVersion update podman to v1.4.4: Features\n\n - Podman now has greatly improved support for containers using multiple OCI runtimes. Containers now remember if they were created with a different runtime using\n --runtime and will always use that runtime\n\n - The cached and delegated options for volume mounts are now allowed for Docker compatability (#3340)\n\n - The podman diff command now supports the --latest flag Bugfixes\n\n - Fixed a bug where rootless Podman would attempt to use the entire root configuration if no rootless configuration was present for the user, breaking rootless Podman for new installations\n\n - Fixed a bug where rootless Podman's pause process would block SIGTERM, preventing graceful system shutdown and hanging until the system's init send SIGKILL\n\n - Fixed a bug where running Podman as root with sudo -E would not work after running rootless Podman at least once\n\n - Fixed a bug where options for tmpfs volumes added with the --tmpfs flag were being ignored\n\n - Fixed a bug where images with no layers could not properly be displayed and removed by Podman\n\n - Fixed a bug where locks were not properly freed on failure to create a container or pod\n\n - Fixed a bug where podman cp on a single file would create a directory at the target and place the file in it (#3384)\n\n - Fixed a bug where podman inspect --format '{{.Mounts}}' would print a hexadecimal address instead of a container's mounts\n\n - Fixed a bug where rootless Podman would not add an entry to container's /etc/hosts files for their own hostname (#3405)\n\n - Fixed a bug where podman ps --sync would segfault (#3411)\n\n - Fixed a bug where podman generate kube would produce an invalid ports configuration (#3408) Misc\n\n - Updated containers/storage to v1.12.13\n\n - Podman now performs much better on systems with heavy I/O load\n\n - The --cgroup-manager flag to podman now shows the correct default setting in help if the default was overridden by libpod.conf\n\n - For backwards compatability, setting\n --log-driver=json-file in podman run is now supported as an alias for --log-driver=k8s-file. This is considered deprecated, and json-file will be moved to a new implementation in the future ([#3363](https://github.com/containers/libpo\\ d/issues/3363))\n\n - Podman's default libpod.conf file now allows the crun OCI runtime to be used if it is installed\n\nUpdate podman to v1.4.2: Fixed a bug where Podman could not run containers using an older version of Systemd as init\n\nUpdated vendored Buildah to v1.9.0 to resolve a critical bug with Dockerfile RUN instructions\n\nThe error message for running podman kill on containers that are not running has been improved\n\nPodman remote client can now log to a file if syslog is not available\n\nThe podman exec command now sets its error code differently based on whether the container does not exist, and the command in the container does not exist\n\nThe podman inspect command on containers now outputs Mounts JSON that matches that of docker inspect, only including user-specified volumes and differentiating bind mounts and named volumes\n\nThe podman inspect command now reports the path to a container's OCI spec with the OCIConfigPath key (only included when the container is initialized or running)\n\nThe podman run --mount command now supports the bind-nonrecursive option for bind mounts\n\nFixed a bug where podman play kube would fail to create containers due to an unspecified log driver\n\nFixed a bug where Podman would fail to build with musl libc\n\nFixed a bug where rootless Podman using slirp4netns networking in an environment with no nameservers on the host other than localhost would result in nonfunctional networking\n\nFixed a bug where podman import would not properly set environment variables, discarding their values and retaining only keys\n\nFixed a bug where Podman would fail to run when built with Apparmor support but run on systems without the Apparmor kernel module loaded\n\nRemote Podman will now default the username it uses to log in to remote systems to the username of the current user\n\nPodman now uses JSON logging with OCI runtimes that support it, allowing for better error reporting\n\nUpdated vendored containers/image to v2.0\n\nUpdate conmon to v0.3.0\n\nSupport OOM Monitor under cgroup V2\n\nAdd config binary and make target for configuring conmon with a go library for importing values\n\nUpdated podman to version 1.4.0 (bsc#1137860) and (bsc#1135460) Podman checkpoint and podman restore commands can now be used to migrate containers between Podman installations on different systems.\n\nThe podman cp now supports pause flag.\n\nThe remote client now supports a configuration file for pre-configuring connections to remote Podman installations\n\nCVE-2019-10152: Fixed an iproper dereference of symlinks of the the podman cp command which introduced in version 1.1.0 (bsc#1136974).\n\nFixed a bug where podman commit could improperly set environment variables that contained = characters\n\nFixed a bug where rootless podman would sometimes fail to start containers with forwarded ports\n\nFixed a bug where podman version on the remote client could segfault\n\nFixed a bug where podman container runlabel would use /proc/self/exe instead of the path of the Podman command when printing the command being executed\n\nFixed a bug where filtering images by label did not work\n\nFixed a bug where specifying a bing mount or tmpfs mount over an image volume would cause a container to be unable to start\n\nFixed a bug where podman generate kube did not work with containers with named volumes\n\nFixed a bug where rootless podman would receive permission denied errors accessing conmon.pid\n\nFixed a bug where podman cp with a folder specified as target would replace the folder, as opposed to copying into it\n\nFixed a bug where rootless Podman commands could double-unlock a lock, causing a crash\n\nFixed a bug where podman incorrectly set tmpcopyup on /dev/ mounts, causing errors when using the Kata containers runtime\n\nFixed a bug where podman exec would fail on older kernels\n\nPodman commit command is now usable with the Podman remote client\n\nSignature-policy flag has been deprecated\n\nUpdated vendored containers/storage and containers/image libraries with numerous bugfixes\n\nUpdated vendored Buildah to v1.8.3\n\nPodman now requires Conmon v0.2.0\n\nThe podman cp command is now aliased as podman container cp\n\nRootless podman will now default init_path using root Podman's configuration files (/etc/containers/libpod.conf and /usr/share/containers/libpod.conf) if not overridden in the rootless configuration\n\nAdded fuse-overlayfs dependency to support overlay based rootless image manipulations\n\nThe podman cp command can now read input redirected to STDIN, and output to STDOUT instead of a file, using - instead of an argument.\n\nThe podman remote client now displays version information from both the client and server in podman version\n\nThe podman unshare command has been added, allowing easy entry into the user namespace set up by rootless Podman (allowing the removal of files created by rootless podman, among other things)\n\nFixed a bug where Podman containers with the --rm flag were removing created volumes when they were automatically removed\n\nFixed a bug where container and pod locks were incorrectly marked as released after a system reboot, causing errors on container and pod removal\n\nFixed a bug where Podman pods could not be removed if any container in the pod encountered an error during removal\n\nFixed a bug where Podman pods run with the cgroupfs CGroup driver would encounter a race condition during removal, potentially failing to remove the pod CGroup\n\nFixed a bug where the podman container checkpoint and podman container restore commands were not visible in the remote client\n\nFixed a bug where podman remote ps --ns would not print the container's namespaces\n\nFixed a bug where removing stopped containers with healthchecks could cause an error\n\nFixed a bug where the default libpod.conf file was causing parsing errors\n\nFixed a bug where pod locks were not being freed when pods were removed, potentially leading to lock exhaustion\n\nFixed a bug where 'podman run' with SD_NOTIFY set could, on short-running containers, create an inconsistent state rendering the container unusable\n\nThe remote Podman client now uses the Varlink bridge to establish remote connections by default\n\nFixed an issue with apparmor_parser (bsc#1123387)\n\nUpdate to libpod v1.4.0 (bsc#1137860) :\n\nThe podman checkpoint and podman restore commands can now be used to migrate containers between Podman installations on different systems\n\nThe podman cp command now supports a pause flag to pause containers while copying into them\n\nThe remote client now supports a configuration file for pre-configuring connections to remote Podman installations\n\nFixed CVE-2019-10152 - The podman cp command improperly dereferenced symlinks in host context\n\nFixed a bug where podman commit could improperly set environment variables that contained = characters\n\nFixed a bug where rootless Podman would sometimes fail to start containers with forwarded ports\n\nFixed a bug where podman version on the remote client could segfault\n\nFixed a bug where podman container runlabel would use /proc/self/exe instead of the path of the Podman command when printing the command being executed\n\nFixed a bug where filtering images by label did not work\n\nFixed a bug where specifying a bing mount or tmpfs mount over an image volume would cause a container to be unable to start\n\nFixed a bug where podman generate kube did not work with containers with named volumes\n\nFixed a bug where rootless Podman would receive permission denied errors accessing conmon.pid\n\nFixed a bug where podman cp with a folder specified as target would replace the folder, as opposed to copying into it\n\nFixed a bug where rootless Podman commands could double-unlock a lock, causing a crash\n\nFixed a bug where Podman incorrectly set tmpcopyup on /dev/ mounts, causing errors when using the Kata containers runtime\n\nFixed a bug where podman exec would fail on older kernels\n\nThe podman commit command is now usable with the Podman remote client\n\nThe --signature-policy flag (used with several image-related commands) has been deprecated\n\nThe podman unshare command now defines two environment variables in the spawned shell: CONTAINERS_RUNROOT and CONTAINERS_GRAPHROOT, pointing to temporary and permanent storage for rootless containers\n\nUpdated vendored containers/storage and containers/image libraries with numerous bugfixes\n\nUpdated vendored Buildah to v1.8.3\n\nPodman now requires Conmon v0.2.0\n\nThe podman cp command is now aliased as podman container cp\n\nRootless Podman will now default init_path using root Podman's configuration files (/etc/containers/libpod.conf and /usr/share/containers/libpod.conf) if not overridden in the rootless configuration\n\nUpdate to image v1.5.1\n\nVendor in latest containers/storage\n\ndocker/docker_client: Drop redundant Domain(ref.ref) call\n\npkg/blobinfocache: Split implementations into subpackages\n\ncopy: progress bar: show messages on completion\n\ndocs: rename manpages to *.5.command\n\nadd container-certs.d.md manpage\n\npkg/docker/config: Bring auth tests from docker/docker_client_test\n\nDon't allocate a sync.Mutex separately\n\nUpdate to storage v1.12.10: Add function to parse out mount options from graphdriver\n\nMerge the disparate parts of all of the Unix-like lockfiles\n\nFix unix-but-not-Linux compilation\n\nReturn XDG_RUNTIME_DIR as RootlessRuntimeDir if set\n\nCherry-pick moby/moby #39292 for CVE-2018-15664 fixes\n\nlockfile: add RecursiveLock() API\n\nUpdate generated files\n\nFix crash on tesing of aufs code\n\nLet consumers know when Layers and Images came from read-only stores\n\nchown: do not change owner for the mountpoint\n\nlocks: correctly mark updates to the layers list\n\nCreateContainer: don't worry about mapping layers unless necessary\n\ndocs: fix manpage for containers-storage.conf\n\ndocs: sort configuration options alphabetically\n\ndocs: document OSTree file deduplication\n\nAdd missing options to man page for containers-storage\n\noverlay: use the layer idmapping if present\n\nvfs: prefer layer custom idmappings\n\nlayers: propagate down the idmapping settings\n\nRecreate symlink when not found\n\ndocs: fix manpage for configuration file\n\ndocs: add special handling for manpages in sect 5\n\noverlay: fix single-lower test\n\nRecreate symlink when not found\n\noverlay: propagate errors from mountProgram\n\nutils: root in a userns uses global conf file\n\nFix handling of additional stores\n\nCorrectly check permissions on rootless directory\n\nFix possible integer overflow on 32bit builds\n\nEvaluate device path for lvm\n\nlockfile test: make concurrent RW test determinisitc\n\nlockfile test: make concurrent read tests deterministic\n\ndrivers.DirCopy: fix filemode detection\n\nstorage: move the logic to detect rootless into utils.go\n\nDon't set (struct flock).l_pid\n\nImprove documentation of getLockfile\n\nRename getLockFile to createLockerForPath, and document it\n\nAdd FILES section to containers-storage.5 man page\n\nadd digest locks\n\ndrivers/copy: add a non-cgo fallback\n\nslirp4netns was updated to 0.3.0: CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() (bsc#1123156)\n\nThis update also includes: fuse3 and fuse-overlayfs to support rootless containers.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-08-28T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : podman, slirp4netns / libcontainers-common (SUSE-SU-2019:2223-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15664", "CVE-2019-10152", "CVE-2019-6778"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:fuse-overlayfs", "p-cpe:/a:novell:suse_linux:fuse-overlayfs-debuginfo", "p-cpe:/a:novell:suse_linux:fuse-overlayfs-debugsource", "p-cpe:/a:novell:suse_linux:fuse3", "p-cpe:/a:novell:suse_linux:fuse3-debuginfo", "p-cpe:/a:novell:suse_linux:fuse3-debugsource", "p-cpe:/a:novell:suse_linux:libfuse3", "p-cpe:/a:novell:suse_linux:libfuse3-3-debuginfo", "p-cpe:/a:novell:suse_linux:podman", "p-cpe:/a:novell:suse_linux:slirp4netns", "p-cpe:/a:novell:suse_linux:slirp4netns-debuginfo", "p-cpe:/a:novell:suse_linux:slirp4netns-debugsource", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-2223-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128302", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2223-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128302);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\"CVE-2018-15664\", \"CVE-2019-6778\", \"CVE-2019-10152\");\n\n script_name(english:\"SUSE SLES15 Security Update : podman, slirp4netns / libcontainers-common (SUSE-SU-2019:2223-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This is a version update for podman to version 1.4.4 (bsc#1143386).\n\nAdditional changes by SUSE on top :\n\nRemove fuse-overlayfs because it's (currently) an unsatisfied\ndependency on SLE (bsc#1143386)\n\nUpdate libpod.conf to use correct infra_command\n\nUpdate libpod.conf to use better versioned pause container\n\nUpdate libpod.conf to use official kubic pause container\n\nUpdate libpod.conf to match latest features set: detach_keys,\nlock_type, runtime_supports_json\n\nAdd podman-remote varlink client\n\nVersion update podman to v1.4.4: Features\n\n - Podman now has greatly improved support for containers\n using multiple OCI runtimes. Containers now remember if\n they were created with a different runtime using\n --runtime and will always use that runtime\n\n - The cached and delegated options for volume mounts are\n now allowed for Docker compatability (#3340)\n\n - The podman diff command now supports the --latest flag\n Bugfixes\n\n - Fixed a bug where rootless Podman would attempt to use\n the entire root configuration if no rootless\n configuration was present for the user, breaking\n rootless Podman for new installations\n\n - Fixed a bug where rootless Podman's pause process would\n block SIGTERM, preventing graceful system shutdown and\n hanging until the system's init send SIGKILL\n\n - Fixed a bug where running Podman as root with sudo -E\n would not work after running rootless Podman at least\n once\n\n - Fixed a bug where options for tmpfs volumes added with\n the --tmpfs flag were being ignored\n\n - Fixed a bug where images with no layers could not\n properly be displayed and removed by Podman\n\n - Fixed a bug where locks were not properly freed on\n failure to create a container or pod\n\n - Fixed a bug where podman cp on a single file would\n create a directory at the target and place the file in\n it (#3384)\n\n - Fixed a bug where podman inspect --format '{{.Mounts}}'\n would print a hexadecimal address instead of a\n container's mounts\n\n - Fixed a bug where rootless Podman would not add an entry\n to container's /etc/hosts files for their own hostname\n (#3405)\n\n - Fixed a bug where podman ps --sync would segfault\n (#3411)\n\n - Fixed a bug where podman generate kube would produce an\n invalid ports configuration (#3408) Misc\n\n - Updated containers/storage to v1.12.13\n\n - Podman now performs much better on systems with heavy\n I/O load\n\n - The --cgroup-manager flag to podman now shows the\n correct default setting in help if the default was\n overridden by libpod.conf\n\n - For backwards compatability, setting\n --log-driver=json-file in podman run is now supported as\n an alias for --log-driver=k8s-file. This is considered\n deprecated, and json-file will be moved to a new\n implementation in the future\n ([#3363](https://github.com/containers/libpo\\\n d/issues/3363))\n\n - Podman's default libpod.conf file now allows the crun\n OCI runtime to be used if it is installed\n\nUpdate podman to v1.4.2: Fixed a bug where Podman could not run\ncontainers using an older version of Systemd as init\n\nUpdated vendored Buildah to v1.9.0 to resolve a critical bug with\nDockerfile RUN instructions\n\nThe error message for running podman kill on containers that are not\nrunning has been improved\n\nPodman remote client can now log to a file if syslog is not available\n\nThe podman exec command now sets its error code differently based on\nwhether the container does not exist, and the command in the container\ndoes not exist\n\nThe podman inspect command on containers now outputs Mounts JSON that\nmatches that of docker inspect, only including user-specified volumes\nand differentiating bind mounts and named volumes\n\nThe podman inspect command now reports the path to a container's OCI\nspec with the OCIConfigPath key (only included when the container is\ninitialized or running)\n\nThe podman run --mount command now supports the bind-nonrecursive\noption for bind mounts\n\nFixed a bug where podman play kube would fail to create containers due\nto an unspecified log driver\n\nFixed a bug where Podman would fail to build with musl libc\n\nFixed a bug where rootless Podman using slirp4netns networking in an\nenvironment with no nameservers on the host other than localhost would\nresult in nonfunctional networking\n\nFixed a bug where podman import would not properly set environment\nvariables, discarding their values and retaining only keys\n\nFixed a bug where Podman would fail to run when built with Apparmor\nsupport but run on systems without the Apparmor kernel module loaded\n\nRemote Podman will now default the username it uses to log in to\nremote systems to the username of the current user\n\nPodman now uses JSON logging with OCI runtimes that support it,\nallowing for better error reporting\n\nUpdated vendored containers/image to v2.0\n\nUpdate conmon to v0.3.0\n\nSupport OOM Monitor under cgroup V2\n\nAdd config binary and make target for configuring conmon with a go\nlibrary for importing values\n\nUpdated podman to version 1.4.0 (bsc#1137860) and (bsc#1135460) Podman\ncheckpoint and podman restore commands can now be used to migrate\ncontainers between Podman installations on different systems.\n\nThe podman cp now supports pause flag.\n\nThe remote client now supports a configuration file for\npre-configuring connections to remote Podman installations\n\nCVE-2019-10152: Fixed an iproper dereference of symlinks of the the\npodman cp command which introduced in version 1.1.0 (bsc#1136974).\n\nFixed a bug where podman commit could improperly set environment\nvariables that contained = characters\n\nFixed a bug where rootless podman would sometimes fail to start\ncontainers with forwarded ports\n\nFixed a bug where podman version on the remote client could segfault\n\nFixed a bug where podman container runlabel would use /proc/self/exe\ninstead of the path of the Podman command when printing the command\nbeing executed\n\nFixed a bug where filtering images by label did not work\n\nFixed a bug where specifying a bing mount or tmpfs mount over an image\nvolume would cause a container to be unable to start\n\nFixed a bug where podman generate kube did not work with containers\nwith named volumes\n\nFixed a bug where rootless podman would receive permission denied\nerrors accessing conmon.pid\n\nFixed a bug where podman cp with a folder specified as target would\nreplace the folder, as opposed to copying into it\n\nFixed a bug where rootless Podman commands could double-unlock a lock,\ncausing a crash\n\nFixed a bug where podman incorrectly set tmpcopyup on /dev/ mounts,\ncausing errors when using the Kata containers runtime\n\nFixed a bug where podman exec would fail on older kernels\n\nPodman commit command is now usable with the Podman remote client\n\nSignature-policy flag has been deprecated\n\nUpdated vendored containers/storage and containers/image libraries\nwith numerous bugfixes\n\nUpdated vendored Buildah to v1.8.3\n\nPodman now requires Conmon v0.2.0\n\nThe podman cp command is now aliased as podman container cp\n\nRootless podman will now default init_path using root Podman's\nconfiguration files (/etc/containers/libpod.conf and\n/usr/share/containers/libpod.conf) if not overridden in the rootless\nconfiguration\n\nAdded fuse-overlayfs dependency to support overlay based rootless\nimage manipulations\n\nThe podman cp command can now read input redirected to STDIN, and\noutput to STDOUT instead of a file, using - instead of an argument.\n\nThe podman remote client now displays version information from both\nthe client and server in podman version\n\nThe podman unshare command has been added, allowing easy entry into\nthe user namespace set up by rootless Podman (allowing the removal of\nfiles created by rootless podman, among other things)\n\nFixed a bug where Podman containers with the --rm flag were removing\ncreated volumes when they were automatically removed\n\nFixed a bug where container and pod locks were incorrectly marked as\nreleased after a system reboot, causing errors on container and pod\nremoval\n\nFixed a bug where Podman pods could not be removed if any container in\nthe pod encountered an error during removal\n\nFixed a bug where Podman pods run with the cgroupfs CGroup driver\nwould encounter a race condition during removal, potentially failing\nto remove the pod CGroup\n\nFixed a bug where the podman container checkpoint and podman container\nrestore commands were not visible in the remote client\n\nFixed a bug where podman remote ps --ns would not print the\ncontainer's namespaces\n\nFixed a bug where removing stopped containers with healthchecks could\ncause an error\n\nFixed a bug where the default libpod.conf file was causing parsing\nerrors\n\nFixed a bug where pod locks were not being freed when pods were\nremoved, potentially leading to lock exhaustion\n\nFixed a bug where 'podman run' with SD_NOTIFY set could, on\nshort-running containers, create an inconsistent state rendering the\ncontainer unusable\n\nThe remote Podman client now uses the Varlink bridge to establish\nremote connections by default\n\nFixed an issue with apparmor_parser (bsc#1123387)\n\nUpdate to libpod v1.4.0 (bsc#1137860) :\n\nThe podman checkpoint and podman restore commands can now be used to\nmigrate containers between Podman installations on different systems\n\nThe podman cp command now supports a pause flag to pause containers\nwhile copying into them\n\nThe remote client now supports a configuration file for\npre-configuring connections to remote Podman installations\n\nFixed CVE-2019-10152 - The podman cp command improperly dereferenced\nsymlinks in host context\n\nFixed a bug where podman commit could improperly set environment\nvariables that contained = characters\n\nFixed a bug where rootless Podman would sometimes fail to start\ncontainers with forwarded ports\n\nFixed a bug where podman version on the remote client could segfault\n\nFixed a bug where podman container runlabel would use /proc/self/exe\ninstead of the path of the Podman command when printing the command\nbeing executed\n\nFixed a bug where filtering images by label did not work\n\nFixed a bug where specifying a bing mount or tmpfs mount over an image\nvolume would cause a container to be unable to start\n\nFixed a bug where podman generate kube did not work with containers\nwith named volumes\n\nFixed a bug where rootless Podman would receive permission denied\nerrors accessing conmon.pid\n\nFixed a bug where podman cp with a folder specified as target would\nreplace the folder, as opposed to copying into it\n\nFixed a bug where rootless Podman commands could double-unlock a lock,\ncausing a crash\n\nFixed a bug where Podman incorrectly set tmpcopyup on /dev/ mounts,\ncausing errors when using the Kata containers runtime\n\nFixed a bug where podman exec would fail on older kernels\n\nThe podman commit command is now usable with the Podman remote client\n\nThe --signature-policy flag (used with several image-related commands)\nhas been deprecated\n\nThe podman unshare command now defines two environment variables in\nthe spawned shell: CONTAINERS_RUNROOT and CONTAINERS_GRAPHROOT,\npointing to temporary and permanent storage for rootless containers\n\nUpdated vendored containers/storage and containers/image libraries\nwith numerous bugfixes\n\nUpdated vendored Buildah to v1.8.3\n\nPodman now requires Conmon v0.2.0\n\nThe podman cp command is now aliased as podman container cp\n\nRootless Podman will now default init_path using root Podman's\nconfiguration files (/etc/containers/libpod.conf and\n/usr/share/containers/libpod.conf) if not overridden in the rootless\nconfiguration\n\nUpdate to image v1.5.1\n\nVendor in latest containers/storage\n\ndocker/docker_client: Drop redundant Domain(ref.ref) call\n\npkg/blobinfocache: Split implementations into subpackages\n\ncopy: progress bar: show messages on completion\n\ndocs: rename manpages to *.5.command\n\nadd container-certs.d.md manpage\n\npkg/docker/config: Bring auth tests from docker/docker_client_test\n\nDon't allocate a sync.Mutex separately\n\nUpdate to storage v1.12.10: Add function to parse out mount options\nfrom graphdriver\n\nMerge the disparate parts of all of the Unix-like lockfiles\n\nFix unix-but-not-Linux compilation\n\nReturn XDG_RUNTIME_DIR as RootlessRuntimeDir if set\n\nCherry-pick moby/moby #39292 for CVE-2018-15664 fixes\n\nlockfile: add RecursiveLock() API\n\nUpdate generated files\n\nFix crash on tesing of aufs code\n\nLet consumers know when Layers and Images came from read-only stores\n\nchown: do not change owner for the mountpoint\n\nlocks: correctly mark updates to the layers list\n\nCreateContainer: don't worry about mapping layers unless necessary\n\ndocs: fix manpage for containers-storage.conf\n\ndocs: sort configuration options alphabetically\n\ndocs: document OSTree file deduplication\n\nAdd missing options to man page for containers-storage\n\noverlay: use the layer idmapping if present\n\nvfs: prefer layer custom idmappings\n\nlayers: propagate down the idmapping settings\n\nRecreate symlink when not found\n\ndocs: fix manpage for configuration file\n\ndocs: add special handling for manpages in sect 5\n\noverlay: fix single-lower test\n\nRecreate symlink when not found\n\noverlay: propagate errors from mountProgram\n\nutils: root in a userns uses global conf file\n\nFix handling of additional stores\n\nCorrectly check permissions on rootless directory\n\nFix possible integer overflow on 32bit builds\n\nEvaluate device path for lvm\n\nlockfile test: make concurrent RW test determinisitc\n\nlockfile test: make concurrent read tests deterministic\n\ndrivers.DirCopy: fix filemode detection\n\nstorage: move the logic to detect rootless into utils.go\n\nDon't set (struct flock).l_pid\n\nImprove documentation of getLockfile\n\nRename getLockFile to createLockerForPath, and document it\n\nAdd FILES section to containers-storage.5 man page\n\nadd digest locks\n\ndrivers/copy: add a non-cgo fallback\n\nslirp4netns was updated to 0.3.0: CVE-2019-6778: Fixed a heap buffer\noverflow in tcp_emu() (bsc#1123156)\n\nThis update also includes: fuse3 and fuse-overlayfs to support\nrootless containers.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137860\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/containers/libpo\\\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-15664/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10152/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-6778/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192223-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c3f6900a\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Containers 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Containers-15-SP1-2019-2223=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-SP1-2019-2223=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15664\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-6778\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:fuse-overlayfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:fuse-overlayfs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:fuse-overlayfs-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:fuse3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:fuse3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:fuse3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfuse3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfuse3-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:podman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:slirp4netns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:slirp4netns-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:slirp4netns-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"fuse-overlayfs-0.4.1-3.3.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"fuse-overlayfs-debuginfo-0.4.1-3.3.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"fuse-overlayfs-debugsource-0.4.1-3.3.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"fuse3-3.6.1-3.3.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"fuse3-debuginfo-3.6.1-3.3.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"fuse3-debugsource-3.6.1-3.3.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libfuse3-3-3.6.1-3.3.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libfuse3-3-debuginfo-3.6.1-3.3.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"podman-1.4.4-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"slirp4netns-0.3.0-3.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"slirp4netns-debuginfo-0.3.0-3.3.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"slirp4netns-debugsource-0.3.0-3.3.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"podman / slirp4netns / libcontainers-common\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:49", "description": "This is a version update for podman to version 1.4.4 (bsc#1143386).\n\nAdditional changes by SUSE on top :\n\n - Remove fuse-overlayfs because it's (currently) an unsatisfied dependency on SLE (bsc#1143386)\n\n - Update libpod.conf to use correct infra_command\n\n - Update libpod.conf to use better versioned pause container\n\n - Update libpod.conf to use official kubic pause container\n\n - Update libpod.conf to match latest features set:\n detach_keys, lock_type, runtime_supports_json\n\n - Add podman-remote varlink client\n\nVersion update podman to v1.4.4 :\n\n - Features\n\n - Podman now has greatly improved support for containers using multiple OCI runtimes. Containers now remember if they were created with a different runtime using\n --runtime and will always use that runtime\n\n - The cached and delegated options for volume mounts are now allowed for Docker compatability (#3340)\n\n - The podman diff command now supports the --latest flag\n\n - Bugfixes\n\n - Fixed a bug where rootless Podman would attempt to use the entire root configuration if no rootless configuration was present for the user, breaking rootless Podman for new installations\n\n - Fixed a bug where rootless Podman's pause process would block SIGTERM, preventing graceful system shutdown and hanging until the system's init send SIGKILL\n\n - Fixed a bug where running Podman as root with sudo -E would not work after running rootless Podman at least once\n\n - Fixed a bug where options for tmpfs volumes added with the --tmpfs flag were being ignored\n\n - Fixed a bug where images with no layers could not properly be displayed and removed by Podman\n\n - Fixed a bug where locks were not properly freed on failure to create a container or pod\n\n - Fixed a bug where podman cp on a single file would create a directory at the target and place the file in it (#3384)\n\n - Fixed a bug where podman inspect --format '((.Mounts))' would print a hexadecimal address instead of a container's mounts\n\n - Fixed a bug where rootless Podman would not add an entry to container's /etc/hosts files for their own hostname (#3405)\n\n - Fixed a bug where podman ps --sync would segfault (#3411)\n\n - Fixed a bug where podman generate kube would produce an invalid ports configuration (#3408)\n\n - Misc\n\n - Updated containers/storage to v1.12.13\n\n - Podman now performs much better on systems with heavy I/O load\n\n - The --cgroup-manager flag to podman now shows the correct default setting in help if the default was overridden by libpod.conf\n\n - For backwards compatability, setting\n --log-driver=json-file in podman run is now supported as an alias for --log-driver=k8s-file. This is considered deprecated, and json-file will be moved to a new implementation in the future ([#3363](https://github.com/containers/libpo\\ d/issues/3363))\n\n - Podman's default libpod.conf file now allows the crun OCI runtime to be used if it is installed\n\nUpdate podman to v1.4.2 :\n\n - Fixed a bug where Podman could not run containers using an older version of Systemd as init\n\n - Updated vendored Buildah to v1.9.0 to resolve a critical bug with Dockerfile RUN instructions\n\n - The error message for running podman kill on containers that are not running has been improved\n\n - Podman remote client can now log to a file if syslog is not available\n\n - The podman exec command now sets its error code differently based on whether the container does not exist, and the command in the container does not exist\n\n - The podman inspect command on containers now outputs Mounts JSON that matches that of docker inspect, only including user-specified volumes and differentiating bind mounts and named volumes\n\n - The podman inspect command now reports the path to a container's OCI spec with the OCIConfigPath key (only included when the container is initialized or running)\n\n - The podman run --mount command now supports the bind-nonrecursive option for bind mounts\n\n - Fixed a bug where podman play kube would fail to create containers due to an unspecified log driver\n\n - Fixed a bug where Podman would fail to build with musl libc\n\n - Fixed a bug where rootless Podman using slirp4netns networking in an environment with no nameservers on the host other than localhost would result in nonfunctional networking\n\n - Fixed a bug where podman import would not properly set environment variables, discarding their values and retaining only keys\n\n - Fixed a bug where Podman would fail to run when built with Apparmor support but run on systems without the Apparmor kernel module loaded\n\n - Remote Podman will now default the username it uses to log in to remote systems to the username of the current user\n\n - Podman now uses JSON logging with OCI runtimes that support it, allowing for better error reporting\n\n - Updated vendored containers/image to v2.0\n\n - Update conmon to v0.3.0\n\n - Support OOM Monitor under cgroup V2\n\n - Add config binary and make target for configuring conmon with a go library for importing values\n\nUpdated podman to version 1.4.0 (bsc#1137860) and (bsc#1135460) \n\n - Podman checkpoint and podman restore commands can now be used to migrate containers between Podman installations on different systems.\n\n - The podman cp now supports pause flag.\n\n - The remote client now supports a configuration file for pre-configuring connections to remote Podman installations\n\n - CVE-2019-10152: Fixed an iproper dereference of symlinks of the the podman cp command which introduced in version 1.1.0 (bsc#1136974).\n\n - Fixed a bug where podman commit could improperly set environment variables that contained = characters\n\n - Fixed a bug where rootless podman would sometimes fail to start containers with forwarded ports\n\n - Fixed a bug where podman version on the remote client could segfault\n\n - Fixed a bug where podman container runlabel would use /proc/self/exe instead of the path of the Podman command when printing the command being executed\n\n - Fixed a bug where filtering images by label did not work\n\n - Fixed a bug where specifying a bing mount or tmpfs mount over an image volume would cause a container to be unable to start\n\n - Fixed a bug where podman generate kube did not work with containers with named volumes\n\n - Fixed a bug where rootless podman would receive permission denied errors accessing conmon.pid\n\n - Fixed a bug where podman cp with a folder specified as target would replace the folder, as opposed to copying into it\n\n - Fixed a bug where rootless Podman commands could double-unlock a lock, causing a crash\n\n - Fixed a bug where podman incorrectly set tmpcopyup on /dev/ mounts, causing errors when using the Kata containers runtime\n\n - Fixed a bug where podman exec would fail on older kernels\n\n - Podman commit command is now usable with the Podman remote client\n\n - Signature-policy flag has been deprecated\n\n - Updated vendored containers/storage and containers/image libraries with numerous bugfixes\n\n - Updated vendored Buildah to v1.8.3\n\n - Podman now requires Conmon v0.2.0\n\n - The podman cp command is now aliased as podman container cp\n\n - Rootless podman will now default init_path using root Podman's configuration files (/etc/containers/libpod.conf and /usr/share/containers/libpod.conf) if not overridden in the rootless configuration\n\n - Added fuse-overlayfs dependency to support overlay based rootless image manipulations\n\n - The podman cp command can now read input redirected to STDIN, and output to STDOUT instead of a file, using - instead of an argument.\n\n - The podman remote client now displays version information from both the client and server in podman version\n\n - The podman unshare command has been added, allowing easy entry into the user namespace set up by rootless Podman (allowing the removal of files created by rootless podman, among other things)\n\n - Fixed a bug where Podman containers with the --rm flag were removing created volumes when they were automatically removed\n\n - Fixed a bug where container and pod locks were incorrectly marked as released after a system reboot, causing errors on container and pod removal\n\n - Fixed a bug where Podman pods could not be removed if any container in the pod encountered an error during removal\n\n - Fixed a bug where Podman pods run with the cgroupfs CGroup driver would encounter a race condition during removal, potentially failing to remove the pod CGroup\n\n - Fixed a bug where the podman container checkpoint and podman container restore commands were not visible in the remote client\n\n - Fixed a bug where podman remote ps --ns would not print the container's namespaces\n\n - Fixed a bug where removing stopped containers with healthchecks could cause an error\n\n - Fixed a bug where the default libpod.conf file was causing parsing errors\n\n - Fixed a bug where pod locks were not being freed when pods were removed, potentially leading to lock exhaustion\n\n - Fixed a bug where 'podman run' with SD_NOTIFY set could, on short-running containers, create an inconsistent state rendering the container unusable\n\n - The remote Podman client now uses the Varlink bridge to establish remote connections by default\n\n - Fixed an issue with apparmor_parser (bsc#1123387)\n\n - Update to libpod v1.4.0 (bsc#1137860) :\n\n - The podman checkpoint and podman restore commands can now be used to migrate containers between Podman installations on different systems\n\n - The podman cp command now supports a pause flag to pause containers while copying into them\n\n - The remote client now supports a configuration file for pre-configuring connections to remote Podman installations\n\n - Fixed CVE-2019-10152 - The podman cp command improperly dereferenced symlinks in host context\n\n - Fixed a bug where podman commit could improperly set environment variables that contained = characters\n\n - Fixed a bug where rootless Podman would sometimes fail to start containers with forwarded ports\n\n - Fixed a bug where podman version on the remote client could segfault\n\n - Fixed a bug where podman container runlabel would use /proc/self/exe instead of the path of the Podman command when printing the command being executed\n\n - Fixed a bug where filtering images by label did not work\n\n - Fixed a bug where specifying a bing mount or tmpfs mount over an image volume would cause a container to be unable to start\n\n - Fixed a bug where podman generate kube did not work with containers with named volumes\n\n - Fixed a bug where rootless Podman would receive permission denied errors accessing conmon.pid\n\n - Fixed a bug where podman cp with a folder specified as target would replace the folder, as opposed to copying into it\n\n - Fixed a bug where rootless Podman commands could double-unlock a lock, causing a crash\n\n - Fixed a bug where Podman incorrectly set tmpcopyup on /dev/ mounts, causing errors when using the Kata containers runtime\n\n - Fixed a bug where podman exec would fail on older kernels\n\n - The podman commit command is now usable with the Podman remote client\n\n - The --signature-policy flag (used with several image-related commands) has been deprecated\n\n - The podman unshare command now defines two environment variables in the spawned shell: CONTAINERS_RUNROOT and CONTAINERS_GRAPHROOT, pointing to temporary and permanent storage for rootless containers\n\n - Updated vendored containers/storage and containers/image libraries with numerous bugfixes\n\n - Updated vendored Buildah to v1.8.3\n\n - Podman now requires Conmon v0.2.0\n\n - The podman cp command is now aliased as podman container cp\n\n - Rootless Podman will now default init_path using root Podman's configuration files (/etc/containers/libpod.conf and /usr/share/containers/libpod.conf) if not overridden in the rootless configuration\n\n - Update to image v1.5.1\n\n - Vendor in latest containers/storage\n\n - docker/docker_client: Drop redundant Domain(ref.ref) call\n\n - pkg/blobinfocache: Split implementations into subpackages\n\n - copy: progress bar: show messages on completion\n\n - docs: rename manpages to *.5.command\n\n - add container-certs.d.md manpage\n\n - pkg/docker/config: Bring auth tests from docker/docker_client_test\n\n - Don't allocate a sync.Mutex separately\n\nUpdate to storage v1.12.10 :\n\n - Add function to parse out mount options from graphdriver\n\n - Merge the disparate parts of all of the Unix-like lockfiles\n\n - Fix unix-but-not-Linux compilation\n\n - Return XDG_RUNTIME_DIR as RootlessRuntimeDir if set\n\n - Cherry-pick moby/moby #39292 for CVE-2018-15664 fixes\n\n - lockfile: add RecursiveLock() API\n\n - Update generated files\n\n - Fix crash on tesing of aufs code\n\n - Let consumers know when Layers and Images came from read-only stores\n\n - chown: do not change owner for the mountpoint\n\n - locks: correctly mark updates to the layers list\n\n - CreateContainer: don't worry about mapping layers unless necessary\n\n - docs: fix manpage for containers-storage.conf\n\n - docs: sort configuration options alphabetically\n\n - docs: document OSTree file deduplication\n\n - Add missing options to man page for containers-storage\n\n - overlay: use the layer idmapping if present\n\n - vfs: prefer layer custom idmappings\n\n - layers: propagate down the idmapping settings\n\n - Recreate symlink when not found\n\n - docs: fix manpage for configuration file\n\n - docs: add special handling for manpages in sect 5\n\n - overlay: fix single-lower test\n\n - Recreate symlink when not found\n\n - overlay: propagate errors from mountProgram\n\n - utils: root in a userns uses global conf file\n\n - Fix handling of additional stores\n\n - Correctly check permissions on rootless directory\n\n - Fix possible integer overflow on 32bit builds\n\n - Evaluate device path for lvm\n\n - lockfile test: make concurrent RW test determinisitc\n\n - lockfile test: make concurrent read tests deterministic\n\n - drivers.DirCopy: fix filemode detection\n\n - storage: move the logic to detect rootless into utils.go\n\n - Don't set (struct flock).l_pid\n\n - Improve documentation of getLockfile\n\n - Rename getLockFile to createLockerForPath, and document it\n\n - Add FILES section to containers-storage.5 man page\n\n - add digest locks\n\n - drivers/copy: add a non-cgo fallback\n\nslirp4netns was updated to 0.3.0 :\n\n - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() (bsc#1123156)\n\nThis update also includes :\n\n - fuse3 and fuse-overlayfs to support rootless containers.\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", "cvss3": {}, "published": "2019-09-03T00:00:00", "type": "nessus", "title": "openSUSE Security Update : podman / slirp4netns and libcontainers-common (openSUSE-2019-2044)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15664", "CVE-2019-10152", "CVE-2019-6778"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:fuse-overlayfs", "p-cpe:/a:novell:opensuse:fuse-overlayfs-debuginfo", "p-cpe:/a:novell:opensuse:fuse-overlayfs-debugsource", "p-cpe:/a:novell:opensuse:fuse3", "p-cpe:/a:novell:opensuse:fuse3-debuginfo", "p-cpe:/a:novell:opensuse:fuse3-debugsource", "p-cpe:/a:novell:opensuse:fuse3-devel", "p-cpe:/a:novell:opensuse:libcontainers-common", "p-cpe:/a:novell:opensuse:libfuse3-3", "p-cpe:/a:novell:opensuse:libfuse3-3-debuginfo", "p-cpe:/a:novell:opensuse:podman", "p-cpe:/a:novell:opensuse:podman-cni-config", "p-cpe:/a:novell:opensuse:slirp4netns", "p-cpe:/a:novell:opensuse:slirp4netns-debuginfo", "p-cpe:/a:novell:opensuse:slirp4netns-debugsource", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2019-2044.NASL", "href": "https://www.tenable.com/plugins/nessus/128458", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2044.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128458);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2018-15664\", \"CVE-2019-10152\", \"CVE-2019-6778\");\n\n script_name(english:\"openSUSE Security Update : podman / slirp4netns and libcontainers-common (openSUSE-2019-2044)\");\n script_summary(english:\"Check for the openSUSE-2019-2044 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This is a version update for podman to version 1.4.4 (bsc#1143386).\n\nAdditional changes by SUSE on top :\n\n - Remove fuse-overlayfs because it's (currently) an\n unsatisfied dependency on SLE (bsc#1143386)\n\n - Update libpod.conf to use correct infra_command\n\n - Update libpod.conf to use better versioned pause\n container\n\n - Update libpod.conf to use official kubic pause container\n\n - Update libpod.conf to match latest features set:\n detach_keys, lock_type, runtime_supports_json\n\n - Add podman-remote varlink client\n\nVersion update podman to v1.4.4 :\n\n - Features\n\n - Podman now has greatly improved support for containers\n using multiple OCI runtimes. Containers now remember if\n they were created with a different runtime using\n --runtime and will always use that runtime\n\n - The cached and delegated options for volume mounts are\n now allowed for Docker compatability (#3340)\n\n - The podman diff command now supports the --latest flag\n\n - Bugfixes\n\n - Fixed a bug where rootless Podman would attempt to use\n the entire root configuration if no rootless\n configuration was present for the user, breaking\n rootless Podman for new installations\n\n - Fixed a bug where rootless Podman's pause process would\n block SIGTERM, preventing graceful system shutdown and\n hanging until the system's init send SIGKILL\n\n - Fixed a bug where running Podman as root with sudo -E\n would not work after running rootless Podman at least\n once\n\n - Fixed a bug where options for tmpfs volumes added with\n the --tmpfs flag were being ignored\n\n - Fixed a bug where images with no layers could not\n properly be displayed and removed by Podman\n\n - Fixed a bug where locks were not properly freed on\n failure to create a container or pod\n\n - Fixed a bug where podman cp on a single file would\n create a directory at the target and place the file in\n it (#3384)\n\n - Fixed a bug where podman inspect --format '((.Mounts))'\n would print a hexadecimal address instead of a\n container's mounts\n\n - Fixed a bug where rootless Podman would not add an entry\n to container's /etc/hosts files for their own hostname\n (#3405)\n\n - Fixed a bug where podman ps --sync would segfault\n (#3411)\n\n - Fixed a bug where podman generate kube would produce an\n invalid ports configuration (#3408)\n\n - Misc\n\n - Updated containers/storage to v1.12.13\n\n - Podman now performs much better on systems with heavy\n I/O load\n\n - The --cgroup-manager flag to podman now shows the\n correct default setting in help if the default was\n overridden by libpod.conf\n\n - For backwards compatability, setting\n --log-driver=json-file in podman run is now supported as\n an alias for --log-driver=k8s-file. This is considered\n deprecated, and json-file will be moved to a new\n implementation in the future\n ([#3363](https://github.com/containers/libpo\\\n d/issues/3363))\n\n - Podman's default libpod.conf file now allows the crun\n OCI runtime to be used if it is installed\n\nUpdate podman to v1.4.2 :\n\n - Fixed a bug where Podman could not run containers using\n an older version of Systemd as init\n\n - Updated vendored Buildah to v1.9.0 to resolve a critical\n bug with Dockerfile RUN instructions\n\n - The error message for running podman kill on containers\n that are not running has been improved\n\n - Podman remote client can now log to a file if syslog is\n not available\n\n - The podman exec command now sets its error code\n differently based on whether the container does not\n exist, and the command in the container does not exist\n\n - The podman inspect command on containers now outputs\n Mounts JSON that matches that of docker inspect, only\n including user-specified volumes and differentiating\n bind mounts and named volumes\n\n - The podman inspect command now reports the path to a\n container's OCI spec with the OCIConfigPath key (only\n included when the container is initialized or running)\n\n - The podman run --mount command now supports the\n bind-nonrecursive option for bind mounts\n\n - Fixed a bug where podman play kube would fail to create\n containers due to an unspecified log driver\n\n - Fixed a bug where Podman would fail to build with musl\n libc\n\n - Fixed a bug where rootless Podman using slirp4netns\n networking in an environment with no nameservers on the\n host other than localhost would result in nonfunctional\n networking\n\n - Fixed a bug where podman import would not properly set\n environment variables, discarding their values and\n retaining only keys\n\n - Fixed a bug where Podman would fail to run when built\n with Apparmor support but run on systems without the\n Apparmor kernel module loaded\n\n - Remote Podman will now default the username it uses to\n log in to remote systems to the username of the current\n user\n\n - Podman now uses JSON logging with OCI runtimes that\n support it, allowing for better error reporting\n\n - Updated vendored containers/image to v2.0\n\n - Update conmon to v0.3.0\n\n - Support OOM Monitor under cgroup V2\n\n - Add config binary and make target for configuring conmon\n with a go library for importing values\n\nUpdated podman to version 1.4.0 (bsc#1137860) and (bsc#1135460) \n\n - Podman checkpoint and podman restore commands can now be\n used to migrate containers between Podman installations\n on different systems.\n\n - The podman cp now supports pause flag.\n\n - The remote client now supports a configuration file for\n pre-configuring connections to remote Podman\n installations\n\n - CVE-2019-10152: Fixed an iproper dereference of symlinks\n of the the podman cp command which introduced in version\n 1.1.0 (bsc#1136974).\n\n - Fixed a bug where podman commit could improperly set\n environment variables that contained = characters\n\n - Fixed a bug where rootless podman would sometimes fail\n to start containers with forwarded ports\n\n - Fixed a bug where podman version on the remote client\n could segfault\n\n - Fixed a bug where podman container runlabel would use\n /proc/self/exe instead of the path of the Podman command\n when printing the command being executed\n\n - Fixed a bug where filtering images by label did not work\n\n - Fixed a bug where specifying a bing mount or tmpfs mount\n over an image volume would cause a container to be\n unable to start\n\n - Fixed a bug where podman generate kube did not work with\n containers with named volumes\n\n - Fixed a bug where rootless podman would receive\n permission denied errors accessing conmon.pid\n\n - Fixed a bug where podman cp with a folder specified as\n target would replace the folder, as opposed to copying\n into it\n\n - Fixed a bug where rootless Podman commands could\n double-unlock a lock, causing a crash\n\n - Fixed a bug where podman incorrectly set tmpcopyup on\n /dev/ mounts, causing errors when using the Kata\n containers runtime\n\n - Fixed a bug where podman exec would fail on older\n kernels\n\n - Podman commit command is now usable with the Podman\n remote client\n\n - Signature-policy flag has been deprecated\n\n - Updated vendored containers/storage and containers/image\n libraries with numerous bugfixes\n\n - Updated vendored Buildah to v1.8.3\n\n - Podman now requires Conmon v0.2.0\n\n - The podman cp command is now aliased as podman container\n cp\n\n - Rootless podman will now default init_path using root\n Podman's configuration files\n (/etc/containers/libpod.conf and\n /usr/share/containers/libpod.conf) if not overridden in\n the rootless configuration\n\n - Added fuse-overlayfs dependency to support overlay based\n rootless image manipulations\n\n - The podman cp command can now read input redirected to\n STDIN, and output to STDOUT instead of a file, using -\n instead of an argument.\n\n - The podman remote client now displays version\n information from both the client and server in podman\n version\n\n - The podman unshare command has been added, allowing easy\n entry into the user namespace set up by rootless Podman\n (allowing the removal of files created by rootless\n podman, among other things)\n\n - Fixed a bug where Podman containers with the --rm flag\n were removing created volumes when they were\n automatically removed\n\n - Fixed a bug where container and pod locks were\n incorrectly marked as released after a system reboot,\n causing errors on container and pod removal\n\n - Fixed a bug where Podman pods could not be removed if\n any container in the pod encountered an error during\n removal\n\n - Fixed a bug where Podman pods run with the cgroupfs\n CGroup driver would encounter a race condition during\n removal, potentially failing to remove the pod CGroup\n\n - Fixed a bug where the podman container checkpoint and\n podman container restore commands were not visible in\n the remote client\n\n - Fixed a bug where podman remote ps --ns would not print\n the container's namespaces\n\n - Fixed a bug where removing stopped containers with\n healthchecks could cause an error\n\n - Fixed a bug where the default libpod.conf file was\n causing parsing errors\n\n - Fixed a bug where pod locks were not being freed when\n pods were removed, potentially leading to lock\n exhaustion\n\n - Fixed a bug where 'podman run' with SD_NOTIFY set could,\n on short-running containers, create an inconsistent\n state rendering the container unusable\n\n - The remote Podman client now uses the Varlink bridge to\n establish remote connections by default\n\n - Fixed an issue with apparmor_parser (bsc#1123387)\n\n - Update to libpod v1.4.0 (bsc#1137860) :\n\n - The podman checkpoint and podman restore commands can\n now be used to migrate containers between Podman\n installations on different systems\n\n - The podman cp command now supports a pause flag to pause\n containers while copying into them\n\n - The remote client now supports a configuration file for\n pre-configuring connections to remote Podman\n installations\n\n - Fixed CVE-2019-10152 - The podman cp command improperly\n dereferenced symlinks in host context\n\n - Fixed a bug where podman commit could improperly set\n environment variables that contained = characters\n\n - Fixed a bug where rootless Podman would sometimes fail\n to start containers with forwarded ports\n\n - Fixed a bug where podman version on the remote client\n could segfault\n\n - Fixed a bug where podman container runlabel would use\n /proc/self/exe instead of the path of the Podman command\n when printing the command being executed\n\n - Fixed a bug where filtering images by label did not work\n\n - Fixed a bug where specifying a bing mount or tmpfs mount\n over an image volume would cause a container to be\n unable to start\n\n - Fixed a bug where podman generate kube did not work with\n containers with named volumes\n\n - Fixed a bug where rootless Podman would receive\n permission denied errors accessing conmon.pid\n\n - Fixed a bug where podman cp with a folder specified as\n target would replace the folder, as opposed to copying\n into it\n\n - Fixed a bug where rootless Podman commands could\n double-unlock a lock, causing a crash\n\n - Fixed a bug where Podman incorrectly set tmpcopyup on\n /dev/ mounts, causing errors when using the Kata\n containers runtime\n\n - Fixed a bug where podman exec would fail on older\n kernels\n\n - The podman commit command is now usable with the Podman\n remote client\n\n - The --signature-policy flag (used with several\n image-related commands) has been deprecated\n\n - The podman unshare command now defines two environment\n variables in the spawned shell: CONTAINERS_RUNROOT and\n CONTAINERS_GRAPHROOT, pointing to temporary and\n permanent storage for rootless containers\n\n - Updated vendored containers/storage and containers/image\n libraries with numerous bugfixes\n\n - Updated vendored Buildah to v1.8.3\n\n - Podman now requires Conmon v0.2.0\n\n - The podman cp command is now aliased as podman container\n cp\n\n - Rootless Podman will now default init_path using root\n Podman's configuration files\n (/etc/containers/libpod.conf and\n /usr/share/containers/libpod.conf) if not overridden in\n the rootless configuration\n\n - Update to image v1.5.1\n\n - Vendor in latest containers/storage\n\n - docker/docker_client: Drop redundant Domain(ref.ref)\n call\n\n - pkg/blobinfocache: Split implementations into\n subpackages\n\n - copy: progress bar: show messages on completion\n\n - docs: rename manpages to *.5.command\n\n - add container-certs.d.md manpage\n\n - pkg/docker/config: Bring auth tests from\n docker/docker_client_test\n\n - Don't allocate a sync.Mutex separately\n\nUpdate to storage v1.12.10 :\n\n - Add function to parse out mount options from graphdriver\n\n - Merge the disparate parts of all of the Unix-like\n lockfiles\n\n - Fix unix-but-not-Linux compilation\n\n - Return XDG_RUNTIME_DIR as RootlessRuntimeDir if set\n\n - Cherry-pick moby/moby #39292 for CVE-2018-15664 fixes\n\n - lockfile: add RecursiveLock() API\n\n - Update generated files\n\n - Fix crash on tesing of aufs code\n\n - Let consumers know when Layers and Images came from\n read-only stores\n\n - chown: do not change owner for the mountpoint\n\n - locks: correctly mark updates to the layers list\n\n - CreateContainer: don't worry about mapping layers unless\n necessary\n\n - docs: fix manpage for containers-storage.conf\n\n - docs: sort configuration options alphabetically\n\n - docs: document OSTree file deduplication\n\n - Add missing options to man page for containers-storage\n\n - overlay: use the layer idmapping if present\n\n - vfs: prefer layer custom idmappings\n\n - layers: propagate down the idmapping settings\n\n - Recreate symlink when not found\n\n - docs: fix manpage for configuration file\n\n - docs: add special handling for manpages in sect 5\n\n - overlay: fix single-lower test\n\n - Recreate symlink when not found\n\n - overlay: propagate errors from mountProgram\n\n - utils: root in a userns uses global conf file\n\n - Fix handling of additional stores\n\n - Correctly check permissions on rootless directory\n\n - Fix possible integer overflow on 32bit builds\n\n - Evaluate device path for lvm\n\n - lockfile test: make concurrent RW test determinisitc\n\n - lockfile test: make concurrent read tests deterministic\n\n - drivers.DirCopy: fix filemode detection\n\n - storage: move the logic to detect rootless into utils.go\n\n - Don't set (struct flock).l_pid\n\n - Improve documentation of getLockfile\n\n - Rename getLockFile to createLockerForPath, and document\n it\n\n - Add FILES section to containers-storage.5 man page\n\n - add digest locks\n\n - drivers/copy: add a non-cgo fallback\n\nslirp4netns was updated to 0.3.0 :\n\n - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu()\n (bsc#1123156)\n\nThis update also includes :\n\n - fuse3 and fuse-overlayfs to support rootless containers.\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1096726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123387\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137860\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1143386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/327821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/containers/libpo\\\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected podman / slirp4netns and libcontainers-common packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15664\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fuse-overlayfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fuse-overlayfs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fuse-overlayfs-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fuse3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fuse3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fuse3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fuse3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcontainers-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfuse3-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfuse3-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:podman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:podman-cni-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:slirp4netns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:slirp4netns-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:slirp4netns-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"fuse-overlayfs-0.4.1-lp151.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"fuse-overlayfs-debuginfo-0.4.1-lp151.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"fuse-overlayfs-debugsource-0.4.1-lp151.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"fuse3-3.6.1-lp151.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"fuse3-debuginfo-3.6.1-lp151.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"fuse3-debugsource-3.6.1-lp151.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"fuse3-devel-3.6.1-lp151.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libcontainers-common-20190401-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libfuse3-3-3.6.1-lp151.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libfuse3-3-debuginfo-3.6.1-lp151.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"podman-1.4.4-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"podman-cni-config-1.4.4-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"slirp4netns-0.3.0-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"slirp4netns-debuginfo-0.3.0-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"slirp4netns-debugsource-0.3.0-lp151.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fuse-overlayfs / fuse-overlayfs-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:32:35", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568)\n\n* kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* kernel build: parallelize redhat/mod-sign.sh (BZ#1755325)", "cvss3": {}, "published": "2019-12-12T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2019:4164)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-13405", "CVE-2018-9568", "CVE-2019-5489"], "modified": "2019-12-16T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7.2"], "id": "REDHAT-RHSA-2019-4164.NASL", "href": "https://www.tenable.com/plugins/nessus/131981", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:4164. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131981);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/16\");\n\n script_cve_id(\"CVE-2018-13405\", \"CVE-2018-9568\", \"CVE-2019-5489\");\n script_xref(name:\"RHSA\", value:\"2019:4164\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2019:4164)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.2\nAdvanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended\nUpdate Support, and Red Hat Enterprise Linux 7.2 Update Services for\nSAP Solutions.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* kernel: Memory corruption due to incorrect socket cloning\n(CVE-2018-9568)\n\n* kernel: Missing check in fs/inode.c:inode_init_owner() does not\nclear SGID bit on non-directories for non-members (CVE-2018-13405)\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* kernel build: parallelize redhat/mod-sign.sh (BZ#1755325)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:4164\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-9568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-13405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-5489\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.2\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-13405\", \"CVE-2018-9568\", \"CVE-2019-5489\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:4164\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:4164\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-3.10.0-327.83.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", reference:\"kernel-abi-whitelists-3.10.0-327.83.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-327.83.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-327.83.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-327.83.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-327.83.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-327.83.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-327.83.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", reference:\"kernel-doc-3.10.0-327.83.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-327.83.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-327.83.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-327.83.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-327.83.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-327.83.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"perf-3.10.0-327.83.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-327.83.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-327.83.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-327.83.1.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:28:58", "description": "An update for kernel-alt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-alt packages provide the Linux kernel version 4.x.\n\nSecurity Fix(es) :\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\n* Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)\n\n* kernel: broken permission and object lifetime handling for PTRACE_TRACEME (CVE-2019-13272)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* [kernel-alt]: BUG: unable to handle kernel NULL pointer IP:\ncrypto_remove_spawns+0x118/0x2e0 (BZ#1536967)\n\n* [HPE Apache] update ssif max_xmit_msg_size limit for multi-part messages (BZ#1610534)\n\n* RHEL-Alt-7.6 - powerpc/pseries: Fix uninitialized timer reset on migration / powerpc/pseries/mobility: Extend start/stop topology update scope (LPM) (BZ #1673613)\n\n* RHEL-Alt-7.6 - s390: sha3_generic module fails and triggers panic when in FIPS mode (BZ#1673979)\n\n* RHEL-Alt-7.6 - System crashed after oom - During ICP deployment (BZ# 1710304)\n\n* kernel-alt: Race condition in hashtables [rhel-alt-7.6.z] (BZ#1712127)\n\n* RHEL-Alt-7.6 - OP930:PM_Test:cpupower -r command set values for first 3 cores in quad and misses last core. (CORAL) (BZ#1717836)\n\n* RHEL-Alt-7.6 - disable runtime NUMA remapping for PRRN/LPM/VPHN (BZ# 1717906)\n\n* fragmented packets timing out (BZ#1729066)\n\n* Backport TCP follow-up for small buffers (BZ#1733617)\n\nEnhancement(s) :\n\n* RHEL-Alt-7.6 - perfevent PMDA cannot create file descriptors for reading nest events using the perf API (pcp/kernel) (CORAL) (BZ#1723036)", "cvss3": {}, "published": "2019-09-23T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-alt (RHSA-2019:2809)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13272", "CVE-2019-5489", "CVE-2019-6974"], "modified": "2023-01-20T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-2809.NASL", "href": "https://www.tenable.com/plugins/nessus/129145", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2809. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129145);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/20\");\n\n script_cve_id(\"CVE-2019-5489\", \"CVE-2019-6974\", \"CVE-2019-13272\");\n script_xref(name:\"RHSA\", value:\"2019:2809\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/10\");\n\n script_name(english:\"RHEL 7 : kernel-alt (RHSA-2019:2809)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel-alt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-alt packages provide the Linux kernel version 4.x.\n\nSecurity Fix(es) :\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\n* Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()\n(CVE-2019-6974)\n\n* kernel: broken permission and object lifetime handling for\nPTRACE_TRACEME (CVE-2019-13272)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* [kernel-alt]: BUG: unable to handle kernel NULL pointer IP:\ncrypto_remove_spawns+0x118/0x2e0 (BZ#1536967)\n\n* [HPE Apache] update ssif max_xmit_msg_size limit for multi-part\nmessages (BZ#1610534)\n\n* RHEL-Alt-7.6 - powerpc/pseries: Fix uninitialized timer reset on\nmigration / powerpc/pseries/mobility: Extend start/stop topology\nupdate scope (LPM) (BZ #1673613)\n\n* RHEL-Alt-7.6 - s390: sha3_generic module fails and triggers panic\nwhen in FIPS mode (BZ#1673979)\n\n* RHEL-Alt-7.6 - System crashed after oom - During ICP deployment (BZ#\n1710304)\n\n* kernel-alt: Race condition in hashtables [rhel-alt-7.6.z]\n(BZ#1712127)\n\n* RHEL-Alt-7.6 - OP930:PM_Test:cpupower -r command set values for\nfirst 3 cores in quad and misses last core. (CORAL) (BZ#1717836)\n\n* RHEL-Alt-7.6 - disable runtime NUMA remapping for PRRN/LPM/VPHN (BZ#\n1717906)\n\n* fragmented packets timing out (BZ#1729066)\n\n* Backport TCP follow-up for small buffers (BZ#1733617)\n\nEnhancement(s) :\n\n* RHEL-Alt-7.6 - perfevent PMDA cannot create file descriptors for\nreading nest events using the perf API (pcp/kernel) (CORAL)\n(BZ#1723036)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:2809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-5489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-6974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-13272\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13272\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-6974\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-13272\", \"CVE-2019-5489\", \"CVE-2019-6974\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:2809\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2809\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-4.14.0-115.12.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-4.14.0-115.12.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-4.14.0-115.12.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-4.14.0-115.12.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-4.14.0-115.12.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-4.14.0-115.12.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-4.14.0-115.12.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-4.14.0-115.12.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-4.14.0-115.12.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-4.14.0-115.12.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-4.14.0-115.12.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-4.14.0-115.12.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-4.14.0-115.12.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-4.14.0-115.12.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-4.14.0-115.12.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-4.14.0-115.12.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-4.14.0-115.12.1.el7a\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:30:26", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4808 advisory.\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (CVE-2019-14821)\n\n - In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. (CVE-2019-14283)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation.\n NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139. (CVE-2019-15239)\n\n - An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in\n __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation. (CVE-2019-15666)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-10-02T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4808)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14283", "CVE-2019-14821", "CVE-2019-15239", "CVE-2019-15666"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2019-4808.NASL", "href": "https://www.tenable.com/plugins/nessus/129515", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4808.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129515);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2019-14283\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4808)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2019-4808 advisory.\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux\n kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer\n 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be\n supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm'\n device could use this flaw to crash the host kernel, resulting in a denial of service or potentially\n escalating privileges on the system. (CVE-2019-14821)\n\n - In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and\n head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an\n unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by\n default. (CVE-2019-14283)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12,\n was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was\n potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by\n adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple\n use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation.\n NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or\n 4.14.x longterm kernels before 4.14.139. (CVE-2019-15239)\n\n - An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in\n __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in\n net/xfrm/xfrm_user.c mishandles directory validation. (CVE-2019-15666)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4808.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15239\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.32.1.el6uek', '4.1.12-124.32.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4808');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.32.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.32.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.32.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.32.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.32.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.32.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.32.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.32.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.32.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.32.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.32.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.32.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:45", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The Linux kernel before 5.1-rc5 allows page-i1/4z_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.(CVE-2019-11487)\n\n - A flaw was found in the Linux kernel's implementation of ext4 extent management. The kernel doesn't correctly initialize memory regions in the extent tree block which may be exported to a local user to obtain sensitive information by reading empty/uninitialized data from the filesystem.(CVE-2019-11833)\n\n - A flaw was found in the Linux kernel's implementation of the Bluetooth Human Interface Device Protocol (HIDP). A local attacker with access permissions to the Bluetooth device can issue an IOCTL which will trigger the do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c.c. This function can leak potentially sensitive information from the kernel stack memory via a HIDPCONNADD command because a name field may not be correctly NULL terminated.(CVE-2019-11884)\n\n - An information leakage issue was found in the way Linux kernel's KVM hypervisor handled page fault exceptions while emulating instructions like VMXON, VMCLEAR, VMPTRLD, and VMWRITE with memory address as an operand.\n It occurs if the operand is a mmio address, as the returned exception object holds uninitialized stack memory contents. A guest user/process could use this flaw to leak host's stack memory contents to a guest.(CVE-2019-7222)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1793)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11487", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-7222"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:kernel-debug-devel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1793.NASL", "href": "https://www.tenable.com/plugins/nessus/127564", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127564);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-11487\",\n \"CVE-2019-11833\",\n \"CVE-2019-11884\",\n \"CVE-2019-7222\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1793)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The Linux kernel before 5.1-rc5 allows\n page-i1/4z_refcount reference count overflow, with\n resultant use-after-free issues, if about 140 GiB of\n RAM exists. This is related to fs/fuse/dev.c,\n fs/pipe.c, fs/splice.c, include/linux/mm.h,\n include/linux/pipe_fs_i.h, kernel/trace/trace.c,\n mm/gup.c, and mm/hugetlb.c. It can occur with FUSE\n requests.(CVE-2019-11487)\n\n - A flaw was found in the Linux kernel's implementation\n of ext4 extent management. The kernel doesn't correctly\n initialize memory regions in the extent tree block\n which may be exported to a local user to obtain\n sensitive information by reading empty/uninitialized\n data from the filesystem.(CVE-2019-11833)\n\n - A flaw was found in the Linux kernel's implementation\n of the Bluetooth Human Interface Device Protocol\n (HIDP). A local attacker with access permissions to the\n Bluetooth device can issue an IOCTL which will trigger\n the do_hidp_sock_ioctl function in\n net/bluetooth/hidp/sock.c.c. This function can leak\n potentially sensitive information from the kernel stack\n memory via a HIDPCONNADD command because a name field\n may not be correctly NULL terminated.(CVE-2019-11884)\n\n - An information leakage issue was found in the way Linux\n kernel's KVM hypervisor handled page fault exceptions\n while emulating instructions like VMXON, VMCLEAR,\n VMPTRLD, and VMWRITE with memory address as an operand.\n It occurs if the operand is a mmio address, as the\n returned exception object holds uninitialized stack\n memory contents. A guest user/process could use this\n flaw to leak host's stack memory contents to a\n guest.(CVE-2019-7222)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1793\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7949efef\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.62.59.83.h167\",\n \"kernel-debug-3.10.0-327.62.59.83.h167\",\n \"kernel-debug-devel-3.10.0-327.62.59.83.h167\",\n \"kernel-debuginfo-3.10.0-327.62.59.83.h167\",\n \"kernel-debuginfo-common-x86_64-3.10.0-327.62.59.83.h167\",\n \"kernel-devel-3.10.0-327.62.59.83.h167\",\n \"kernel-headers-3.10.0-327.62.59.83.h167\",\n \"kernel-tools-3.10.0-327.62.59.83.h167\",\n \"kernel-tools-libs-3.10.0-327.62.59.83.h167\",\n \"perf-3.10.0-327.62.59.83.h167\",\n \"python-perf-3.10.0-327.62.59.83.h167\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:26:52", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11477)\n\n - Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478)\n\n - Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479)\n\n - A flaw was found in the Linux kernel's implementation of ext4 extent management. The kernel doesn't correctly initialize memory regions in the extent tree block which may be exported to a local user to obtain sensitive information by reading empty/uninitialized data from the filesystem.(CVE-2019-11833)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-07-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1692)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11833"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1692.NASL", "href": "https://www.tenable.com/plugins/nessus/126433", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126433);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-11477\",\n \"CVE-2019-11478\",\n \"CVE-2019-11479\",\n \"CVE-2019-11833\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0456\");\n\n script_name(english:\"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1692)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An integer overflow flaw was found in the way the Linux\n kernel's networking subsystem processed TCP Selective\n Acknowledgment (SACK) segments. While processing SACK\n segments, the Linux kernel's socket buffer (SKB) data\n structure becomes fragmented. Each fragment is about\n TCP maximum segment size (MSS) bytes. To efficiently\n process SACK blocks, the Linux kernel merges multiple\n fragmented SKBs into one, potentially overflowing the\n variable holding the number of segments. A remote\n attacker could use this flaw to crash the Linux kernel\n by sending a crafted sequence of SACK segments on a TCP\n connection with small value of TCP MSS, resulting in a\n denial of service (DoS). (CVE-2019-11477)\n\n - Kernel: tcp: excessive resource consumption while\n processing SACK blocks allows remote denial of service\n (CVE-2019-11478)\n\n - Kernel: tcp: excessive resource consumption for TCP\n connections with low MSS allows remote denial of\n service (CVE-2019-11479)\n\n - A flaw was found in the Linux kernel's implementation\n of ext4 extent management. The kernel doesn't correctly\n initialize memory regions in the extent tree block\n which may be exported to a local user to obtain\n sensitive information by reading empty/uninitialized\n data from the filesystem.(CVE-2019-11833)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1692\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1fe75cb5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11833\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.0.h197.eulerosv2r7\",\n \"kernel-debuginfo-3.10.0-862.14.1.0.h197.eulerosv2r7\",\n \"kernel-debuginfo-common-x86_64-3.10.0-862.14.1.0.h197.eulerosv2r7\",\n \"kernel-devel-3.10.0-862.14.1.0.h197.eulerosv2r7\",\n \"kernel-headers-3.10.0-862.14.1.0.h197.eulerosv2r7\",\n \"kernel-tools-3.10.0-862.14.1.0.h197.eulerosv2r7\",\n \"kernel-tools-libs-3.10.0-862.14.1.0.h197.eulerosv2r7\",\n \"perf-3.10.0-862.14.1.0.h197.eulerosv2r7\",\n \"python-perf-3.10.0-862.14.1.0.h197.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:27:05", "description": "USN-4068-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 for Ubuntu 16.04 LTS.\n\nAdam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2019-11085)\n\nIt was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2019-11815)\n\nIt was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833)\n\nIt was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory).\n(CVE-2019-11884).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-07-23T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-4068-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11085", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-4068-2.NASL", "href": "https://www.tenable.com/plugins/nessus/126949", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4068-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126949);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2019-11085\", \"CVE-2019-11815\", \"CVE-2019-11833\", \"CVE-2019-11884\");\n script_xref(name:\"USN\", value:\"4068-2\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-4068-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-4068-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 18.04 for Ubuntu 16.04\nLTS.\n\nAdam Zabrocki discovered that the Intel i915 kernel mode graphics\ndriver in the Linux kernel did not properly restrict mmap() ranges in\nsome situations. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2019-11085)\n\nIt was discovered that a race condition leading to a use-after-free\nexisted in the Reliable Datagram Sockets (RDS) protocol implementation\nin the Linux kernel. The RDS protocol is blacklisted by default in\nUbuntu. If enabled, a local attacker could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2019-11815)\n\nIt was discovered that the ext4 file system implementation in the\nLinux kernel did not properly zero out memory in some situations. A\nlocal attacker could use this to expose sensitive information (kernel\nmemory). (CVE-2019-11833)\n\nIt was discovered that the Bluetooth Human Interface Device Protocol\n(HIDP) implementation in the Linux kernel did not properly verify\nstrings were NULL terminated in certain situations. A local attacker\ncould use this to expose sensitive information (kernel memory).\n(CVE-2019-11884).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4068-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-11085\", \"CVE-2019-11815\", \"CVE-2019-11833\", \"CVE-2019-11884\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4068-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1037-gcp\", pkgver:\"4.15.0-1037.39~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-55-generic\", pkgver:\"4.15.0-55.60~16.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-55-generic-lpae\", pkgver:\"4.15.0-55.60~16.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-55-lowlatency\", pkgver:\"4.15.0-55.60~16.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gcp\", pkgver:\"4.15.0.1037.51\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-hwe-16.04\", pkgver:\"4.15.0.55.76\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-hwe-16.04\", pkgver:\"4.15.0.55.76\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gke\", pkgver:\"4.15.0.1037.51\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-hwe-16.04\", pkgver:\"4.15.0.55.76\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-oem\", pkgver:\"4.15.0.55.76\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual-hwe-16.04\", pkgver:\"4.15.0.55.76\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.15-gcp / linux-image-4.15-generic / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:46", "description": "Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2019-11085)\n\nIt was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2019-11815)\n\nIt was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833)\n\nIt was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory).\n(CVE-2019-11884).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-07-23T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4068-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11085", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-4068-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126948", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4068-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126948);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2019-11085\", \"CVE-2019-11815\", \"CVE-2019-11833\", \"CVE-2019-11884\");\n script_xref(name:\"USN\", value:\"4068-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4068-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Adam Zabrocki discovered that the Intel i915 kernel mode graphics\ndriver in the Linux kernel did not properly restrict mmap() ranges in\nsome situations. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2019-11085)\n\nIt was discovered that a race condition leading to a use-after-free\nexisted in the Reliable Datagram Sockets (RDS) protocol implementation\nin the Linux kernel. The RDS protocol is blacklisted by default in\nUbuntu. If enabled, a local attacker could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2019-11815)\n\nIt was discovered that the ext4 file system implementation in the\nLinux kernel did not properly zero out memory in some situations. A\nlocal attacker could use this to expose sensitive information (kernel\nmemory). (CVE-2019-11833)\n\nIt was discovered that the Bluetooth Human Interface Device Protocol\n(HIDP) implementation in the Linux kernel did not properly verify\nstrings were NULL terminated in certain situations. A local attacker\ncould use this to expose sensitive information (kernel memory).\n(CVE-2019-11884).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4068-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-11085\", \"CVE-2019-11815\", \"CVE-2019-11833\", \"CVE-2019-11884\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4068-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1018-oracle\", pkgver:\"4.15.0-1018.20\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1037-gcp\", pkgver:\"4.15.0-1037.39\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1039-kvm\", pkgver:\"4.15.0-1039.39\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1041-raspi2\", pkgver:\"4.15.0-1041.44\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1044-aws\", pkgver:\"4.15.0-1044.46\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1058-snapdragon\", pkgver:\"4.15.0-1058.64\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-55-generic\", pkgver:\"4.15.0-55.60\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-55-generic-lpae\", pkgver:\"4.15.0-55.60\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-55-lowlatency\", pkgver:\"4.15.0-55.60\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-aws\", pkgver:\"4.15.0.1044.43\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gcp\", pkgver:\"4.15.0.1037.39\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic\", pkgver:\"4.15.0.55.57\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.15.0.55.57\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.15.0.1039.39\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.15.0.55.57\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oracle\", pkgver:\"4.15.0.1018.21\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.15.0.1041.39\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.15.0.1058.61\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-virtual\", pkgver:\"4.15.0.55.57\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.15-aws / linux-image-4.15-gcp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:09", "description": "It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information.\n(CVE-2019-11599)\n\nIt was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833)\n\nIt was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory).\n(CVE-2019-11884).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-07-23T00:00:00", "type": "nessus", "title": "Ubuntu 19.04 : Linux kernel vulnerabilities (USN-4069-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11833", "CVE-2019-11884"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:19.04"], "id": "UBUNTU_USN-4069-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126950", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4069-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126950);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2019-11487\", \"CVE-2019-11599\", \"CVE-2019-11833\", \"CVE-2019-11884\");\n script_xref(name:\"USN\", value:\"4069-1\");\n\n script_name(english:\"Ubuntu 19.04 : Linux kernel vulnerabilities (USN-4069-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that an integer overflow existed in the Linux kernel\nwhen reference counting pages, leading to potential use-after-free\nissues. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel\nwhen performing core dumps. A local attacker could use this to cause a\ndenial of service (system crash) or expose sensitive information.\n(CVE-2019-11599)\n\nIt was discovered that the ext4 file system implementation in the\nLinux kernel did not properly zero out memory in some situations. A\nlocal attacker could use this to expose sensitive information (kernel\nmemory). (CVE-2019-11833)\n\nIt was discovered that the Bluetooth Human Interface Device Protocol\n(HIDP) implementation in the Linux kernel did not properly verify\nstrings were NULL terminated in certain situations. A local attacker\ncould use this to expose sensitive information (kernel memory).\n(CVE-2019-11884).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4069-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-11487\", \"CVE-2019-11599\", \"CVE-2019-11833\", \"CVE-2019-11884\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4069-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1011-aws\", pkgver:\"5.0.0-1011.12\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1011-gcp\", pkgver:\"5.0.0-1011.11\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1011-kvm\", pkgver:\"5.0.0-1011.12\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1012-azure\", pkgver:\"5.0.0-1012.12\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1013-raspi2\", pkgver:\"5.0.0-1013.13\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1017-snapdragon\", pkgver:\"5.0.0-1017.18\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-21-generic\", pkgver:\"5.0.0-21.22\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-21-generic-lpae\", pkgver:\"5.0.0-21.22\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-21-lowlatency\", pkgver:\"5.0.0-21.22\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-aws\", pkgver:\"5.0.0.1011.11\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-azure\", pkgver:\"5.0.0.1012.11\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-gcp\", pkgver:\"5.0.0.1011.11\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-generic\", pkgver:\"5.0.0.21.22\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"5.0.0.21.22\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-gke\", pkgver:\"5.0.0.1011.11\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-kvm\", pkgver:\"5.0.0.1011.11\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"5.0.0.21.22\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-raspi2\", pkgver:\"5.0.0.1013.10\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"5.0.0.1017.10\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-virtual\", pkgver:\"5.0.0.21.22\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-5.0-aws / linux-image-5.0-azure / linux-image-5.0-gcp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:10", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4729 advisory.\n\n - An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.\n (CVE-2018-20169)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (CVE-2019-11833)\n\n - ** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue.\n (CVE-2019-12378)\n\n - ** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL. (CVE-2019-12381)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4729)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20169", "CVE-2019-11833", "CVE-2019-12378", "CVE-2019-12381"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2019-4729.NASL", "href": "https://www.tenable.com/plugins/nessus/127613", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4729.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127613);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2018-20169\",\n \"CVE-2019-11833\",\n \"CVE-2019-12378\",\n \"CVE-2019-12381\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4729)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2019-4729 advisory.\n\n - An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during\n the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.\n (CVE-2018-20169)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the\n extent tree block, which might allow local users to obtain sensitive information by reading uninitialized\n data in the filesystem. (CVE-2019-11833)\n\n - ** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel\n through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of\n service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue.\n (CVE-2019-12378)\n\n - ** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel\n through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of\n service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used\n if it is NULL. (CVE-2019-12381)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4729.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20169\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.29.3.el6uek', '4.1.12-124.29.3.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4729');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.29.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.29.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.29.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.29.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.29.3.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.29.3.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.29.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.29.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.29.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.29.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.29.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.29.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:19:22", "description": "USN-4069-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.04.\nThis update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 19.04 for Ubuntu 18.04 LTS.\n\nIt was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information.\n(CVE-2019-11599)\n\nIt was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833)\n\nIt was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory).\n(CVE-2019-11884).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : linux-hwe vulnerabilities (USN-4069-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11833", "CVE-2019-11884"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-4069-2.NASL", "href": "https://www.tenable.com/plugins/nessus/127792", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4069-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127792);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2019-11487\", \"CVE-2019-11599\", \"CVE-2019-11833\", \"CVE-2019-11884\");\n script_xref(name:\"USN\", value:\"4069-2\");\n\n script_name(english:\"Ubuntu 18.04 LTS : linux-hwe vulnerabilities (USN-4069-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-4069-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.04.\nThis update provides the corresponding updates for the Linux Hardware\nEnablement (HWE) kernel from Ubuntu 19.04 for Ubuntu 18.04 LTS.\n\nIt was discovered that an integer overflow existed in the Linux kernel\nwhen reference counting pages, leading to potential use-after-free\nissues. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel\nwhen performing core dumps. A local attacker could use this to cause a\ndenial of service (system crash) or expose sensitive information.\n(CVE-2019-11599)\n\nIt was discovered that the ext4 file system implementation in the\nLinux kernel did not properly zero out memory in some situations. A\nlocal attacker could use this to expose sensitive information (kernel\nmemory). (CVE-2019-11833)\n\nIt was discovered that the Bluetooth Human Interface Device Protocol\n(HIDP) implementation in the Linux kernel did not properly verify\nstrings were NULL terminated in certain situations. A local attacker\ncould use this to expose sensitive information (kernel memory).\n(CVE-2019-11884).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4069-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-11487\", \"CVE-2019-11599\", \"CVE-2019-11833\", \"CVE-2019-11884\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4069-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-23-generic\", pkgver:\"5.0.0-23.24~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-23-generic-lpae\", pkgver:\"5.0.0-23.24~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-23-lowlatency\", pkgver:\"5.0.0-23.24~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-hwe-18.04\", pkgver:\"5.0.0.23.80\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-lpae-hwe-18.04\", pkgver:\"5.0.0.23.80\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-lowlatency-hwe-18.04\", pkgver:\"5.0.0.23.80\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-snapdragon-hwe-18.04\", pkgver:\"5.0.0.23.80\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-virtual-hwe-18.04\", pkgver:\"5.0.0.23.80\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-5.0-generic / linux-image-5.0-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:05", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\n* kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service (CVE-2017-17805)\n\n* kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks (CVE-2018-17972)\n\n* kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* OOPS with NULL pointer exception in v4l2_ctrl_query_menu when second arg of function is NULL (BZ#1647975)\n\n* Another RHEL 6 hang in congestion_wait() (BZ#1658254)\n\n* kernel crash after running user space script (BZ#1663262)\n\n* RHEL-6.10: Don't report the use of retpoline on Skylake as vulnerable (BZ# 1666102)\n\n* Bad pagetable: 000f '*pdpt = 0000000000000000 *pde = 0000000000000000' RHEL 6 32bit (BZ#1702782)\n\n* fs/binfmt_misc.c: do not allow offset overflow [6.10.z] (BZ#1710149)\n\n* Wrong spectre backport causing linux headers to break compilation of 3rd party packages (BZ#1722185)", "cvss3": {}, "published": "2019-08-14T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2019:2473)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17805", "CVE-2018-17972", "CVE-2019-1125", "CVE-2019-5489"], "modified": "2020-02-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2019-2473.NASL", "href": "https://www.tenable.com/plugins/nessus/127878", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2473. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127878);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/02/18\");\n\n script_cve_id(\"CVE-2017-17805\", \"CVE-2018-17972\", \"CVE-2019-1125\", \"CVE-2019-5489\");\n script_xref(name:\"RHSA\", value:\"2019:2473\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2019:2473)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\n* kernel: Salsa20 encryption algorithm does not correctly handle\nzero-length inputs allowing local attackers to cause denial-of-service\n(CVE-2017-17805)\n\n* kernel: Unprivileged users able to inspect kernel stacks of\narbitrary tasks (CVE-2018-17972)\n\n* kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* OOPS with NULL pointer exception in v4l2_ctrl_query_menu when second\narg of function is NULL (BZ#1647975)\n\n* Another RHEL 6 hang in congestion_wait() (BZ#1658254)\n\n* kernel crash after running user space script (BZ#1663262)\n\n* RHEL-6.10: Don't report the use of retpoline on Skylake as\nvulnerable (BZ# 1666102)\n\n* Bad pagetable: 000f '*pdpt = 0000000000000000 *pde =\n0000000000000000' RHEL 6 32bit (BZ#1702782)\n\n* fs/binfmt_misc.c: do not allow offset overflow [6.10.z] (BZ#1710149)\n\n* Wrong spectre backport causing linux headers to break compilation of\n3rd party packages (BZ#1722185)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/4329821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:2473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-17805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-17972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-1125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-5489\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-17805\", \"CVE-2018-17972\", \"CVE-2019-1125\", \"CVE-2019-5489\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:2473\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2473\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-abi-whitelists-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-debuginfo-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-debuginfo-2.6.32-754.18.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-754.18.2.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:10", "description": "Security Fix(es) :\n\n - Kernel: page cache side channel attacks (CVE-2019-5489)\n\n - kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service (CVE-2017-17805)\n\n - kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks (CVE-2018-17972)\n\n - kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n - OOPS with NULL pointer exception in v4l2_ctrl_query_menu when second arg of function is NULL (BZ#1647975)\n\n - Another RHEL 6 hang in congestion_wait() (BZ#1658254)\n\n - kernel crash after running user space script (BZ#1663262)\n\n - RHEL-6.10: Don't report the use of retpoline on Skylake as vulnerable (BZ#1666102)\n\n - Bad pagetable: 000f “*pdpt = 0000000000000000 *pde = 0000000000000000” RHEL 6 32bit (BZ#1702782)\n\n - fs/binfmt_misc.c: do not allow offset overflow [6.10.z] (BZ#1710149)\n\n - Wrong spectre backport causing linux headers to break compilation of 3rd party packages (BZ#1722185)", "cvss3": {}, "published": "2019-08-14T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20190813)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17805", "CVE-2018-17972", "CVE-2019-1125", "CVE-2019-5489"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-firmware", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20190813_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/127880", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127880);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2017-17805\", \"CVE-2018-17972\", \"CVE-2019-1125\", \"CVE-2019-5489\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20190813)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - Kernel: page cache side channel attacks (CVE-2019-5489)\n\n - kernel: Salsa20 encryption algorithm does not correctly\n handle zero-length inputs allowing local attackers to\n cause denial-of-service (CVE-2017-17805)\n\n - kernel: Unprivileged users able to inspect kernel stacks\n of arbitrary tasks (CVE-2018-17972)\n\n - kernel: hw: Spectre SWAPGS gadget vulnerability\n (CVE-2019-1125)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n - OOPS with NULL pointer exception in v4l2_ctrl_query_menu\n when second arg of function is NULL (BZ#1647975)\n\n - Another RHEL 6 hang in congestion_wait() (BZ#1658254)\n\n - kernel crash after running user space script\n (BZ#1663262)\n\n - RHEL-6.10: Don't report the use of retpoline on Skylake\n as vulnerable (BZ#1666102)\n\n - Bad pagetable: 000f “*pdpt =\n 0000000000000000 *pde =\n 0000000000000000” RHEL 6 32bit\n (BZ#1702782)\n\n - fs/binfmt_misc.c: do not allow offset overflow [6.10.z]\n (BZ#1710149)\n\n - Wrong spectre backport causing linux headers to break\n compilation of 3rd party packages (BZ#1722185)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1647975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1658254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1663262\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1666102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1702782\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1710149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1722185\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1908&L=SCIENTIFIC-LINUX-ERRATA&P=5322\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?612605fd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-754.18.2.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-abi-whitelists-2.6.32-754.18.2.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-754.18.2.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-debuginfo-2.6.32-754.18.2.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-754.18.2.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-2.6.32-754.18.2.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-common-i686-2.6.32-754.18.2.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-754.18.2.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-754.18.2.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-754.18.2.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-754.18.2.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-754.18.2.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-754.18.2.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-debuginfo-2.6.32-754.18.2.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-2.6.32-754.18.2.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-debuginfo-2.6.32-754.18.2.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:01", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\n* kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service (CVE-2017-17805)\n\n* kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks (CVE-2018-17972)\n\n* kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* OOPS with NULL pointer exception in v4l2_ctrl_query_menu when second arg of function is NULL (BZ#1647975)\n\n* Another RHEL 6 hang in congestion_wait() (BZ#1658254)\n\n* kernel crash after running user space script (BZ#1663262)\n\n* RHEL-6.10: Don't report the use of retpoline on Skylake as vulnerable (BZ# 1666102)\n\n* Bad pagetable: 000f '*pdpt = 0000000000000000 *pde = 0000000000000000' RHEL 6 32bit (BZ#1702782)\n\n* fs/binfmt_misc.c: do not allow offset overflow [6.10.z] (BZ#1710149)\n\n* Wrong spectre backport causing linux headers to break compilation of 3rd party packages (BZ#1722185)", "cvss3": {}, "published": "2019-08-20T00:00:00", "type": "nessus", "title": "CentOS 6 : kernel (CESA-2019:2473)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17805", "CVE-2018-17972", "CVE-2019-1125", "CVE-2019-5489"], "modified": "2020-02-18T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-firmware", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2019-2473.NASL", "href": "https://www.tenable.com/plugins/nessus/127919", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2473 and \n# CentOS Errata and Security Advisory 2019:2473 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127919);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/02/18\");\n\n script_cve_id(\"CVE-2017-17805\", \"CVE-2018-17972\", \"CVE-2019-1125\", \"CVE-2019-5489\");\n script_xref(name:\"RHSA\", value:\"2019:2473\");\n\n script_name(english:\"CentOS 6 : kernel (CESA-2019:2473)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\n* kernel: Salsa20 encryption algorithm does not correctly handle\nzero-length inputs allowing local attackers to cause denial-of-service\n(CVE-2017-17805)\n\n* kernel: Unprivileged users able to inspect kernel stacks of\narbitrary tasks (CVE-2018-17972)\n\n* kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* OOPS with NULL pointer exception in v4l2_ctrl_query_menu when second\narg of function is NULL (BZ#1647975)\n\n* Another RHEL 6 hang in congestion_wait() (BZ#1658254)\n\n* kernel crash after running user space script (BZ#1663262)\n\n* RHEL-6.10: Don't report the use of retpoline on Skylake as\nvulnerable (BZ# 1666102)\n\n* Bad pagetable: 000f '*pdpt = 0000000000000000 *pde =\n0000000000000000' RHEL 6 32bit (BZ#1702782)\n\n* fs/binfmt_misc.c: do not allow offset overflow [6.10.z] (BZ#1710149)\n\n* Wrong spectre backport causing linux headers to break compilation of\n3rd party packages (BZ#1722185)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2019-August/023404.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2ebba086\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-17805\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-2.6.32-754.18.2.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-abi-whitelists-2.6.32-754.18.2.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-2.6.32-754.18.2.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-devel-2.6.32-754.18.2.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-devel-2.6.32-754.18.2.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-doc-2.6.32-754.18.2.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-firmware-2.6.32-754.18.2.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-headers-2.6.32-754.18.2.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perf-2.6.32-754.18.2.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-perf-2.6.32-754.18.2.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:32:52", "description": "An update for kernel-rt is now available for Red Hat Enterprise MRG 2.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es) :\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\n* kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)\n\n* kernel: Inifinite loop vulnerability in mm/madvise.c:madvise_willneed() function allows local denial of service (CVE-2017-18208)\n\n* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* update the MRG 2.5.z 3.10 realtime-kernel sources (BZ#1765670)\n\n* [MRG/R] pip_stress hangs when a priority inversion occurs (BZ#1772562)", "cvss3": {}, "published": "2019-12-05T00:00:00", "type": "nessus", "title": "RHEL 6 : MRG (RHSA-2019:4057)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10661", "CVE-2017-18208", "CVE-2019-11811", "CVE-2019-5489"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2019-4057.NASL", "href": "https://www.tenable.com/plugins/nessus/131719", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:4057. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131719);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2017-10661\",\n \"CVE-2017-18208\",\n \"CVE-2019-5489\",\n \"CVE-2019-11811\"\n );\n script_xref(name:\"RHSA\", value:\"2019:4057\");\n\n script_name(english:\"RHEL 6 : MRG (RHSA-2019:4057)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel-rt is now available for Red Hat Enterprise MRG 2.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\n* kernel: Handling of might_cancel queueing is not properly pretected\nagainst race (CVE-2017-10661)\n\n* kernel: Inifinite loop vulnerability in\nmm/madvise.c:madvise_willneed() function allows local denial of\nservice (CVE-2017-18208)\n\n* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c,\nipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* update the MRG 2.5.z 3.10 realtime-kernel sources (BZ#1765670)\n\n* [MRG/R] pip_stress hangs when a priority inversion occurs\n(BZ#1772562)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:4057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-10661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-18208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-5489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11811\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10661\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-11811\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-10661\", \"CVE-2017-18208\", \"CVE-2019-11811\", \"CVE-2019-5489\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:4057\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:4057\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"mrg-release\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MRG\");\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-693.61.1.rt56.656.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-693.61.1.rt56.656.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-693.61.1.rt56.656.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-693.61.1.rt56.656.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-693.61.1.rt56.656.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-693.61.1.rt56.656.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-693.61.1.rt56.656.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-doc-3.10.0-693.61.1.rt56.656.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-firmware-3.10.0-693.61.1.rt56.656.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-693.61.1.rt56.656.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-693.61.1.rt56.656.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-693.61.1.rt56.656.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-3.10.0-693.61.1.rt56.656.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-debuginfo-3.10.0-693.61.1.rt56.656.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-devel-3.10.0-693.61.1.rt56.656.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:22:41", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:3517 advisory.\n\n - kernel: Linux stack ASLR implementation Integer overflow (CVE-2015-1593)\n\n - kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n - kernel: Information Disclosure in crypto_report_one in crypto/crypto_user.c (CVE-2018-19854)\n\n - kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985)\n\n - kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169)\n\n - kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c (CVE-2019-10126)\n\n - kernel: null-pointer dereference in hci_uart_set_flow_control (CVE-2019-10207)\n\n - Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\n - kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833)\n\n - kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884)\n\n - kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service (CVE-2019-12382)\n\n - kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233)\n\n - kernel: denial of service in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c via sigreturn() system call (CVE-2019-13648)\n\n - Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n - kernel: out-of-bounds array access in __xfrm_policy_unlink (CVE-2019-15666)\n\n - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916)\n\n - kernel: memory leak in genl_register_family() in net/netlink/genetlink.c (CVE-2019-15921)\n\n - kernel: null pointer dereference in drivers/net/ethernet/intel/fm10k/fm10k_main.c (CVE-2019-15924)\n\n - kernel: Memory leak in sit_init_net() in net/ipv6/sit.c (CVE-2019-16994)\n\n - kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459)\n\n - kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460)\n\n - kernel: SCTP socket buffer memory leak leading to denial of service (CVE-2019-3874)\n\n - kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882)\n\n - Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900)\n\n - Kernel: page cache side channel attacks (CVE-2019-5489)\n\n - Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222)\n\n - hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506)\n\n - kernel: use-after-free read in napi_gro_frags() in the Linux kernel (CVE-2020-10720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-29T00:00:00", "type": "nessus", "title": "CentOS 8 : kernel (CESA-2019:3517)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1593", "CVE-2018-16884", "CVE-2018-19854", "CVE-2018-19985", "CVE-2018-20169", "CVE-2019-10126", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-11599", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-13233", "CVE-2019-13648", "CVE-2019-14821", "CVE-2019-15666", "CVE-2019-15916", "CVE-2019-15921", "CVE-2019-15924", "CVE-2019-16994", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3874", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-5489", "CVE-2019-7222", "CVE-2019-9506", "CVE-2020-10720"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-core", "p-cpe:/a:centos:centos:kernel-cross-headers", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-core", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-debug-modules", "p-cpe:/a:centos:centos:kernel-debug-modules-extra", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-modules", "p-cpe:/a:centos:centos:kernel-modules-extra", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python3-perf"], "id": "CENTOS8_RHSA-2019-3517.NASL", "href": "https://www.tenable.com/plugins/nessus/145665", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2019:3517. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145665);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1593\",\n \"CVE-2018-16884\",\n \"CVE-2018-19854\",\n \"CVE-2018-19985\",\n \"CVE-2018-20169\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-3874\",\n \"CVE-2019-3882\",\n \"CVE-2019-3900\",\n \"CVE-2019-5489\",\n \"CVE-2019-7222\",\n \"CVE-2019-9506\",\n \"CVE-2019-10126\",\n \"CVE-2019-10207\",\n \"CVE-2019-10638\",\n \"CVE-2019-11599\",\n \"CVE-2019-11833\",\n \"CVE-2019-11884\",\n \"CVE-2019-12382\",\n \"CVE-2019-13233\",\n \"CVE-2019-13648\",\n \"CVE-2019-14821\",\n \"CVE-2019-15666\",\n \"CVE-2019-15916\",\n \"CVE-2019-15921\",\n \"CVE-2019-15924\",\n \"CVE-2019-16994\",\n \"CVE-2020-10720\"\n );\n script_bugtraq_id(\n 72607,\n 106148,\n 106253,\n 106478,\n 106565,\n 106963,\n 107488,\n 107528,\n 107782,\n 107910,\n 108076,\n 108113,\n 108299,\n 108372,\n 108474,\n 108817,\n 109055,\n 109092\n );\n script_xref(name:\"RHSA\", value:\"2019:3517\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"CentOS 8 : kernel (CESA-2019:3517)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2019:3517 advisory.\n\n - kernel: Linux stack ASLR implementation Integer overflow (CVE-2015-1593)\n\n - kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n - kernel: Information Disclosure in crypto_report_one in crypto/crypto_user.c (CVE-2018-19854)\n\n - kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985)\n\n - kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169)\n\n - kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c\n (CVE-2019-10126)\n\n - kernel: null-pointer dereference in hci_uart_set_flow_control (CVE-2019-10207)\n\n - Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638)\n\n - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\n - kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833)\n\n - kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884)\n\n - kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service (CVE-2019-12382)\n\n - kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233)\n\n - kernel: denial of service in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c via\n sigreturn() system call (CVE-2019-13648)\n\n - Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n - kernel: out-of-bounds array access in __xfrm_policy_unlink (CVE-2019-15666)\n\n - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service\n (CVE-2019-15916)\n\n - kernel: memory leak in genl_register_family() in net/netlink/genetlink.c (CVE-2019-15921)\n\n - kernel: null pointer dereference in drivers/net/ethernet/intel/fm10k/fm10k_main.c (CVE-2019-15924)\n\n - kernel: Memory leak in sit_init_net() in net/ipv6/sit.c (CVE-2019-16994)\n\n - kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459)\n\n - kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460)\n\n - kernel: SCTP socket buffer memory leak leading to denial of service (CVE-2019-3874)\n\n - kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882)\n\n - Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900)\n\n - Kernel: page cache side channel attacks (CVE-2019-5489)\n\n - Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222)\n\n - hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506)\n\n - kernel: use-after-free read in napi_gro_frags() in the Linux kernel (CVE-2020-10720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3517\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10126\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2015-1593', 'CVE-2018-16884', 'CVE-2018-19854', 'CVE-2018-19985', 'CVE-2018-20169', 'CVE-2019-3459', 'CVE-2019-3460', 'CVE-2019-3874', 'CVE-2019-3882', 'CVE-2019-3900', 'CVE-2019-5489', 'CVE-2019-7222', 'CVE-2019-9506', 'CVE-2019-10126', 'CVE-2019-10207', 'CVE-2019-10638', 'CVE-2019-11599', 'CVE-2019-11833', 'CVE-2019-11884', 'CVE-2019-12382', 'CVE-2019-13233', 'CVE-2019-13648', 'CVE-2019-14821', 'CVE-2019-15666', 'CVE-2019-15916', 'CVE-2019-15921', 'CVE-2019-15924', 'CVE-2019-16994', 'CVE-2020-10720');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for CESA-2019:3517');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'reference':'bpftool-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-147.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-147.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:24:12", "description": "The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-7191: In the tun subsystem dev_get_valid_name xwas not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343 (bnc#1135603).\n\n - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access (bnc#1135278).\n\n - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions (bnc#1133188). It was disabled by default.\n\n - CVE-2019-11811: There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c (bnc#1134397).\n\n - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c kernel. There is a race condition leading to a use-after-free, related to net namespace cleanup (bnc#1134537).\n\n - CVE-2019-11833: fs/ext4/extents.c did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem (bnc#1135281).\n\n - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\\0' character (bnc#1134848).\n\n - CVE-2019-3882: A flaw was found in the vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). (bnc#1131416 bnc#1131427).\n\n - CVE-2019-5489: The mincore() implementation in mm/mincore.c allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server (bnc#1120843).\n\n - CVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results was fixed (bnc#1132681).\n\n - CVE-2019-9503: Multiple brcmfmac frame validation bypasses have been fixed (bnc#1132828).\n\nThe following non-security bugs were fixed :\n\n - 9p: do not trust pdu content for stat item size (bsc#1051510).\n\n - 9p locks: add mount option for lock retry interval (bsc#1051510).\n\n - acpi: Add Hygon Dhyana support ().\n\n - acpi: Add Hygon Dhyana support (fate#327735).\n\n - acpi: button: reinitialize button state upon resume (bsc#1051510).\n\n - acpiCA: AML interpreter: add region addresses in global list during initialization (bsc#1051510).\n\n - acpiCA: Namespace: remove address node from global list after method termination (bsc#1051510).\n\n - acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#112128) (bsc#1132426).\n\n - acpi: PM: Set enable_for_wake for wakeup GPEs during suspend-to-idle (bsc#1111666).\n\n - acpi: property: restore _DSD data subnodes GUID comment (bsc#1111666).\n\n - acpi / SBS: Fix GPE storm on recent MacBookPro's (bsc#1051510).\n\n - acpi / utils: Drop reference in test for device presence (bsc#1051510).\n\n - alsa: core: Do not refer to snd_cards array directly (bsc#1051510).\n\n - alsa: core: Fix card races between register and disconnect (bsc#1051510).\n\n - alsa: emu10k1: Drop superfluous id-uniquification behavior (bsc#1051510).\n\n - alsa: hda - Add two more machines to the power_save_blacklist (bsc#1051510).\n\n - alsa: hda/hdmi - Consider eld_valid when reporting jack event (bsc#1051510).\n\n - alsa: hda/hdmi - Read the pin sense from register when repolling (bsc#1051510).\n\n - alsa: hda: Initialize power_state field properly (bsc#1051510).\n\n - alsa: hda/realtek - Add new Dell platform for headset mode (bsc#1051510).\n\n - alsa: hda/realtek - add two more pin configuration sets to quirk table (bsc#1051510).\n\n - alsa: hda/realtek - Apply the fixup for ASUS Q325UAR (bsc#1051510).\n\n - alsa: hda/realtek - Avoid superfluous COEF EAPD setups (bsc#1051510).\n\n - alsa: hda/realtek - Corrected fixup for System76 Gazelle (gaze14) (bsc#1051510).\n\n - alsa: hda/realtek - EAPD turn on later (bsc#1051510).\n\n - alsa: hda/realtek: Enable headset MIC of Acer TravelMate B114-21 with ALC233 (bsc#1111666).\n\n - alsa: hda/realtek - Fixed Dell AIO speaker noise (bsc#1051510).\n\n - alsa: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug (bsc#1051510).\n\n - alsa: hda/realtek - Fixup headphone noise via runtime suspend (bsc#1051510).\n\n - alsa: hda/realtek - Move to ACT_INIT state (bsc#1111666).\n\n - alsa: hda/realtek - Support low power consumption for ALC256 (bsc#1051510).\n\n - alsa: hda/realtek - Support low power consumption for ALC295 (bsc#1051510).\n\n - alsa: hda - Register irq handler after the chip initialization (bsc#1051510).\n\n - alsa: hda - Use a macro for snd_array iteration loops (bsc#1051510).\n\n - alsa: hdea/realtek - Headset fixup for System76 Gazelle (gaze14) (bsc#1051510).\n\n - alsa: info: Fix racy addition/deletion of nodes (bsc#1051510).\n\n - alsa: line6: Avoid polluting led_* namespace (bsc#1051510).\n\n - alsa: line6: use dynamic buffers (bsc#1051510).\n\n - alsa: PCM: check if ops are defined before suspending PCM (bsc#1051510).\n\n - alsa: seq: Align temporary re-locking with irqsave version (bsc#1051510).\n\n - alsa: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock() (bsc#1051510).\n\n - alsa: seq: Cover unsubscribe_port() in list_mutex (bsc#1051510).\n\n - alsa: seq: Fix OOB-reads from strlcpy (bsc#1051510).\n\n - alsa: seq: Fix race of get-subscription call vs port-delete ioctls (bsc#1051510).\n\n - alsa: seq: Protect in-kernel ioctl calls with mutex (bsc#1051510).\n\n - alsa: seq: Protect racy pool manipulation from OSS sequencer (bsc#1051510).\n\n - alsa: seq: Remove superfluous irqsave flags (bsc#1051510).\n\n - alsa: seq: Simplify snd_seq_kernel_client_enqueue() helper (bsc#1051510).\n\n - alsa: timer: Check ack_list emptiness instead of bit flag (bsc#1051510).\n\n - alsa: timer: Coding style fixes (bsc#1051510).\n\n - alsa: timer: Make snd_timer_close() really kill pending actions (bsc#1051510).\n\n - alsa: timer: Make sure to clear pending ack list (bsc#1051510).\n\n - alsa: timer: Revert active callback sync check at close (bsc#1051510).\n\n - alsa: timer: Simplify error path in snd_timer_open() (bsc#1051510).\n\n - alsa: timer: Unify timer callback process code (bsc#1051510).\n\n - alsa: usb-audio: Fix a memory leak bug (bsc#1051510).\n\n - alsa: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() (bsc#1051510).\n\n - alsa: usx2y: fix a double free bug (bsc#1051510).\n\n - appletalk: Fix compile regression (bsc#1051510).\n\n - appletalk: Fix use-after-free in atalk_proc_exit (bsc#1051510).\n\n - ARM: 8824/1: fix a migrating irq bug when hotplug cpu (bsc#1051510).\n\n - ARM: 8833/1: Ensure that NEON code always compiles with Clang (bsc#1051510).\n\n - ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bsc#1051510).\n\n - ARM: 8840/1: use a raw_spinlock_t in unwind (bsc#1051510).\n\n - ARM: avoid Cortex-A9 livelock on tight dmb loops (bsc#1051510).\n\n - ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bsc#1051510).\n\n - ARM: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug (bsc#1051510).\n\n - ARM: OMAP2+: Variable 'reg' in function omap4_dsi_mux_pads() could be uninitialized (bsc#1051510).\n\n - ARM: pxa: ssp: unneeded to free devm_ allocated data (bsc#1051510).\n\n - ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bsc#1051510).\n\n - ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bsc#1051510).\n\n - ASoC: cs4270: Set auto-increment bit for register writes (bsc#1051510).\n\n - ASoC: fix valid stream condition (bsc#1051510).\n\n - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bsc#1051510).\n\n - ASoC: fsl_esai: fix channel swap issue when stream starts (bsc#1051510).\n\n - ASoC: fsl_esai: Fix missing break in switch statement (bsc#1051510).\n\n - ASoC: hdmi-codec: fix S/PDIF DAI (bsc#1051510).\n\n - ASoC: Intel: avoid Oops if DMA setup fails (bsc#1051510).\n\n - ASoC: max98090: Fix restore of DAPM Muxes (bsc#1051510).\n\n - ASoC: nau8810: fix the issue of widget with prefixed name (bsc#1051510).\n\n - ASoC: nau8824: fix the issue of the widget with prefix name (bsc#1051510).\n\n - ASoC: RT5677-SPI: Disable 16Bit SPI Transfers (bsc#1051510).\n\n - ASoC: samsung: odroid: Fix clock configuration for 44100 sample rate (bsc#1051510).\n\n - ASoC:soc-pcm:fix a codec fixup issue in TDM case (bsc#1051510).\n\n - ASoC: stm32: fix sai driver name initialisation (bsc#1051510).\n\n - ASoC: tlv320aic32x4: Fix Common Pins (bsc#1051510).\n\n - ASoC: topology: free created components in tplg load error (bsc#1051510).\n\n - ASoC: wm_adsp: Add locking to wm_adsp2_bus_error (bsc#1051510).\n\n - assume flash part size to be 4MB, if it can't be determined (bsc#1127371).\n\n - at76c50x-usb: Do not register led_trigger if usb_register_driver failed (bsc#1051510).\n\n - ath10k: avoid possible string overflow (bsc#1051510).\n\n - ath10k: snoc: fix unbalanced clock error handling (bsc#1111666).\n\n - audit: fix a memleak caused by auditing load module (bsc#1051510).\n\n - b43: shut up clang -Wuninitialized variable warning (bsc#1051510).\n\n - backlight: lm3630a: Return 0 on success in update_status functions (bsc#1051510).\n\n - batman-adv: Reduce claim hash refcnt only for removed entry (bsc#1051510).\n\n - batman-adv: Reduce tt_global hash refcnt only for removed entry (bsc#1051510).\n\n - batman-adv: Reduce tt_local hash refcnt only for removed entry (bsc#1051510).\n\n - bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972).\n\n - bcache: add a comment in super.c (bsc#1130972).\n\n - bcache: add code comments for bset.c (bsc#1130972).\n\n - bcache: add comment for cache_set->fill_iter (bsc#1130972).\n\n - bcache: add identifier names to arguments of function definitions (bsc#1130972).\n\n - bcache: add missing SPDX header (bsc#1130972).\n\n - bcache: add MODULE_DESCRIPTION information (bsc#1130972).\n\n - bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972).\n\n - bcache: add static const prefix to char * array declarations (bsc#1130972).\n\n - bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972).\n\n - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972).\n\n - bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972).\n\n - bcache: correct dirty data statistics (bsc#1130972).\n\n - bcache: do not assign in if condition in bcache_init() (bsc#1130972).\n\n - bcache: do not assign in if condition register_bcache() (bsc#1130972).\n\n - bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972).\n\n - bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972).\n\n - bcache: do not clone bio in bch_data_verify (bsc#1130972).\n\n - bcache: do not mark writeback_running too early (bsc#1130972).\n\n - bcache: export backing_dev_name via sysfs (bsc#1130972).\n\n - bcache: export backing_dev_uuid via sysfs (bsc#1130972).\n\n - bcache: fix code comments style (bsc#1130972).\n\n - bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972).\n\n - bcache: fix indent by replacing blank by tabs (bsc#1130972).\n\n - bcache: fix input integer overflow of congested threshold (bsc#1130972).\n\n - bcache: fix input overflow to cache set io_error_limit (bsc#1130972).\n\n - bcache: fix input overflow to cache set sysfs file io_error_halflife (bsc#1130972).\n\n - bcache: fix input overflow to journal_delay_ms (bsc#1130972).\n\n - bcache: fix input overflow to sequential_cutoff (bsc#1130972).\n\n - bcache: fix input overflow to writeback_delay (bsc#1130972).\n\n - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972).\n\n - bcache: fix ioctl in flash device (bsc#1130972).\n\n - bcache: fix mistaken code comments in bcache.h (bsc#1130972).\n\n - bcache: fix mistaken comments in request.c (bsc#1130972).\n\n - bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972).\n\n - bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972).\n\n - bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972).\n\n - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972).\n\n - bcache: improve sysfs_strtoul_clamp() (bsc#1130972).\n\n - bcache: introduce force_wake_up_gc() (bsc#1130972).\n\n - bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972).\n\n - bcache: Move couple of functions to sysfs.c (bsc#1130972).\n\n - bcache: Move couple of string arrays to sysfs.c (bsc#1130972).\n\n - bcache: move open brace at end of function definitions to next line (bsc#1130972).\n\n - bcache: never writeback a discard operation (bsc#1130972).\n\n - bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972).\n\n - bcache: option to automatically run gc thread after writeback (bsc#1130972).\n\n - bcache: panic fix for making cache device (bsc#1130972).\n\n - bcache: Populate writeback_rate_minimum attribute (bsc#1130972).\n\n - bcache: prefer 'help' in Kconfig (bsc#1130972).\n\n - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972).\n\n - bcache: recal cached_dev_sectors on detach (bsc#1130972).\n\n - bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972).\n\n - bcache: remove unused bch_passthrough_cache (bsc#1130972).\n\n - bcache: remove useless parameter of bch_debug_init() (bsc#1130972).\n\n - bcache: Replace bch_read_string_list() by\n __sysfs_match_string() (bsc#1130972).\n\n - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972).\n\n - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972).\n\n - bcache: replace printk() by pr_*() routines (bsc#1130972).\n\n - bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972).\n\n - bcache: set writeback_percent in a flexible range (bsc#1130972).\n\n - bcache: split combined if-condition code into separate ones (bsc#1130972).\n\n - bcache: stop bcache device when backing device is offline (bsc#1130972).\n\n - bcache: stop using the deprecated get_seconds() (bsc#1130972).\n\n - bcache: style fixes for lines over 80 characters (bsc#1130972).\n\n - bcache: style fix to add a blank line after declarations (bsc#1130972).\n\n - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972).\n\n - bcache: treat stale && dirty keys as bad keys (bsc#1130972).\n\n - bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972).\n\n - bcache: update comment for bch_data_insert (bsc#1130972).\n\n - bcache: update comment in sysfs.c (bsc#1130972).\n\n - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972).\n\n - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972).\n\n - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972).\n\n - bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972).\n\n - bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972).\n\n - bcm2835: MMC issues (bsc#1070872).\n\n - blkcg: Introduce blkg_root_lookup() (bsc#1131673).\n\n - blkcg: Make blkg_root_lookup() work for queues in bypass mode (bsc#1131673).\n\n - blk-mq: adjust debugfs and sysfs register when updating nr_hw_queues (bsc#1131673).\n\n - blk-mq: Avoid that submitting a bio concurrently with device removal triggers a crash (bsc#1131673).\n\n - blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs (bsc#1131673).\n\n - blk-mq: fallback to previous nr_hw_queues when updating fails (bsc#1131673).\n\n - blk-mq: init hctx sched after update ctx and hctx mapping (bsc#1131673).\n\n - blk-mq: realloc hctx when hw queue is mapped to another node (bsc#1131673).\n\n - blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter (bsc#1131673).\n\n - block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843).\n\n - block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843).\n\n - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843).\n\n - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843).\n\n - block: do not leak memory in bio_copy_user_iov() (bsc#1135309).\n\n - block: Ensure that a request queue is dissociated from the cgroup controller (bsc#1131673).\n\n - block: Fix a race between request queue removal and the block cgroup controller (bsc#1131673).\n\n - block: fix the return errno for direct IO (bsc#1135320).\n\n - block: fix use-after-free on gendisk (bsc#1135312).\n\n - block: Introduce blk_exit_queue() (bsc#1131673).\n\n - block: kABI fixes for bio_rewind_iter() removal (bsc#1131673).\n\n - block: remove bio_rewind_iter() (bsc#1131673).\n\n - Bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bsc#1051510).\n\n - Bluetooth: btusb: request wake pin with NOAUTOEN (bsc#1051510).\n\n - Bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf() (bsc#1133731).\n\n - Bluetooth: hidp: fix buffer overflow (bsc#1051510).\n\n - bnxt_en: Drop oversize TX packets to prevent errors (networking-stable-19_03_07).\n\n - bnxt_en: Improve RX consumer index validity check (networking-stable-19_04_10).\n\n - bnxt_en: Reset device on RX buffer errors (networking-stable-19_04_10).\n\n - bonding: fix PACKET_ORIGDEV regression (git-fixes).\n\n - bpf: fix use after free in bpf_evict_inode (bsc#1083647).\n\n - brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510).\n\n - brcmfmac: fix leak of mypkt on error return path (bsc#1111666).\n\n - btrfs: add a helper to return a head ref (bsc#1134813).\n\n - btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (git-fixes).\n\n - btrfs: breakout empty head cleanup to a helper (bsc#1134813).\n\n - btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: do not allow trimming when a fs is mounted with the nologreplay option (bsc#1135758).\n\n - btrfs: Do not panic when we can't find a root key (bsc#1112063).\n\n - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: extent-tree: Open-code process_func in\n __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: Factor out common delayed refs init code (bsc#1134813).\n\n - btrfs: fix assertion failure on fsync with NO_HOLES enabled (bsc#1131848).\n\n - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (git-fixes).\n\n - btrfs: fix incorrect file size after shrinking truncate and fsync (bsc#1130195).\n\n - btrfs: improve performance on fsync of files with multiple hardlinks (bsc#1123454).\n\n - btrfs: Introduce init_delayed_ref_head (bsc#1134813).\n\n - btrfs: move all ref head cleanup to the helper function (bsc#1134813).\n\n - btrfs: move extent_op cleanup to a helper (bsc#1134813).\n\n - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813).\n\n - btrfs: Open-code add_delayed_data_ref (bsc#1134813).\n\n - btrfs: Open-code add_delayed_tree_ref (bsc#1134813).\n\n - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162).\n\n - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160).\n\n - btrfs: remove delayed_ref_node from ref_head (bsc#1134813).\n\n - btrfs: remove WARN_ON in log_dir_items (bsc#1131847).\n\n - btrfs: send, flush dellaloc in order to avoid data loss (bsc#1133320).\n\n - btrfs: split delayed ref head initialization and addition (bsc#1134813).\n\n - btrfs: track refs in a rb_tree instead of a list (bsc#1134813).\n\n - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813).\n\n - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813).\n\n - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813).\n\n - cdrom: Fix race condition in cdrom_sysctl_register (bsc#1051510).\n\n - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461).\n\n - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461).\n\n - ceph: fix ci->i_head_snapc leak (bsc#1122776).\n\n - ceph: fix ci->i_head_snapc leak (bsc#1122776).\n\n - ceph: fix use-after-free on symlink traversal (bsc#1134459).\n\n - ceph: fix use-after-free on symlink traversal (bsc#1134459).\n\n - ceph: only use d_name directly when parent is locked (bsc#1134460).\n\n - ceph: only use d_name directly when parent is locked (bsc#1134460).\n\n - cfg80211: Handle WMM rules in regulatory domain intersection (bsc#1111666).\n\n - cgroup: fix parsing empty mount option string (bsc#1133094).\n\n - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510).\n\n - cifs: do not dereference smb_file_target before null check (bsc#1051510).\n\n - cifs: Do not hide EINTR after sending network packets (bsc#1051510).\n\n - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510).\n\n - cifs: Do not reset lease state to NONE on lease break (bsc#1051510).\n\n - cifs: Fix adjustment of credits for MTU requests (bsc#1051510).\n\n - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510).\n\n - cifs: Fix credits calculations for reads with errors (bsc#1051510).\n\n - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542).\n\n - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510).\n\n - cifs: Fix potential OOB access of lock element array (bsc#1051510).\n\n - cifs: Fix read after write for files with read caching (bsc#1051510).\n\n - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565).\n\n - clk: fractional-divider: check parent rate only if flag is set (bsc#1051510).\n\n - clk: rockchip: fix frac settings of GPLL clock for rk3328 (bsc#1051510).\n\n - clk: rockchip: Fix video codec clocks on rk3288 (bsc#1051510).\n\n - clk: rockchip: fix wrong clock definitions for rk3328 (bsc#1051510).\n\n - clk: x86: Add system specific quirk to mark clocks as critical (bsc#1051510).\n\n - configfs: fix possible use-after-free in configfs_register_group (bsc#1051510).\n\n - cpufreq: Add Hygon Dhyana support ().\n\n - cpufreq: Add Hygon Dhyana support (fate#327735).\n\n - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ ().\n\n - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (fate#327735).\n\n - cpupowerutils: bench - Fix cpu online check (bsc#1051510).\n\n - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178).\n\n - crypto: arm/aes-neonbs - do not access already-freed walk.iv (bsc#1051510).\n\n - crypto: caam - add missing put_device() call (bsc#1129770).\n\n - crypto: caam - fix caam_dump_sg that iterates through scatterlist (bsc#1051510).\n\n - crypto: caam/qi2 - fix DMA mapping of stack memory (bsc#1111666).\n\n - crypto: caam/qi2 - fix zero-length buffer DMA mapping (bsc#1111666).\n\n - crypto: caam/qi2 - generate hash keys in-place (bsc#1111666).\n\n - crypto: ccm - fix incompatibility between 'ccm' and 'ccm_base' (bsc#1051510).\n\n - crypto: ccp - Do not free psp_master when PLATFORM_INIT fails (bsc#1051510).\n\n - crypto: chacha20poly1305 - set cra_name correctly (bsc#1051510).\n\n - crypto: crct10dif-generic - fix use via crypto_shash_digest() (bsc#1051510).\n\n - crypto: crypto4xx - properly set IV after de- and encrypt (bsc#1051510).\n\n - crypto: fips - Grammar s/options/option/, s/to/the/ (bsc#1051510).\n\n - crypto: gcm - fix incompatibility between 'gcm' and 'gcm_base' (bsc#1051510).\n\n - crypto: pcbc - remove bogus memcpy()s with src == dest (bsc#1051510).\n\n - crypto: sha256/arm - fix crash bug in Thumb2 build (bsc#1051510).\n\n - crypto: sha512/arm - fix crash bug in Thumb2 build (bsc#1051510).\n\n - crypto: skcipher - do not WARN on unprocessed data after slow walk step (bsc#1051510).\n\n - crypto: sun4i-ss - Fix invalid calculation of hash end (bsc#1051510).\n\n - crypto: vmx - CTR: always increment IV as quadword (bsc#1051510).\n\n - crypto: vmx - fix copy-paste error in CTR mode (bsc#1051510).\n\n - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() (bsc#1051510).\n\n - crypto: x86/poly1305 - fix overflow during partial reduction (bsc#1051510).\n\n - cxgb4: Add capability to get/set SGE Doorbell Queue Timer Tick (bsc#1127371).\n\n - cxgb4: Added missing break in ndo_udp_tunnel_(add/del) (bsc#1127371).\n\n - cxgb4: Add flag tc_flower_initialized (bsc#1127371).\n\n - cxgb4: Add new T5 PCI device id 0x50ae (bsc#1127371).\n\n - cxgb4: Add new T5 PCI device ids 0x50af and 0x50b0 (bsc#1127371).\n\n - cxgb4: Add new T6 PCI device ids 0x608a (bsc#1127371).\n\n - cxgb4: add per rx-queue counter for packet errors (bsc#1127371).\n\n - cxgb4: Add support for FW_ETH_TX_PKT_VM_WR (bsc#1127371).\n\n - cxgb4: add support to display DCB info (bsc#1127371).\n\n - cxgb4: Add support to read actual provisioned resources (bsc#1127371).\n\n - cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371).\n\n - cxgb4: collect hardware queue descriptors (bsc#1127371).\n\n - cxgb4: collect number of free PSTRUCT page pointers (bsc#1127371).\n\n - cxgb4: convert flower table to use rhashtable (bsc#1127371).\n\n - cxgb4: cxgb4: use FW_PORT_ACTION_L1_CFG32 for 32 bit capability (bsc#1127371).\n\n - cxgb4/cxgb4vf: Add support for SGE doorbell queue timer (bsc#1127371).\n\n - cxgb4/cxgb4vf: Fix mac_hlist initialization and free (bsc#1127374).\n\n - cxgb4/cxgb4vf: Link management changes (bsc#1127371).\n\n - cxgb4/cxgb4vf: Program hash region for (t4/t4vf)_change_mac() (bsc#1127371).\n\n - cxgb4: display number of rx and tx pages free (bsc#1127371).\n\n - cxgb4: do not return DUPLEX_UNKNOWN when link is down (bsc#1127371).\n\n - cxgb4: Export sge_host_page_size to ulds (bsc#1127371).\n\n - cxgb4: fix the error path of cxgb4_uld_register() (bsc#1127371).\n\n - cxgb4: impose mandatory VLAN usage when non-zero TAG ID (bsc#1127371).\n\n - cxgb4: Mask out interrupts that are not enabled (bsc#1127175).\n\n - cxgb4: move Tx/Rx free pages collection to common code (bsc#1127371).\n\n - cxgb4: remove redundant assignment to vlan_cmd.dropnovlan_fm (bsc#1127371).\n\n - cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size (bsc#1127371).\n\n - cxgb4: remove the unneeded locks (bsc#1127371).\n\n - cxgb4: specify IQTYPE in fw_iq_cmd (bsc#1127371).\n\n - cxgb4: Support ethtool private flags (bsc#1127371).\n\n - cxgb4: update supported DCB version (bsc#1127371).\n\n - cxgb4: use new fw interface to get the VIN and smt index (bsc#1127371).\n\n - cxgb4vf: Few more link management changes (bsc#1127374).\n\n - cxgb4vf: fix memleak in mac_hlist initialization (bsc#1127374).\n\n - cxgb4vf: Update port information in cxgb4vf_open() (bsc#1127374).\n\n - dccp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28).\n\n - dccp: Fix memleak in __feat_register_sp (bsc#1051510).\n\n - debugfs: fix use-after-free on symlink traversal (bsc#1051510).\n\n - device_cgroup: fix RCU imbalance in error case (bsc#1051510).\n\n - devres: Align data[] to ARCH_KMALLOC_MINALIGN (bsc#1051510).\n\n - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bsc#1051510).\n\n - dmaengine: axi-dmac: Do not check the number of frames for alignment (bsc#1051510).\n\n - dmaengine: imx-dma: fix warning comparison of distinct pointer types (bsc#1051510).\n\n - dmaengine: qcom_hidma: assign channel cookie correctly (bsc#1051510).\n\n - dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid (bsc#1051510).\n\n - dmaengine: tegra210-dma: free dma controller in remove() (bsc#1051510).\n\n - dmaengine: tegra: avoid overflow of byte tracking (bsc#1051510).\n\n - dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638).\n\n - Drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567).\n\n - Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567).\n\n - drm/amd/display: extending AUX SW Timeout (bsc#1111666).\n\n - drm/amd/display: fix cursor black issue (bsc#1111666).\n\n - drm/amd/display: If one stream full updates, full update all planes (bsc#1111666).\n\n - drm/amdgpu/gmc9: fix VM_L2_CNTL3 programming (bsc#1111666).\n\n - drm/amdkfd: use init_mqd function to allocate object for hid_mqd (CI) (bsc#1111666).\n\n - drm: Auto-set allow_fb_modifiers when given modifiers at plane init (bsc#1051510).\n\n - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1051510).\n\n - drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs (bsc#1113722)\n\n - drm/doc: Drop 'content type' from the legacy kms property table (bsc#1111666).\n\n - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bsc#1051510).\n\n - drm/exynos/mixer: fix MIXER shadow registry synchronisation code (bsc#1111666).\n\n - drm/fb-helper: dpms_legacy(): Only set on connectors in use (bsc#1051510).\n\n - drm/fb-helper: generic: Call drm_client_add() after setup is done (bsc#1111666).\n\n - drm/i915: Disable LP3 watermarks on all SNB machines (bsc#1051510).\n\n - drm/i915: Disable tv output on i9x5gm (bsc#1086657, bsc#1133897).\n\n - drm/i915: Downgrade Gen9 Plane WM latency error (bsc#1051510).\n\n - drm/i915/fbc: disable framebuffer compression on GeminiLake (bsc#1051510).\n\n - drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510).\n\n - drm/i915: Force 2*96 MHz cdclk on glk/cnl when audio power is enabled (bsc#1111666).\n\n - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113722)\n\n - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113956)\n\n - drm/i915/gvt: Annotate iomem usage (bsc#1051510).\n\n - drm/i915/gvt: do not deliver a workload if its creation fails (bsc#1051510).\n\n - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113722)\n\n - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113956)\n\n - drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in gen8/9 mmio list (bnc#1113722)\n\n - drm/i915/gvt: Prevent use-after-free in ppgtt_free_all_spt() (bsc#1111666).\n\n - drm/i915/gvt: Roundup fb->height into tile's height at calucation fb->size (bsc#1111666).\n\n - drm/i915/icl: Whitelist GEN9_SLICE_COMMON_ECO_CHICKEN1 (bsc#1111666).\n\n - drm/imx: do not skip DP channel disable for background plane (bsc#1051510).\n\n - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113722)\n\n - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113956)\n\n - drm/mediatek: fix possible object reference leak (bsc#1051510).\n\n - drm/meson: add size and alignment requirements for dumb buffers (bnc#1113722)\n\n - drm/nouveau: add DisplayPort CEC-Tunneling-over-AUX support (bsc#1133593).\n\n - drm/nouveau: Add NV_PRINTK_ONCE and variants (bsc#1133593).\n\n - drm/nouveau: Add size to vbios.rom file in debugfs (bsc#1133593).\n\n - drm/nouveau: Add strap_peek to debugfs (bsc#1133593).\n\n - drm/nouveau/bar/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/bar/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/bios: translate additional memory types (bsc#1133593).\n\n - drm/nouveau/bios: translate USB-C connector type (bsc#1133593).\n\n - drm/nouveau/bios/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/bios/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/bus/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/bus/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/ce/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/ce/tu106: initial support (bsc#1133593).\n\n - drm/nouveau: Cleanup indenting in nouveau_backlight.c (bsc#1133593).\n\n - drm/nouveau/core: increase maximum number of nvdec instances to 3 (bsc#1133593).\n\n - drm/nouveau/core: recognise TU102 (bsc#1133593).\n\n - drm/nouveau/core: recognise TU104 (bsc#1133593).\n\n - drm/nouveau/core: recognise TU106 (bsc#1133593).\n\n - drm/nouveau/core: support multiple nvdec instances (bsc#1133593).\n\n - drm/nouveau/devinit/gm200-: export function to upload+execute PMU/PRE_OS (bsc#1133593).\n\n - drm/nouveau/devinit/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/devinit/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/disp: add a way to configure scrambling/tmds for hdmi 2.0 (bsc#1133593).\n\n - drm/nouveau/disp: add support for setting scdc parameters for high modes (bsc#1133593).\n\n - drm/nouveau/disp/gm200-: add scdc parameter setter (bsc#1133593).\n\n - drm/nouveau/disp/gv100: fix name of window channels in debug output (bsc#1133593).\n\n - drm/nouveau/disp: keep track of high-speed state, program into clock (bsc#1133593).\n\n - drm/nouveau/disp: take sink support into account for exposing 594mhz (bsc#1133593).\n\n - drm/nouveau/disp/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/disp/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/dma/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/dma/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/drm/nouveau: Do not forget to label dp_aux devices (bsc#1133593).\n\n - drm/nouveau/drm/nouveau:\n s/nouveau_backlight_exit/nouveau_backlight_fini/ (bsc#1133593).\n\n - drm/nouveau/drm/nouveau: tegra: Call nouveau_drm_device_init() (bsc#1133593).\n\n - drm/nouveau/fault: add explicit control over fault buffer interrupts (bsc#1133593).\n\n - drm/nouveau/fault: remove manual mapping of fault buffers into BAR2 (bsc#1133593).\n\n - drm/nouveau/fault: store get/put pri address in nvkm_fault_buffer (bsc#1133593).\n\n - drm/nouveau/fault/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/fault/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/fb/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/fb/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/fifo/gf100-: call into BAR to reset BARs after MMU fault (bsc#1133593).\n\n - drm/nouveau/fifo/gk104-: group pbdma functions together (bsc#1133593).\n\n - drm/nouveau/fifo/gk104-: return channel instance in ctor args (bsc#1133593).\n\n - drm/nouveau/fifo/gk104-: separate runlist building from committing to hw (bsc#1133593).\n\n - drm/nouveau/fifo/gk104-: support enabling privileged ce functions (bsc#1133593).\n\n - drm/nouveau/fifo/gk104-: virtualise pbdma enable function (bsc#1133593).\n\n - drm/nouveau/fifo/gm200-: read pbdma count more directly (bsc#1133593).\n\n - drm/nouveau/fifo/gv100: allocate method buffer (bsc#1133593).\n\n - drm/nouveau/fifo/gv100: return work submission token in channel ctor args (bsc#1133593).\n\n - drm/nouveau/fifo/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/fifo/tu106: initial support (bsc#1133593).\n\n - drm/nouveau: Fix potential memory leak in nouveau_drm_load() (bsc#1133593).\n\n - drm/nouveau/fuse/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/fuse/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/gpio/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/gpio/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/i2c/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/i2c/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/ibus/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/ibus/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/imem/nv50: support pinning objects in BAR2 and returning address (bsc#1133593).\n\n - drm/nouveau/imem/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/imem/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/kms/nv50-: allow more flexibility with lut formats (bsc#1133593).\n\n - drm/nouveau/kms/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/ltc/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/ltc/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/mc/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/mc/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/mmu: add more general vmm free/node handling functions (bsc#1133593).\n\n - drm/nouveau/mmu/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/mmu/tu106: initial support (bsc#1133593).\n\n - drm/nouveau: Move backlight device into nouveau_connector (bsc#1133593).\n\n - drm/nouveau/pci/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/pci/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/pmu/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/pmu/tu106: initial support (bsc#1133593).\n\n - drm/nouveau: Refactor nvXX_backlight_init() (bsc#1133593).\n\n - drm/nouveau: register backlight on pascal and newer (bsc#1133593).\n\n - drm/nouveau: remove left-over struct member (bsc#1133593).\n\n - drm/nouveau: Remove unecessary dma_fence_ops (bsc#1133593).\n\n - drm/nouveau: Start using new drm_dev initialization helpers (bsc#1133593).\n\n - drm/nouveau: Stop using drm_crtc_force_disable (bsc#1051510).\n\n - drm/nouveau/therm/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/therm/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/tmr/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/tmr/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/top/tu104: initial support (bsc#1133593).\n\n - drm/nouveau/top/tu106: initial support (bsc#1133593).\n\n - drm/nouveau/volt/gf117: fix speedo readout register (bsc#1051510).\n\n - drm/omap: hdmi4_cec: Fix CEC clock handling for PM (bsc#1111666).\n\n - drm/panel: panel-innolux: set display off in innolux_panel_unprepare (bsc#1111666).\n\n - drm/pl111: Initialize clock spinlock early (bsc#1111666).\n\n - drm: rcar-du: Fix rcar_du_crtc structure documentation (bsc#1111666).\n\n - drm/rockchip: fix for mailbox read validation (bsc#1051510).\n\n - drm/rockchip: fix for mailbox read validation (bsc#1111666).\n\n - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1051510).\n\n - drm/rockchip: vop: reset scale mode when win is disabled (bsc#1113722)\n\n - drm/sun4i: Add missing drm_atomic_helper_shutdown at driver unbind (bsc#1113722)\n\n - drm/sun4i: Fix component unbinding and component master deletion (bsc#1113722)\n\n - drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722)\n\n - drm/sun4i: Set device driver data at bind time for use in unbind (bsc#1113722)\n\n - drm/sun4i: tcon top: Fix NULL/invalid pointer dereference in sun8i_tcon_top_un/bind (bsc#1111666).\n\n - drm/sun4i: Unbind components before releasing DRM and memory (bsc#1113722)\n\n - drm/tegra: gem: Fix CPU-cache maintenance for BO's allocated using get_pages() (bsc#1111666).\n\n - drm/tegra: hub: Fix dereference before check (bsc#1111666).\n\n - drm/ttm: Fix bo_global and mem_global kfree error (bsc#1111666).\n\n - drm/ttm: fix out-of-bounds read in ttm_put_pages() v2 (bsc#1111666).\n\n - drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488)\n\n - drm/udl: add a release method and delay modeset teardown (bsc#1085536)\n\n - drm/vc4: Fix memory leak during gpu reset. (bsc#1113722)\n\n - drm/vmwgfx: Remove set but not used variable 'restart' (bsc#1111666).\n\n - dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit (networking-stable-19_02_20).\n\n - dt-bindings: net: Fix a typo in the phy-mode list for ethernet bindings (bsc#1129770).\n\n - dwc2: gadget: Fix completed transfer size calculation in DDMA (bsc#1051510).\n\n - e1000e: fix cyclic resets at link up with active tx (bsc#1051510).\n\n - e1000e: Fix -Wformat-truncation warnings (bsc#1051510).\n\n - EDAC, amd64: Add Hygon Dhyana support ().\n\n - EDAC, amd64: Add Hygon Dhyana support (fate#327735).\n\n - ext4: actually request zeroing of inode table after grow (bsc#1135315).\n\n - ext4: cleanup bh release code in ext4_ind_remove_space() (bsc#1131851).\n\n - ext4: Do not warn when enabling DAX (bsc#1132894).\n\n - ext4: fix ext4_show_options for file systems w/o journal (bsc#1135316).\n\n - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1135314).\n\n - fbdev: fbmem: fix memory access if logo is bigger than the screen (bsc#1051510).\n\n - fix cgroup_do_mount() handling of failure exits (bsc#1133095).\n\n - Fix kabi after 'md: batch flush requests.' (bsc#1119680).\n\n - fix rtnh_ok() (git-fixes).\n\n - Fix struct page kABI after adding atomic for ppc (bsc#1131326, bsc#1108937).\n\n - fm10k: Fix a potential NULL pointer dereference (bsc#1051510).\n\n - fs: avoid fdput() after failed fdget() in vfs_dedupe_file_range() (bsc#1132384, bsc#1132219).\n\n - fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes).\n\n - futex: Cure exit race (bsc#1050549).\n\n - futex: Ensure that futex address is aligned in handle_futex_death() (bsc#1050549).\n\n - futex: Handle early deadlock return correctly (bsc#1050549).\n\n - genetlink: Fix a memory leak on error path (networking-stable-19_03_28).\n\n - ghes, EDAC: Fix ghes_edac registration (bsc#1133176).\n\n - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bsc#1051510).\n\n - gpio: aspeed: fix a potential NULL pointer dereference (bsc#1051510).\n\n - gpio: gpio-omap: fix level interrupt idling (bsc#1051510).\n\n - gpio: of: Fix of_gpiochip_add() error path (bsc#1051510).\n\n - gpu: ipu-v3: dp: fix CSC handling (bsc#1051510).\n\n - gre6: use log_ecn_error module parameter in ip6_tnl_rcv() (git-fixes).\n\n - HID: debug: fix race condition with between rdesc_show() and device removal (bsc#1051510).\n\n - HID: i2c-hid: Ignore input report if there's no data present on Elan touchpanels (bsc#1133486).\n\n - HID: input: add mapping for Assistant key (bsc#1051510).\n\n - HID: input: add mapping for Expose/Overview key (bsc#1051510).\n\n - HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bsc#1051510).\n\n - HID: input: add mapping for 'Toggle Display' key (bsc#1051510).\n\n - HID: intel-ish-hid: avoid binding wrong ishtp_cl_device (bsc#1051510).\n\n - HID: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit (bsc#1051510).\n\n - HID: logitech: check the return value of create_singlethread_workqueue (bsc#1051510).\n\n - hv_netvsc: Fix IP header checksum for coalesced packets (networking-stable-19_03_07).\n\n - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses (bsc#1051510).\n\n - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses (bsc#1051510).\n\n - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses (bsc#1051510).\n\n - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses (bsc#1051510).\n\n - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses (bsc#1051510).\n\n - hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses (bsc#1051510).\n\n - hwrng: virtio - Avoid repeated init of completion (bsc#1051510).\n\n - i2c: imx: correct the method of getting private data in notifier_call (bsc#1111666).\n\n - i2c: Make i2c_unregister_device() NULL-aware (bsc#1108193).\n\n - i2c: synquacer: fix enumeration of slave devices (bsc#1111666).\n\n - ibmvnic: Enable GRO (bsc#1132227).\n\n - ibmvnic: Fix completion structure initialization (bsc#1131659).\n\n - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227).\n\n - igmp: fix incorrect unsolicit report count when join group (git-fixes).\n\n - iio: adc: at91: disable adc channel interrupt in timeout case (bsc#1051510).\n\n - iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver (bsc#1051510).\n\n - iio: adc: xilinx: fix potential use-after-free on remove (bsc#1051510).\n\n - iio: ad_sigma_delta: select channel when reading register (bsc#1051510).\n\n - iio: core: fix a possible circular locking dependency (bsc#1051510).\n\n - iio: cros_ec: Fix the maths for gyro scale calculation (bsc#1051510).\n\n - iio: dac: mcp4725: add missing powerdown bits in store eeprom (bsc#1051510).\n\n - iio: Fix scan mask selection (bsc#1051510).\n\n - iio/gyro/bmg160: Use millidegrees for temperature scale (bsc#1051510).\n\n - iio: gyro: mpu3050: fix chip ID reading (bsc#1051510).\n\n - inetpeer: fix uninit-value in inet_getpeer (git-fixes).\n\n - Input: elan_i2c - add hardware ID for multiple Lenovo laptops (bsc#1051510).\n\n - Input: introduce KEY_ASSISTANT (bsc#1051510).\n\n - Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bsc#1051510).\n\n - Input: synaptics-rmi4 - fix possible double free (bsc#1051510).\n\n - Input: synaptics-rmi4 - write config register values to the right offset (bsc#1051510).\n\n - intel_idle: add support for Jacobsville (jsc#SLE-5394).\n\n - intel_th: msu: Fix single mode with IOMMU (bsc#1051510).\n\n - intel_th: pci: Add Comet Lake support (bsc#1051510).\n\n - io: accel: kxcjk1013: restore the range after resume (bsc#1051510).\n\n - iommu/amd: Set exclusion range correctly (bsc#1130425).\n\n - iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135006).\n\n - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135007).\n\n - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135008).\n\n - ip6_tunnel: collect_md xmit: Use ip_tunnel_key's provided src address (git-fixes).\n\n - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (networking-stable-19_04_10).\n\n - ipconfig: Correctly initialise ic_nameservers (bsc#1051510).\n\n - ipmi: Fix I2C client removal in the SSIF driver (bsc#1108193).\n\n - ipmi: fix sleep-in-atomic in free_user at cleanup SRCU user->release_barrier (bsc#1111666).\n\n - ipmi: Prevent use-after-free in deliver_response (bsc#1111666).\n\n - ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1051510).\n\n - ipmi_ssif: Remove duplicate NULL check (bsc#1108193).\n\n - ip_tunnel: Fix name string concatenate in\n __ip_tunnel_create() (git-fixes).\n\n - ipv4: Return error for RTA_VIA attribute (networking-stable-19_03_07).\n\n - ipv6: fix cleanup ordering for ip6_mr failure (git-fixes).\n\n - ipv6: fix cleanup ordering for pingv6 registration (git-fixes).\n\n - ipv6: Fix dangling pointer when ipv6 fragment (git-fixes).\n\n - ipv6: mcast: fix unsolicited report interval after receiving querys (git-fixes).\n\n - ipv6: propagate genlmsg_reply return code (networking-stable-19_02_24).\n\n - ipv6: Return error for RTA_VIA attribute (networking-stable-19_03_07).\n\n - ipv6: sit: reset ip header pointer in ipip6_rcv (git-fixes).\n\n - ipvlan: Add the skb->mark as flow4's member to lookup route (bsc#1051510).\n\n - ipvlan: disallow userns cap_net_admin to change global mode/flags (networking-stable-19_03_15).\n\n - ipvlan: fix ipv6 outbound device (bsc#1051510).\n\n - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510).\n\n - ipvs: fix buffer overflow with sync daemon and service (git-fixes).\n\n - ipvs: fix check on xmit to non-local addresses (git-fixes).\n\n - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bsc#1051510).\n\n - ipvs: fix rtnl_lock lockups caused by start_sync_thread (git-fixes).\n\n - ipvs: Fix signed integer overflow when setsockopt timeout (bsc#1051510).\n\n - ipvs: fix stats update from local clients (git-fixes).\n\n - ipvs: remove IPS_NAT_MASK check to fix passive FTP (git-fixes).\n\n - iw_cxgb4: cq/qp mask depends on bar2 pages in a host page (bsc#1127371).\n\n - iw_cxgb4: only allow 1 flush on user qps (bsc#1051510).\n\n - iwiwifi: fix bad monitor buffer register addresses (bsc#1129770).\n\n - iwlwifi: fix driver operation for 5350 (bsc#1111666).\n\n - iwlwifi: fix send hcmd timeout recovery flow (bsc#1129770).\n\n - kABI: protect functions using struct net_generic (bsc#1129845 LTC#176252).\n\n - kABI: protect ip_options_rcv_srr (kabi).\n\n - kABI: protect struct mlx5_td (kabi).\n\n - kABI: protect struct smcd_dev (bsc#1129845 LTC#176252).\n\n - kABI: protect struct smc_ib_device (bsc#1129845 LTC#176252).\n\n - kABI: restore icmp_send (kabi).\n\n - kABI workaround for removed usb_interface.pm_usage_cnt field (bsc#1051510).\n\n - kABI workaround for snd_seq_kernel_client_enqueue() API changes (bsc#1051510).\n\n - kbuild: strip whitespace in cmd_record_mcount findstring (bsc#1065729).\n\n - kcm: switch order of device registration to fix a crash (bnc#1130527).\n\n - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bsc#1051510).\n\n - kernel/sysctl.c: fix out-of-bounds access when setting file-max (bsc#1051510).\n\n - kernfs: do not set dentry->d_fsdata (boo#1133115).\n\n - KEYS: always initialize keyring_index_key::desc_len (bsc#1051510).\n\n - KEYS: user: Align the payload buffer (bsc#1051510).\n\n - kmsg: Update message catalog to latest IBM level (2019/03/08) (bsc#1128904 LTC#176078).\n\n - kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132563).\n\n - kvm: Fix kABI for AMD SMAP Errata workaround (bsc#1133149).\n\n - kvm: Fix UAF in nested posted interrupt processing (bsc#1134199).\n\n - kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132561).\n\n - kvm: nVMX: Clear reserved bits of #DB exit qualification (bsc#1134200).\n\n - kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bsc#1132564).\n\n - kvm: nVMX: restore host state in nested_vmx_vmexit for VMFail (bsc#1134201).\n\n - kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bsc#1132562).\n\n - kvm: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch (bsc#1061840).\n\n - kvm: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation) (bsc#1133149).\n\n - kvm: VMX: Compare only a single byte for VMCS' 'launched' in vCPU-run (bsc#1132555).\n\n - kvm: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1134202).\n\n - kvm: x86: Always use 32-bit SMRAM save state for 32-bit kernels (bsc#1134203).\n\n - kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bsc#1134204).\n\n - kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1114279).\n\n - kvm: x86/mmu: Detect MMIO generation wrap in any address space (bsc#1132570).\n\n - kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132571).\n\n - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331).\n\n - kvm: x86: svm: make sure NMI is injected after nmi_singlestep (bsc#1134205).\n\n - l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510).\n\n - l2tp: filter out non-PPP sessions in pppol2tp_tunnel_ioctl() (git-fixes).\n\n - l2tp: fix missing refcount drop in pppol2tp_tunnel_ioctl() (git-fixes).\n\n - l2tp: only accept PPP sessions in pppol2tp_connect() (git-fixes).\n\n - l2tp: prevent pppol2tp_connect() from creating kernel sockets (git-fixes).\n\n - l2tp: revert 'l2tp: fix missing print session offset info' (bsc#1051510).\n\n - leds: avoid races with workqueue (bsc#1051510).\n\n - leds: pwm: silently error out on EPROBE_DEFER (bsc#1051510).\n\n - lib: add crc64 calculation routines (bsc#1130972).\n\n - libata: fix using DMA buffers on stack (bsc#1051510).\n\n - lib: do not depend on linux headers being installed (bsc#1130972).\n\n - lightnvm: if LUNs are already allocated fix return (bsc#1085535).\n\n - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr() (bsc#1051510).\n\n - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138).\n\n - mac80211: do not attempt to rename ERR_PTR() debugfs dirs (bsc#1111666).\n\n - mac80211: do not call driver wake_tx_queue op during reconfig (bsc#1051510).\n\n - mac80211: fix memory accounting with A-MSDU aggregation (bsc#1051510).\n\n - mac80211: fix unaligned access in mesh table hash function (bsc#1051510).\n\n - mac80211: Honor SW_CRYPTO_CONTROL for unicast keys in AP VLAN mode (bsc#1111666).\n\n - mac8390: Fix mmio access size probe (bsc#1051510).\n\n - md: batch flush requests (bsc#1119680).\n\n - md: Fix failed allocation of md_register_thread (git-fixes).\n\n - MD: fix invalid stored role for a disk (bsc#1051510).\n\n - md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes).\n\n - md/raid5: fix 'out of memory' during raid cache recovery (git-fixes).\n\n - media: atmel: atmel-isc: fix INIT_WORK misplacement (bsc#1051510).\n\n - media: cx18: update *pos correctly in cx18_read_pos() (bsc#1051510).\n\n - media: cx23885: check allocation return (bsc#1051510).\n\n - media: davinci-isif: avoid uninitialized variable use (bsc#1051510).\n\n - media: davinci/vpbe: array underflow in vpbe_enum_outputs() (bsc#1051510).\n\n - media: ivtv: update *pos correctly in ivtv_read_pos() (bsc#1051510).\n\n - media: mt9m111: set initial frame size other than 0x0 (bsc#1051510).\n\n - media: mtk-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510).\n\n - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bsc#1051510).\n\n - media: omap_vout: potential buffer overflow in vidioc_dqbuf() (bsc#1051510).\n\n - media: ov2659: fix unbalanced mutex_lock/unlock (bsc#1051510).\n\n - media: pvrusb2: Prevent a buffer overflow (bsc#1129770).\n\n - media: s5p-g2d: Correct return type for mem2mem buffer helpers (bsc#1051510).\n\n - media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510).\n\n - media: serial_ir: Fix use-after-free in serial_ir_init_module (bsc#1051510).\n\n - media: sh_veu: Correct return type for mem2mem buffer helpers (bsc#1051510).\n\n - media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame (bsc#1051510).\n\n - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap (bsc#1051510).\n\n - media: wl128x: Fix an error code in fm_download_firmware() (bsc#1051510).\n\n - media: wl128x: prevent two potential buffer overflows (bsc#1051510).\n\n - mISDN: Check address length before reading address family (bsc#1051510).\n\n - missing barriers in some of unix_sock ->addr and ->path accesses (networking-stable-19_03_15).\n\n - mmc: core: fix possible use after free of host (bsc#1051510).\n\n - mmc: core: Fix tag set memory leak (bsc#1111666).\n\n - mmc: davinci: remove extraneous __init annotation (bsc#1051510).\n\n - mm: create non-atomic version of SetPageReserved for init use (jsc#SLE-6647).\n\n - mmc: sdhci: Fix data command CRC error handling (bsc#1051510).\n\n - mmc: sdhci: Handle auto-command errors (bsc#1051510).\n\n - mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR (bsc#1051510).\n\n - mmc: tmio_mmc_core: do not claim spurious interrupts (bsc#1051510).\n\n - mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934).\n\n - mm/huge_memory: fix vmf_insert_pfn_(pmd, pud)() crash, handle unaligned addresses (bsc#1135330).\n\n - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935).\n\n - mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bsc#1133825).\n\n - mpls: Return error for RTA_GATEWAY attribute (networking-stable-19_03_07).\n\n - mt7601u: bump supported EEPROM version (bsc#1051510).\n\n - mtd: docg3: fix a possible memory leak of mtd->name (bsc#1051510).\n\n - mtd: docg3: Fix passing zero to 'PTR_ERR' warning in doc_probe_device (bsc#1051510).\n\n - mtd: nand: omap: Fix comment in platform data using wrong Kconfig symbol (bsc#1051510).\n\n - mtd: part: fix incorrect format specifier for an unsigned long long (bsc#1051510).\n\n - mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write (bsc#1129770).\n\n - mwifiex: do not advertise IBSS features without FW support (bsc#1129770).\n\n - mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510).\n\n - mwifiex: Make resume actually do something useful again on SDIO cards (bsc#1111666).\n\n - mwifiex: prevent an array overflow (bsc#1051510).\n\n - mwl8k: Fix rate_idx underflow (bsc#1051510).\n\n - net: Add header for usage of fls64() (networking-stable-19_02_20).\n\n - net: Add __icmp_send helper (networking-stable-19_03_07).\n\n - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6 (networking-stable-19_03_28).\n\n - net: avoid false positives in untrusted gso validation (git-fixes).\n\n - net: avoid skb_warn_bad_offload on IS_ERR (git-fixes).\n\n - net: avoid use IPCB in cipso_v4_error (networking-stable-19_03_07).\n\n - net: bridge: add vlan_tunnel to bridge port policies (git-fixes).\n\n - net: bridge: fix per-port af_packet sockets (git-fixes).\n\n - net: bridge: multicast: use rcu to access port list from br_multicast_start_querier (git-fixes).\n\n - net: datagram: fix unbounded loop in\n __skb_try_recv_datagram() (git-fixes).\n\n - net: Do not allocate page fragments that are not skb aligned (networking-stable-19_02_20).\n\n - net: dsa: legacy: do not unmask port bitmaps (git-fixes).\n\n - net: dsa: mv88e6xxx: Fix u64 statistics (networking-stable-19_03_07).\n\n - net: ethtool: not call vzalloc for zero sized memory request (networking-stable-19_04_10).\n\n - netfilter: bridge: Do not sabotage nf_hook calls from an l3mdev (git-fixes).\n\n - netfilter: bridge: ebt_among: add missing match size checks (git-fixes).\n\n - netfilter: bridge: ebt_among: add more missing match size checks (git-fixes).\n\n - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING (git-fixes).\n\n - netfilter: drop template ct when conntrack is skipped (git-fixes).\n\n - netfilter: ebtables: handle string from userspace with care (git-fixes).\n\n - netfilter: ebtables: reject non-bridge targets (git-fixes).\n\n - netfilter: ip6t_MASQUERADE: add dependency on conntrack module (git-fixes).\n\n - netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() (git-fixes).\n\n - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (git-fixes).\n\n - netfilter: nf_log: do not hold nf_log_mutex during user access (git-fixes).\n\n - netfilter: nf_log: fix uninit read in nf_log_proc_dostring (git-fixes).\n\n - netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v(4,6) (git-fixes).\n\n - netfilter: nf_tables: can't fail after linking rule into active rule list (git-fixes).\n\n - netfilter: nf_tables: check msg_type before nft_trans_set(trans) (git-fixes).\n\n - netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump() (git-fixes).\n\n - netfilter: nf_tables: release chain in flushing set (git-fixes).\n\n - netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_(match|target) (git-fixes).\n\n - netfilter: x_tables: fix int overflow in xt_alloc_table_info() (git-fixes).\n\n - netfilter: x_tables: initialise match/target check parameter struct (git-fixes).\n\n - net: Fix a bug in removing queues from XPS map (git-fixes).\n\n - net: Fix for_each_netdev_feature on Big endian (networking-stable-19_02_20).\n\n - net: fix IPv6 prefix route residue (networking-stable-19_02_20).\n\n - net: fix uninit-value in __hw_addr_add_ex() (git-fixes).\n\n - net: Fix untag for vlan packets without ethernet header (git-fixes).\n\n - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off (git-fixes).\n\n - net-gro: Fix GRO flush when receiving a GSO packet (networking-stable-19_04_10).\n\n - net: hsr: fix memory leak in hsr_dev_finalize() (networking-stable-19_03_15).\n\n - net/hsr: fix possible crash in add_timer() (networking-stable-19_03_15).\n\n - net/ibmvnic: Update carrier state after link state change (bsc#1135100).\n\n - net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760).\n\n - net: initialize skb->peeked when cloning (git-fixes).\n\n - net/ipv6: do not reinitialize ndev->cnf.addr_gen_mode on new inet6_dev (git-fixes).\n\n - net/ipv6: fix addrconf_sysctl_addr_gen_mode (git-fixes).\n\n - net/ipv6: propagate net.ipv6.conf.all.addr_gen_mode to devices (git-fixes).\n\n - net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE (git-fixes).\n\n - netlabel: fix out-of-bounds memory accesses (networking-stable-19_03_07).\n\n - netlink: fix uninit-value in netlink_sendmsg (git-fixes).\n\n - net/mlx5: Decrease default mr cache size (networking-stable-19_04_10).\n\n - net/mlx5e: Add a lock on tir list (networking-stable-19_04_10).\n\n - net/mlx5e: Do not overwrite pedit action when multiple pedit used (networking-stable-19_02_24).\n\n - net/mlx5e: Fix error handling when refreshing TIRs (networking-stable-19_04_10).\n\n - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails (networking-stable-19_03_07).\n\n - net/packet: fix 4gb buffer limit due to overflow check (networking-stable-19_02_24).\n\n - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (git-fixes).\n\n - net: rose: fix a possible stack overflow (networking-stable-19_03_28).\n\n - net/sched: act_sample: fix divide by zero in the traffic path (networking-stable-19_04_10).\n\n - net/sched: fix ->get helper of the matchall cls (networking-stable-19_04_10).\n\n - net_sched: fix two more memory leaks in cls_tcindex (networking-stable-19_02_24).\n\n - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 (networking-stable-19_03_15).\n\n - net: sit: fix memory leak in sit_init_net() (networking-stable-19_03_07).\n\n - net: sit: fix UBSAN Undefined behaviour in check_6rd (networking-stable-19_03_15).\n\n - net/smc: add pnet table namespace support (bsc#1129845 LTC#176252).\n\n - net/smc: add smcd support to the pnet table (bsc#1129845 LTC#176252).\n\n - net/smc: allow PCI IDs as ib device names in the pnet table (bsc#1129845 LTC#176252).\n\n - net/smc: allow pnetid-less configuration (bsc#1129845 LTC#176252).\n\n - net/smc: check for ip prefix and subnet (bsc#1134607 LTC#177518).\n\n - net/smc: cleanup for smcr_tx_sndbuf_nonempty (bsc#1129845 LTC#176252).\n\n - net/smc: cleanup of get vlan id (bsc#1134607 LTC#177518).\n\n - net/smc: code cleanup smc_listen_work (bsc#1134607 LTC#177518).\n\n - net/smc: consolidate function parameters (bsc#1134607 LTC#177518).\n\n - net/smc: fallback to TCP after connect problems (bsc#1134607 LTC#177518).\n\n - net/smc: fix a NULL pointer dereference (bsc#1134607 LTC#177518).\n\n - net/smc: fix return code from FLUSH command (bsc#1134607 LTC#177518).\n\n - net/smc: improve smc_conn_create reason codes (bsc#1134607 LTC#177518).\n\n - net/smc: improve smc_listen_work reason codes (bsc#1134607 LTC#177518).\n\n - net/smc: move unhash before release of clcsock (bsc#1134607 LTC#177518).\n\n - net/smc: nonblocking connect rework (bsc#1134607 LTC#177518).\n\n - net/smc: propagate file from SMC to TCP socket (bsc#1134607 LTC#177518).\n\n - net/smc: rework pnet table (bsc#1129845 LTC#176252).\n\n - net/smc: wait for pending work before clcsock release_sock (bsc#1134607 LTC#177518).\n\n - net: socket: fix potential spectre v1 gadget in socketcall (git-fixes).\n\n - net: socket: set sock->sk to NULL after calling proto_ops::release() (networking-stable-19_03_07).\n\n - net: stmmac: fix memory corruption with large MTUs (networking-stable-19_03_28).\n\n - net: test tailroom before appending to linear skb (git-fixes).\n\n - net: validate untrusted gso packets without csum offload (networking-stable-19_02_20).\n\n - net/x25: fix a race in x25_bind() (networking-stable-19_03_15).\n\n - net/x25: fix use-after-free in x25_device_event() (networking-stable-19_03_15).\n\n - net/x25: reset state in x25_connect() (networking-stable-19_03_15).\n\n - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() (git-fixes).\n\n - NFC: nci: Add some bounds checking in nci_hci_cmd_received() (bsc#1051510).\n\n - nfs: Add missing encode / decode sequence_maxsz to v4.2 operations (git-fixes).\n\n - nfsd4: catch some false session retries (git-fixes).\n\n - nfsd4: fix cached replies to solo SEQUENCE compounds (git-fixes).\n\n - nfs: Do not recoalesce on error in nfs_pageio_complete_mirror() (git-fixes).\n\n - nfs: Do not use page_file_mapping after removing the page (git-fixes).\n\n - nfs: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes).\n\n - nfs: Fix a soft lockup in the delegation recovery code (git-fixes).\n\n - nfs: Fix a typo in nfs_init_timeout_values() (git-fixes).\n\n - nfs: Fix dentry revalidation on NFSv4 lookup (bsc#1132618).\n\n - nfs: Fix I/O request leakages (git-fixes).\n\n - nfs: fix mount/umount race in nlmclnt (git-fixes).\n\n - nfs/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount (git-fixes).\n\n - nfsv4.1 do not free interrupted slot on open (git-fixes).\n\n - nfsv4.1: Reinitialise sequence results before retransmitting a request (git-fixes).\n\n - nfsv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE() (git-fixes).\n\n - nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands (bsc#1051510).\n\n - nvme: add proper discard setup for the multipath device (bsc#1114638).\n\n - nvme-fc: use separate work queue to avoid warning (bsc#1131673).\n\n - nvme: fix the dangerous reference of namespaces list (bsc#1131673).\n\n - nvme: make sure ns head inherits underlying device limits (bsc#1131673).\n\n - nvme-multipath: avoid crash on invalid subsystem cntlid enumeration (bsc#1129273).\n\n - nvme-multipath: avoid crash on invalid subsystem cntlid enumeration (bsc#1130937).\n\n - nvme-multipath: split bios with the ns_head bio_set before submitting (bsc#1103259, bsc#1131673).\n\n - nvme: only reconfigure discard if necessary (bsc#1114638).\n\n - ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) We need to turn on OCFS2_FS_STATS kernel configuration setting, to fix bsc#1134393.\n\n - omapfb: add missing of_node_put after of_device_is_available (bsc#1051510).\n\n - openvswitch: add seqadj extension when NAT is used (bsc#1051510).\n\n - openvswitch: fix flow actions reallocation (bsc#1051510).\n\n - overflow: Fix -Wtype-limits compilation warnings (bsc#1111666).\n\n - packet: fix reserve calculation (git-fixes).\n\n - packet: in packet_snd start writing at link layer allocation (git-fixes).\n\n - packet: refine ring v3 block size test to hold one frame (git-fixes).\n\n - packet: reset network header if packet shorter than ll reserved space (git-fixes).\n\n - packets: Always register packet sk in the same order (networking-stable-19_03_28).\n\n - packet: validate msg_namelen in send directly (git-fixes).\n\n - PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bsc#1051510).\n\n - PCI: designware-ep: Read-only registers need DBI_RO_WR_EN to be writable (bsc#1051510).\n\n - PCI: Init PCIe feature bits for managed host bridge alloc (bsc#1111666).\n\n - PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1051510).\n\n - PCI: Mark Atheros AR9462 to avoid bus reset (bsc#1051510).\n\n - PCI: pciehp: Convert to threaded IRQ (bsc#1133005).\n\n - PCI: pciehp: Ignore Link State Changes after powering off a slot (bsc#1133005).\n\n - PCI: pciehp: Tolerate Presence Detect hardwired to zero (bsc#1133016).\n\n - perf tools: Add Hygon Dhyana support ().\n\n - perf tools: Add Hygon Dhyana support (fate#327735).\n\n - perf/x86/amd: Add event map for AMD Family 17h (bsc#1134223).\n\n - perf/x86/amd: Update generic hardware cache events for Family 17h (bsc#1134223).\n\n - phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode (bsc#1051510).\n\n - phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs (bsc#1051510).\n\n - platform/x86: alienware-wmi: printing the wrong error code (bsc#1051510).\n\n - platform/x86: dell-rbtn: Add missing #include (bsc#1051510).\n\n - platform/x86: intel_pmc_ipc: adding error handling (bsc#1051510).\n\n - platform/x86: intel_punit_ipc: Revert 'Fix resource ioremap warning' (bsc#1051510).\n\n - platform/x86: pmc_atom: Drop __initconst on dmi table (bsc#1051510).\n\n - platform/x86: sony-laptop: Fix unintentional fall-through (bsc#1051510).\n\n - powerpc64/ftrace: Include ftrace.h needed for enable/disable calls (bsc#1088804, git-fixes).\n\n - powerpc/64s: Fix logic when handling unknown CPU features (bsc#1055117).\n\n - powerpc/64s: Fix page table fragment refcount race vs speculative references (bsc#1131326, bsc#1108937).\n\n - powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer (bsc#1065729).\n\n - powerpc: consolidate -mno-sched-epilog into FTRACE flags (bsc#1065729).\n\n - powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest (bsc#1061840).\n\n - powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback (bsc#1131900).\n\n - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR (bsc#1061840).\n\n - powerpc/mm: Add missing tracepoint for tlbie (bsc#1055117, git-fixes).\n\n - powerpc/mm: Check secondary hash page table (bsc#1065729).\n\n - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, fate#323286, git-fixes).\n\n - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, git-fixes).\n\n - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search (bsc#1131900).\n\n - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, fate#323286, git-fixes).\n\n - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, git-fixes).\n\n - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, fate#323286, git-fixes).\n\n - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, git-fixes).\n\n - powerpc/numa: document topology_updates_enabled, disable by default (bsc#1133584).\n\n - powerpc/numa: improve control of topology updates (bsc#1133584).\n\n - powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043).\n\n - powerpc/perf: Remove l2 bus events from HW cache event array (bsc#1053043).\n\n - powerpc/powernv/cpuidle: Init all present cpus for deep states (bsc#1055121).\n\n - powerpc/powernv: Do not reprogram SLW image on every KVM guest entry/exit (bsc#1061840).\n\n - powerpc/powernv/ioda2: Remove redundant free of TCE pages (bsc#1061840).\n\n - powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand (bsc#1061840).\n\n - powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU tables (bsc#1061840).\n\n - powerpc/powernv: Make opal log only readable by root (bsc#1065729).\n\n - powerpc/powernv: Remove never used pnv_power9_force_smt4 (bsc#1061840).\n\n - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178).\n\n - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587).\n\n - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587).\n\n - power: supply: axp20x_usb_power: Fix typo in VBUS current limit macros (bsc#1051510).\n\n - power: supply: axp288_charger: Fix unchecked return value (bsc#1051510).\n\n - proc/kcore: do not bounds check against address 0 (bsc#1051510).\n\n - proc: revalidate kernel thread inodes to root:root (bsc#1051510).\n\n - proc/sysctl: fix return error for proc_doulongvec_minmax() (bsc#1051510).\n\n - pwm: Fix deadlock warning when removing PWM device (bsc#1051510).\n\n - pwm: meson: Consider 128 a valid pre-divider (bsc#1051510).\n\n - pwm: meson: Do not disable PWM when setting duty repeatedly (bsc#1051510).\n\n - pwm: meson: Use the spin-lock only to protect register modifications (bsc#1051510).\n\n - pwm: tiehrpwm: Update shadow register for disabling PWMs (bsc#1051510).\n\n - qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128971).\n\n - qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128979).\n\n - qla2xxx: always allocate qla_tgt_wq (bsc#1131451).\n\n - qmi_wwan: add Olicard 600 (bsc#1051510).\n\n - qmi_wwan: Add support for Quectel EG12/EM12 (networking-stable-19_03_07).\n\n - raid10: It's wrong to add len to sector_nr in raid10 reshape twice (git-fixes).\n\n - RAS/CEC: Check the correct variable in the debugfs error handling (bsc#1085535).\n\n - ravb: Decrease TxFIFO depth of Q3 and Q2 to one (networking-stable-19_03_15).\n\n - rdma/cxgb4: Add support for 64Byte cqes (bsc#1127371).\n\n - rdma/cxgb4: Add support for kernel mode SRQ's (bsc#1127371).\n\n - rdma/cxgb4: Add support for srq functions & structs (bsc#1127371).\n\n - rdma/cxgb4: fix some info leaks (bsc#1127371).\n\n - rdma/cxgb4: Make c4iw_poll_cq_one() easier to analyze (bsc#1127371).\n\n - rdma/cxgb4: Remove a set-but-not-used variable (bsc#1127371).\n\n - rdma/iw_cxgb4: Drop __GFP_NOFAIL (bsc#1127371).\n\n - rdma/smc: Replace ib_query_gid with rdma_get_gid_attr (bsc#1131530 LTC#176717).\n\n - rds: fix refcount bug in rds_sock_addref (git-fixes).\n\n - rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete (git-fixes).\n\n - Re-enable nouveau for PCI device 10de:1cbb (bsc#1133593).\n\n - Re-export snd_cards for kABI compatibility (bsc#1051510).\n\n - regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB (bsc#1051510).\n\n - Revert 'alsa: seq: Protect in-kernel ioctl calls with mutex' (bsc#1051510).\n\n - Revert 'block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe drivers' (bsc#1110946, bsc#1119843).\n\n - Revert 'block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe drivers' (bsc#1110946, bsc#1119843).\n\n - Revert 'drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722)' The patch seems buggy, breaks the build for armv7hl/pae config.\n\n - Revert 'ide: unexport DISK_EVENT_MEDIA_CHANGE for ide-gd and ide-cd' (bsc#1110946).\n\n - Revert 'ide: unexport DISK_EVENT_MEDIA_CHANGE for ide-gd and ide-cd' (bsc#1110946, bsc#1119843).\n\n - Revert 'tty: pty: Fix race condition between release_one_tty and pty_write' (bsc#1051510).\n\n - ring-buffer: Check if memory is available before allocation (bsc#1132531).\n\n - rt2x00: do not increment sequence number while re-transmitting (bsc#1051510).\n\n - rtlwifi: rtl8723ae: Fix missing break in switch statement (bsc#1051510).\n\n - rxrpc: Do not release call mutex on error pointer (git-fixes).\n\n - rxrpc: Do not treat call aborts as conn aborts (git-fixes).\n\n - rxrpc: Fix client call queueing, waiting for channel (networking-stable-19_03_15).\n\n - rxrpc: Fix error reception on AF_INET6 sockets (git-fixes).\n\n - rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket (git-fixes).\n\n - rxrpc: Fix Tx ring annotation after initial Tx failure (git-fixes).\n\n - s390/dasd: fix panic for failed online processing (bsc#1132589).\n\n - s390/pkey: move pckmo subfunction available checks away from module init (bsc#1128544).\n\n - s390/qdio: clear intparm during shutdown (bsc#1134597 LTC#177516).\n\n - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178).\n\n - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bsc#1051510).\n\n - sc16is7xx: move label 'err_spi' to correct section (bsc#1051510).\n\n - sc16is7xx: put err_spi and err_i2c into correct #ifdef (bsc#1051510).\n\n - scripts/git_sort/git_sort.py: remove old SCSI git branches\n\n - scripts: override locale from environment when running recordmcount.pl (bsc#1134354).\n\n - scsi: libsas: allocate sense buffer for bsg queue (bsc#1131467).\n\n - scsi: qla2xxx: Add new FC-NVMe enable BIT to enable FC-NVMe feature (bsc#1130579).\n\n - scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (bsc#1132044).\n\n - scsi: smartpqi: add H3C controller IDs (bsc#1133547).\n\n - scsi: smartpqi: add h3c ssid (bsc#1133547).\n\n - scsi: smartpqi: add no_write_same for logical volumes (bsc#1133547).\n\n - scsi: smartpqi: add ofa support (bsc#1133547).\n\n - scsi: smartpqi: Add retries for device reset (bsc#1133547).\n\n - scsi: smartpqi: add smp_utils support (bsc#1133547).\n\n - scsi: smartpqi: add spdx (bsc#1133547).\n\n - scsi: smartpqi: add support for huawei controllers (bsc#1133547).\n\n - scsi: smartpqi: add support for PQI Config Table handshake (bsc#1133547).\n\n - scsi: smartpqi: add sysfs attributes (bsc#1133547).\n\n - scsi: smartpqi: allow for larger raid maps (bsc#1133547).\n\n - scsi: smartpqi: bump driver version (bsc#1133547).\n\n - scsi: smartpqi: bump driver version (bsc#1133547).\n\n - scsi: smartpqi: call pqi_free_interrupts() in pqi_shutdown() (bsc#1133547).\n\n - scsi: smartpqi: check for null device pointers (bsc#1133547).\n\n - scsi: smartpqi: correct host serial num for ssa (bsc#1133547).\n\n - scsi: smartpqi: correct lun reset issues (bsc#1133547).\n\n - scsi: smartpqi: correct volume status (bsc#1133547).\n\n - scsi: smartpqi: do not offline disks for transient did no connect conditions (bsc#1133547).\n\n - scsi: smartpqi: enhance numa node detection (bsc#1133547).\n\n - scsi: smartpqi: fix build warnings (bsc#1133547).\n\n - scsi: smartpqi: fix disk name mount point (bsc#1133547).\n\n - scsi: smartpqi: fully convert to the generic DMA API (bsc#1133547).\n\n - scsi: smartpqi: increase fw status register read timeout (bsc#1133547).\n\n - scsi: smartpqi: increase LUN reset timeout (bsc#1133547).\n\n - scsi: smartpqi_init: fix boolean expression in pqi_device_remove_start (bsc#1133547).\n\n - scsi: smartpqi: refactor sending controller raid requests (bsc#1133547).\n\n - scsi: smartpqi: Reporting 'logical unit failure' (bsc#1133547).\n\n - scsi: smartpqi: turn off lun data caching for ptraid (bsc#1133547).\n\n - scsi: smartpqi: update copyright (bsc#1133547).\n\n - scsi: smartpqi: update driver version (bsc#1133547).\n\n - scsi: smartpqi: wake up drives after os resumes from suspend (bsc#1133547).\n\n - sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment (networking-stable-19_02_24).\n\n - sctp: fix identification of new acks for SFR-CACC (git-fixes).\n\n - sctp: get sctphdr by offset in sctp_compute_cksum (networking-stable-19_03_28).\n\n - sctp: initialize _pad of sockaddr_in before copying to user memory (networking-stable-19_04_10).\n\n - sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune (git-fixes).\n\n - sctp: set frag_point in sctp_setsockopt_maxseg correctly` (git-fixes).\n\n - selinux: use kernel linux/socket.h for genheaders and mdp (bsc#1134810).\n\n - serial: 8250_pxa: honor the port number from devicetree (bsc#1051510).\n\n - serial: ar933x_uart: Fix build failure with disabled console (bsc#1051510).\n\n - serial: uartps: console_setup() can't be placed to init section (bsc#1051510).\n\n - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() (networking-stable-19_02_24).\n\n - soc/fsl/qe: Fix an error code in qe_pin_request() (bsc#1051510).\n\n - SoC: imx-sgtl5000: add missing put_device() (bsc#1051510).\n\n - soc: qcom: gsbi: Fix error handling in gsbi_probe() (bsc#1051510).\n\n - soc/tegra: fuse: Fix illegal free of IO base address (bsc#1051510).\n\n - soc/tegra: pmc: Drop locking from tegra_powergate_is_powered() (bsc#1051510).\n\n - spi: a3700: Clear DATA_OUT when performing a read (bsc#1051510).\n\n - spi: Add missing pm_runtime_put_noidle() after failed get (bsc#1111666).\n\n - spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios (bsc#1051510).\n\n - spi: bcm2835aux: setup gpio-cs to output and correct level during setup (bsc#1051510).\n\n - spi: bcm2835aux: warn in dmesg that native cs is not really supported (bsc#1051510).\n\n - spi-mem: fix kernel-doc for spi_mem_dirmap_(read|write)() (bsc#1111666).\n\n - spi: Micrel eth switch: declare missing of table (bsc#1051510).\n\n - spi: rspi: Fix sequencer reset during initialization (bsc#1051510).\n\n - spi: ST ST95HF NFC: declare missing of table (bsc#1051510).\n\n - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit (bsc#1051510).\n\n - staging: comedi: ni_usb6501: Fix possible double-free of\n ->usb_rx_buf (bsc#1051510).\n\n - staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bsc#1051510).\n\n - staging: comedi: vmk80xx: Fix possible double-free of\n ->usb_rx_buf (bsc#1051510).\n\n - staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bsc#1051510).\n\n - staging: iio: ad7192: Fix ad7193 channel address (bsc#1051510).\n\n - staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc (bsc#1051510).\n\n - staging: rtl8712: uninitialized memory in read_bbreg_hdl() (bsc#1051510).\n\n - staging: rtlwifi: Fix potential NULL pointer dereference of kzalloc (bsc#1111666).\n\n - staging: rtlwifi: rtl8822b: fix to avoid potential NULL pointer dereference (bsc#1111666).\n\n - staging: vt6655: Fix interrupt race condition on device start up (bsc#1051510).\n\n - staging: vt6655: Remove vif check from vnt_interrupt (bsc#1051510).\n\n - stm class: Fix an endless loop in channel allocation (bsc#1051510).\n\n - stm class: Fix channel free in stm output free path (bsc#1051510).\n\n - stm class: Prevent division by zero (bsc#1051510).\n\n - sunrpc: fix 4 more call sites that were using stack memory with a scatterlist (git-fixes).\n\n - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839).\n\n - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839).\n\n - supported.conf: dw_mmc-bluefield is not needed in kernel-default-base (bsc#1131574).\n\n - svm/avic: Fix invalidate logical APIC id entry (bsc#1132726).\n\n - svm: Fix AVIC DFR and LDR handling (bsc#1132558).\n\n - sysctl: handle overflow for file-max (bsc#1051510).\n\n - tcp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28).\n\n - tcp: Ensure DCTCP reacts to losses (networking-stable-19_04_10).\n\n - tcp: fix TCP_REPAIR_QUEUE bound checking (git-fixes).\n\n - tcp: purge write queue in tcp_connect_init() (git-fixes).\n\n - tcp: tcp_v4_err() should be more careful (networking-stable-19_02_20).\n\n - team: set slave to promisc if team is already in promisc mode (bsc#1051510).\n\n - testing: nvdimm: provide SZ_4G constant (bsc#1132982).\n\n - thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power (bsc#1051510).\n\n - thermal/int340x_thermal: Add additional UUIDs (bsc#1051510).\n\n - thermal/int340x_thermal: fix mode setting (bsc#1051510).\n\n - thunderx: eliminate extra calls to put_page() for pages held for recycling (networking-stable-19_03_28).\n\n - thunderx: enable page recycling for non-XDP case (networking-stable-19_03_28).\n\n - tipc: fix race condition causing hung sendto (networking-stable-19_03_07).\n\n - tools/cpupower: Add Hygon Dhyana support ().\n\n - tools/cpupower: Add Hygon Dhyana support (fate#327735).\n\n - tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770).\n\n - tpm: Fix the type of the return value in calc_tpm2_event_size() (bsc#1082555).\n\n - tracing: Fix a memory leak by early error exit in trace_pid_write() (bsc#1133702).\n\n - tracing: Fix buffer_ref pipe ops (bsc#1133698).\n\n - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account (bsc#1132527).\n\n - tty: increase the default flip buffer limit to 2*640K (bsc#1051510).\n\n - tty: pty: Fix race condition between release_one_tty and pty_write (bsc#1051510).\n\n - tty: serial_core, add ->install (bnc#1129693).\n\n - tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0 (bsc#1051510).\n\n - tun: add a missing rcu_read_unlock() in error path (networking-stable-19_03_28).\n\n - tun: fix blocking read (networking-stable-19_03_07).\n\n - tun: properly test for IFF_UP (networking-stable-19_03_28).\n\n - tun: remove unnecessary memory barrier (networking-stable-19_03_07).\n\n - uas: fix alignment of scatter/gather segments (bsc#1129770).\n\n - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1135323).\n\n - Update config files. Debug kernel is not supported (bsc#1135492).\n\n - Update config files: disable CONFIG_IDE for ppc64le\n\n - usb: cdc-acm: fix unthrottle races (bsc#1051510).\n\n - usb: chipidea: Grab the (legacy) USB PHY by phandle first (bsc#1051510).\n\n - usb: core: Fix bug caused by duplicate interface PM usage counter (bsc#1051510).\n\n - usb: core: Fix unterminated string returned by usb_string() (bsc#1051510).\n\n - usb: dwc3: Fix default lpm_nyet_threshold value (bsc#1051510).\n\n - usb: f_fs: Avoid crash due to out-of-scope stack ptr access (bsc#1051510).\n\n - usb: gadget: net2272: Fix net2272_dequeue() (bsc#1051510).\n\n - usb: gadget: net2280: Fix net2280_dequeue() (bsc#1051510).\n\n - usb: gadget: net2280: Fix overrun of OUT messages (bsc#1051510).\n\n - usb: serial: cp210x: fix GPIO in autosuspend (bsc#1120902).\n\n - usb: serial: f81232: fix interrupt worker not stop (bsc#1051510).\n\n - usb: serial: fix unthrottle races (bsc#1051510).\n\n - usb-storage: Set virt_boundary_mask to avoid SG overflows (bsc#1051510).\n\n - usb: u132-hcd: fix resource leak (bsc#1051510).\n\n - usb: usb251xb: fix to avoid potential NULL pointer dereference (bsc#1051510).\n\n - usb: usbip: fix isoc packet num validation in get_pipe (bsc#1051510).\n\n - usb: w1 ds2490: Fix bug caused by improper use of altsetting array (bsc#1051510).\n\n - usb: yurex: Fix protection fault after device removal (bsc#1051510).\n\n - vfio/mdev: Avoid release parent reference during error path (bsc#1051510).\n\n - vfio/mdev: Fix aborting mdev child device removal if one fails (bsc#1051510).\n\n - vfio_pci: Enable memory accesses before calling pci_map_rom (bsc#1051510).\n\n - vfio/pci: use correct format characters (bsc#1051510).\n\n - vfs: allow dedupe of user owned read-only files (bsc#1133778, bsc#1132219).\n\n - vfs: avoid problematic remapping requests into partial EOF block (bsc#1133850, bsc#1132219).\n\n - vfs: dedupe: extract helper for a single dedup (bsc#1133769, bsc#1132219).\n\n - vfs: dedupe should return EPERM if permission is not granted (bsc#1133779, bsc#1132219).\n\n - vfs: exit early from zero length remap operations (bsc#1132411, bsc#1132219).\n\n - vfs: export vfs_dedupe_file_range_one() to modules (bsc#1133772, bsc#1132219).\n\n - vfs: limit size of dedupe (bsc#1132397, bsc#1132219).\n\n - vfs: rename clone_verify_area to remap_verify_area (bsc#1133852, bsc#1132219).\n\n - vfs: skip zero-length dedupe requests (bsc#1133851, bsc#1132219).\n\n - vfs: swap names of (do,vfs)_clone_file_range() (bsc#1133774, bsc#1132219).\n\n - vfs: vfs_clone_file_prep_inodes should return EINVAL for a clone from beyond EOF (bsc#1133780, bsc#1132219).\n\n - vhost/vsock: fix reset orphans race with close timeout (bsc#1051510).\n\n - virtio-blk: limit number of hw queues by nr_cpu_ids (bsc#1051510).\n\n - virtio: Honour 'may_reduce_num' in vring_create_virtqueue (bsc#1051510).\n\n - virtio_pci: fix a NULL pointer reference in vp_del_vqs (bsc#1051510).\n\n - vrf: check accept_source_route on the original netdevice (networking-stable-19_04_10).\n\n - vsock/virtio: fix kernel panic after device hot-unplug (bsc#1051510).\n\n - vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock (bsc#1051510).\n\n - vsock/virtio: Initialize core virtio vsock before registering the driver (bsc#1051510).\n\n - vsock/virtio: reset connected sockets on device removal (bsc#1051510).\n\n - vt: always call notifier with the console lock held (bsc#1051510).\n\n - vxlan: Do not call gro_cells_destroy() before device is unregistered (networking-stable-19_03_28).\n\n - vxlan: test dev->flags & IFF_UP before calling netif_rx() (networking-stable-19_02_20).\n\n - wil6210: check NULL pointer in\n _wil_cfg80211_merge_extra_ies (bsc#1051510).\n\n - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure (bsc#1051510).\n\n - x86/alternative: Init ideal_nops for Hygon Dhyana (fate#327735).\n\n - x86/amd_nb: Check vendor in AMD-only functions (fate#327735).\n\n - x86/apic: Add Hygon Dhyana support (fate#327735).\n\n - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (fate#327735).\n\n - x86/cpu: Create Hygon Dhyana architecture support file (fate#327735).\n\n - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana ().\n\n - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (fate#327735).\n\n - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (fate#327735).\n\n - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331).\n\n - x86/events: Add Hygon Dhyana support to PMU infrastructure (fate#327735).\n\n - x86/kvm: Add Hygon Dhyana support to KVM (fate#327735).\n\n - x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init (bsc#1132572).\n\n - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (fate#327735).\n\n - x86/MCE/AMD, EDAC/mce_amd: Add new error descriptions for some SMCA bank types (bsc#1128415).\n\n - x86/MCE/AMD, EDAC/mce_amd: Add new McaTypes for CS, PSP, and SMU units (bsc#1128415).\n\n - x86/MCE/AMD, EDAC/mce_amd: Add new MP5, NBIO, and PCIE SMCA bank types (bsc#1128415).\n\n - x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type (bsc#1128415).\n\n - x86/mce/AMD: Pass the bank number to smca_get_bank_type() (bsc#1128415).\n\n - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (fate#327735).\n\n - x86/MCE: Fix kABI for new AMD bank names (bsc#1128415).\n\n - x86/mce: Handle varying MCA bank counts (bsc#1128415).\n\n - x86/msr-index: Cleanup bit defines (bsc#1111331).\n\n - x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub (bsc#1120318).\n\n - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (fate#327735).\n\n - x86/perf/amd: Remove need to check 'running' bit in NMI handler (bsc#1131438).\n\n - x86/perf/amd: Resolve NMI latency issues for active PMCs (bsc#1131438).\n\n - x86/perf/amd: Resolve race condition when disabling PMC (bsc#1131438).\n\n - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (fate#327735).\n\n - x86/speculation/mds: Fix documentation typo (bsc#1135642).\n\n - x86/speculation: Prevent deadlock on ssb_state::lock (bsc#1114279).\n\n - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178).\n\n - x86/tsc: Force inlining of cyc2ns bits (bsc#1052904).\n\n - x86/xen: Add Hygon Dhyana support to Xen (fate#327735).\n\n - xen-netback: do not populate the hash cache on XenBus disconnect (networking-stable-19_03_07).\n\n - xen-netback: fix occasional leak of grant ref mappings under memory pressure (networking-stable-19_03_07).\n\n - xen: Prevent buffer overflow in privcmd ioctl (bsc#1065600).\n\n - xfrm6: avoid potential infinite loop in\n _decode_session6() (git-fixes).\n\n - xfrm6: call kfree_skb when skb is toobig (git-fixes).\n\n - xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos (git-fixes).\n\n - xfrm: Fix ESN sequence number handling for IPsec GSO packets (git-fixes).\n\n - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (git-fixes).\n\n - xfrm: fix 'passing zero to ERR_PTR()' warning (git-fixes).\n\n - xfrm: fix rcu_read_unlock usage in xfrm_local_error (git-fixes).\n\n - xfrm: Fix stack-out-of-bounds read on socket policy lookup (git-fixes).\n\n - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (git-fixes).\n\n - xfrm: reset crypto_done when iterating over multiple input xfrms (git-fixes).\n\n - xfrm: reset transport header back to network header after all input transforms ahave been applied (git-fixes).\n\n - xfrm: Return error on unknown encap_type in init_state (git-fixes).\n\n - xfrm_user: prevent leaking 2 bytes of kernel memory (git-fixes).\n\n - xfrm: Validate address prefix lengths in the xfrm selector (git-fixes).\n\n - xfs: add log item pinning error injection tag (bsc#1114427).\n\n - xfs: add the ability to join a held buffer to a defer_ops (bsc#1133674).\n\n - xfs: allow xfs_lock_two_inodes to take different EXCL/SHARED modes (bsc#1132370, bsc#1132219).\n\n - xfs: buffer lru reference count error injection tag (bsc#1114427).\n\n - xfs: call xfs_qm_dqattach before performing reflink operations (bsc#1132368, bsc#1132219).\n\n - xfs: cap the length of deduplication requests (bsc#1132373, bsc#1132219).\n\n - xfs: check _btree_check_block value (bsc#1123663).\n\n - xfs: clean up xfs_reflink_remap_blocks call site (bsc#1132413, bsc#1132219).\n\n - xfs: convert drop_writes to use the errortag mechanism (bsc#1114427).\n\n - xfs: create block pointer check functions (bsc#1123663).\n\n - xfs: create inode pointer verifiers (bsc#1114427).\n\n - xfs: detect and fix bad summary counts at mount (bsc#1114427).\n\n - xfs: export _inobt_btrec_to_irec and\n _ialloc_cluster_alignment for scrub (bsc#1114427).\n\n - xfs: export various function for the online scrubber (bsc#1123663).\n\n - xfs: expose errortag knobs via sysfs (bsc#1114427).\n\n - xfs: fix data corruption w/ unaligned dedupe ranges (bsc#1132405, bsc#1132219).\n\n - xfs: fix data corruption w/ unaligned reflink ranges (bsc#1132407, bsc#1132219).\n\n - xfs: fix pagecache truncation prior to reflink (bsc#1132412, bsc#1132219).\n\n - xfs: fix reporting supported extra file attributes for statx() (bsc#1133529).\n\n - xfs: fix unused variable warning in xfs_buf_set_ref() (bsc#1114427).\n\n - xfs: flush removing page cache in xfs_reflink_remap_prep (bsc#1132414, bsc#1132219).\n\n - xfs: force summary counter recalc at next mount (bsc#1114427).\n\n - xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (bsc#1133675).\n\n - xfs: kill meaningless variable 'zero' (bsc#1106011).\n\n - xfs: make errortag a per-mountpoint structure (bsc#1123663).\n\n - xfs: move error injection tags into their own file (bsc#1114427).\n\n - xfs: only grab shared inode locks for source file during reflink (bsc#1132372, bsc#1132219).\n\n - xfs: prepare xfs_break_layouts() for another layout type (bsc#1106011).\n\n - xfs: prepare xfs_break_layouts() to be called with XFS_MMAPLOCK_EXCL (bsc#1106011).\n\n - xfs: refactor btree block header checking functions (bsc#1123663).\n\n - xfs: refactor btree pointer checks (bsc#1123663).\n\n - xfs: refactor clonerange preparation into a separate helper (bsc#1132402, bsc#1132219).\n\n - xfs: refactor unmount record write (bsc#1114427).\n\n - xfs: refactor xfs_trans_roll (bsc#1133667).\n\n - xfs: reflink find shared should take a transaction (bsc#1132226, bsc#1132219).\n\n - xfs: reflink should break pnfs leases before sharing blocks (bsc#1132369, bsc#1132219).\n\n - xfs: remove dest file's post-eof preallocations before reflinking (bsc#1132365, bsc#1132219).\n\n - xfs: remove the ip argument to xfs_defer_finish (bsc#1133672).\n\n - xfs: remove unneeded parameter from XFS_TEST_ERROR (bsc#1123663).\n\n - xfs: remove xfs_zero_range (bsc#1106011).\n\n - xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN (bsc#1123663).\n\n - xfs: rename xfs_defer_join to xfs_defer_ijoin (bsc#1133668).\n\n - xfs: replace log_badcrc_factor knob with error injection tag (bsc#1114427).\n\n - xfs: sanity-check the unused space before trying to use it (bsc#1123663).\n\n - xfs: update ctime and remove suid before cloning files (bsc#1132404, bsc#1132219).\n\n - xfs: zero posteof blocks when cloning above eof (bsc#1132403, bsc#1132219).", "cvss3": {}, "published": "2019-06-03T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2019-1479)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4343", "CVE-2018-7191", "CVE-2019-11085", "CVE-2019-11486", "CVE-2019-11811", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-3882", "CVE-2019-5489", "CVE-2019-9500", "CVE-2019-9503"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel"], "id": "OPENSUSE-2019-1479.NASL", "href": "https://www.tenable.com/plugins/nessus/125667", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1479.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125667);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2013-4343\", \"CVE-2018-7191\", \"CVE-2019-11085\", \"CVE-2019-11486\", \"CVE-2019-11811\", \"CVE-2019-11815\", \"CVE-2019-11833\", \"CVE-2019-11884\", \"CVE-2019-3882\", \"CVE-2019-5489\", \"CVE-2019-9500\", \"CVE-2019-9503\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2019-1479)\");\n script_summary(english:\"Check for the openSUSE-2019-1479 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The openSUSE Leap 15.1 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-7191: In the tun subsystem dev_get_valid_name\n xwas not called before register_netdevice. This allowed\n local users to cause a denial of service (NULL pointer\n dereference and panic) via an ioctl(TUNSETIFF) call with\n a dev name containing a / character. This is similar to\n CVE-2013-4343 (bnc#1135603).\n\n - CVE-2019-11085: Insufficient input validation in Kernel\n Mode Driver in Intel(R) i915 Graphics for Linux may have\n allowed an authenticated user to potentially enable\n escalation of privilege via local access (bnc#1135278).\n\n - CVE-2019-11486: The Siemens R3964 line discipline driver\n in drivers/tty/n_r3964.c in the Linux kernel had\n multiple race conditions (bnc#1133188). It was disabled\n by default.\n\n - CVE-2019-11811: There is a use-after-free upon attempted\n read access to /proc/ioports after the ipmi_si module is\n removed, related to drivers/char/ipmi/ipmi_si_intf.c,\n drivers/char/ipmi/ipmi_si_mem_io.c, and\n drivers/char/ipmi/ipmi_si_port_io.c (bnc#1134397).\n\n - CVE-2019-11815: An issue was discovered in\n rds_tcp_kill_sock in net/rds/tcp.c kernel. There is a\n race condition leading to a use-after-free, related to\n net namespace cleanup (bnc#1134537).\n\n - CVE-2019-11833: fs/ext4/extents.c did not zero out the\n unused memory region in the extent tree block, which\n might allow local users to obtain sensitive information\n by reading uninitialized data in the filesystem\n (bnc#1135281).\n\n - CVE-2019-11884: The do_hidp_sock_ioctl function in\n net/bluetooth/hidp/sock.c allowed a local user to obtain\n potentially sensitive information from kernel stack\n memory via a HIDPCONNADD command, because a name field\n may not end with a '\\0' character (bnc#1134848).\n\n - CVE-2019-3882: A flaw was found in the vfio interface\n implementation that permits violation of the user's\n locked memory limit. If a device is bound to a vfio\n driver, such as vfio-pci, and the local attacker is\n administratively granted ownership of the device, it may\n cause a system memory exhaustion and thus a denial of\n service (DoS). (bnc#1131416 bnc#1131427).\n\n - CVE-2019-5489: The mincore() implementation in\n mm/mincore.c allowed local attackers to observe page\n cache access patterns of other processes on the same\n system, potentially allowing sniffing of secret\n information. (Fixing this affects the output of the\n fincore program.) Limited remote exploitation may be\n possible, as demonstrated by latency differences in\n accessing public files from an Apache HTTP Server\n (bnc#1120843).\n\n - CVE-2019-9500: A brcmfmac heap buffer overflow in\n brcmf_wowl_nd_results was fixed (bnc#1132681).\n\n - CVE-2019-9503: Multiple brcmfmac frame validation\n bypasses have been fixed (bnc#1132828).\n\nThe following non-security bugs were fixed :\n\n - 9p: do not trust pdu content for stat item size\n (bsc#1051510).\n\n - 9p locks: add mount option for lock retry interval\n (bsc#1051510).\n\n - acpi: Add Hygon Dhyana support ().\n\n - acpi: Add Hygon Dhyana support (fate#327735).\n\n - acpi: button: reinitialize button state upon resume\n (bsc#1051510).\n\n - acpiCA: AML interpreter: add region addresses in global\n list during initialization (bsc#1051510).\n\n - acpiCA: Namespace: remove address node from global list\n after method termination (bsc#1051510).\n\n - acpi, nfit: Prefer _DSM over _LSR for namespace label\n reads (bsc#112128) (bsc#1132426).\n\n - acpi: PM: Set enable_for_wake for wakeup GPEs during\n suspend-to-idle (bsc#1111666).\n\n - acpi: property: restore _DSD data subnodes GUID comment\n (bsc#1111666).\n\n - acpi / SBS: Fix GPE storm on recent MacBookPro's\n (bsc#1051510).\n\n - acpi / utils: Drop reference in test for device presence\n (bsc#1051510).\n\n - alsa: core: Do not refer to snd_cards array directly\n (bsc#1051510).\n\n - alsa: core: Fix card races between register and\n disconnect (bsc#1051510).\n\n - alsa: emu10k1: Drop superfluous id-uniquification\n behavior (bsc#1051510).\n\n - alsa: hda - Add two more machines to the\n power_save_blacklist (bsc#1051510).\n\n - alsa: hda/hdmi - Consider eld_valid when reporting jack\n event (bsc#1051510).\n\n - alsa: hda/hdmi - Read the pin sense from register when\n repolling (bsc#1051510).\n\n - alsa: hda: Initialize power_state field properly\n (bsc#1051510).\n\n - alsa: hda/realtek - Add new Dell platform for headset\n mode (bsc#1051510).\n\n - alsa: hda/realtek - add two more pin configuration sets\n to quirk table (bsc#1051510).\n\n - alsa: hda/realtek - Apply the fixup for ASUS Q325UAR\n (bsc#1051510).\n\n - alsa: hda/realtek - Avoid superfluous COEF EAPD setups\n (bsc#1051510).\n\n - alsa: hda/realtek - Corrected fixup for System76 Gazelle\n (gaze14) (bsc#1051510).\n\n - alsa: hda/realtek - EAPD turn on later (bsc#1051510).\n\n - alsa: hda/realtek: Enable headset MIC of Acer TravelMate\n B114-21 with ALC233 (bsc#1111666).\n\n - alsa: hda/realtek - Fixed Dell AIO speaker noise\n (bsc#1051510).\n\n - alsa: hda/realtek - Fix for Lenovo B50-70 inverted\n internal microphone bug (bsc#1051510).\n\n - alsa: hda/realtek - Fixup headphone noise via runtime\n suspend (bsc#1051510).\n\n - alsa: hda/realtek - Move to ACT_INIT state\n (bsc#1111666).\n\n - alsa: hda/realtek - Support low power consumption for\n ALC256 (bsc#1051510).\n\n - alsa: hda/realtek - Support low power consumption for\n ALC295 (bsc#1051510).\n\n - alsa: hda - Register irq handler after the chip\n initialization (bsc#1051510).\n\n - alsa: hda - Use a macro for snd_array iteration loops\n (bsc#1051510).\n\n - alsa: hdea/realtek - Headset fixup for System76 Gazelle\n (gaze14) (bsc#1051510).\n\n - alsa: info: Fix racy addition/deletion of nodes\n (bsc#1051510).\n\n - alsa: line6: Avoid polluting led_* namespace\n (bsc#1051510).\n\n - alsa: line6: use dynamic buffers (bsc#1051510).\n\n - alsa: PCM: check if ops are defined before suspending\n PCM (bsc#1051510).\n\n - alsa: seq: Align temporary re-locking with irqsave\n version (bsc#1051510).\n\n - alsa: seq: Correct unlock sequence at\n snd_seq_client_ioctl_unlock() (bsc#1051510).\n\n - alsa: seq: Cover unsubscribe_port() in list_mutex\n (bsc#1051510).\n\n - alsa: seq: Fix OOB-reads from strlcpy (bsc#1051510).\n\n - alsa: seq: Fix race of get-subscription call vs\n port-delete ioctls (bsc#1051510).\n\n - alsa: seq: Protect in-kernel ioctl calls with mutex\n (bsc#1051510).\n\n - alsa: seq: Protect racy pool manipulation from OSS\n sequencer (bsc#1051510).\n\n - alsa: seq: Remove superfluous irqsave flags\n (bsc#1051510).\n\n - alsa: seq: Simplify snd_seq_kernel_client_enqueue()\n helper (bsc#1051510).\n\n - alsa: timer: Check ack_list emptiness instead of bit\n flag (bsc#1051510).\n\n - alsa: timer: Coding style fixes (bsc#1051510).\n\n - alsa: timer: Make snd_timer_close() really kill pending\n actions (bsc#1051510).\n\n - alsa: timer: Make sure to clear pending ack list\n (bsc#1051510).\n\n - alsa: timer: Revert active callback sync check at close\n (bsc#1051510).\n\n - alsa: timer: Simplify error path in snd_timer_open()\n (bsc#1051510).\n\n - alsa: timer: Unify timer callback process code\n (bsc#1051510).\n\n - alsa: usb-audio: Fix a memory leak bug (bsc#1051510).\n\n - alsa: usb-audio: Handle the error from\n snd_usb_mixer_apply_create_quirk() (bsc#1051510).\n\n - alsa: usx2y: fix a double free bug (bsc#1051510).\n\n - appletalk: Fix compile regression (bsc#1051510).\n\n - appletalk: Fix use-after-free in atalk_proc_exit\n (bsc#1051510).\n\n - ARM: 8824/1: fix a migrating irq bug when hotplug cpu\n (bsc#1051510).\n\n - ARM: 8833/1: Ensure that NEON code always compiles with\n Clang (bsc#1051510).\n\n - ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t\n (bsc#1051510).\n\n - ARM: 8840/1: use a raw_spinlock_t in unwind\n (bsc#1051510).\n\n - ARM: avoid Cortex-A9 livelock on tight dmb loops\n (bsc#1051510).\n\n - ARM: imx6q: cpuidle: fix bug that CPU might not wake up\n at expected time (bsc#1051510).\n\n - ARM: OMAP2+: fix lack of timer interrupts on CPU1 after\n hotplug (bsc#1051510).\n\n - ARM: OMAP2+: Variable 'reg' in function\n omap4_dsi_mux_pads() could be uninitialized\n (bsc#1051510).\n\n - ARM: pxa: ssp: unneeded to free devm_ allocated data\n (bsc#1051510).\n\n - ARM: s3c24xx: Fix boolean expressions in\n osiris_dvs_notify (bsc#1051510).\n\n - ARM: samsung: Limit SAMSUNG_PM_CHECK config option to\n non-Exynos platforms (bsc#1051510).\n\n - ASoC: cs4270: Set auto-increment bit for register writes\n (bsc#1051510).\n\n - ASoC: fix valid stream condition (bsc#1051510).\n\n - ASoC: fsl-asoc-card: fix object reference leaks in\n fsl_asoc_card_probe (bsc#1051510).\n\n - ASoC: fsl_esai: fix channel swap issue when stream\n starts (bsc#1051510).\n\n - ASoC: fsl_esai: Fix missing break in switch statement\n (bsc#1051510).\n\n - ASoC: hdmi-codec: fix S/PDIF DAI (bsc#1051510).\n\n - ASoC: Intel: avoid Oops if DMA setup fails\n (bsc#1051510).\n\n - ASoC: max98090: Fix restore of DAPM Muxes (bsc#1051510).\n\n - ASoC: nau8810: fix the issue of widget with prefixed\n name (bsc#1051510).\n\n - ASoC: nau8824: fix the issue of the widget with prefix\n name (bsc#1051510).\n\n - ASoC: RT5677-SPI: Disable 16Bit SPI Transfers\n (bsc#1051510).\n\n - ASoC: samsung: odroid: Fix clock configuration for 44100\n sample rate (bsc#1051510).\n\n - ASoC:soc-pcm:fix a codec fixup issue in TDM case\n (bsc#1051510).\n\n - ASoC: stm32: fix sai driver name initialisation\n (bsc#1051510).\n\n - ASoC: tlv320aic32x4: Fix Common Pins (bsc#1051510).\n\n - ASoC: topology: free created components in tplg load\n error (bsc#1051510).\n\n - ASoC: wm_adsp: Add locking to wm_adsp2_bus_error\n (bsc#1051510).\n\n - assume flash part size to be 4MB, if it can't be\n determined (bsc#1127371).\n\n - at76c50x-usb: Do not register led_trigger if\n usb_register_driver failed (bsc#1051510).\n\n - ath10k: avoid possible string overflow (bsc#1051510).\n\n - ath10k: snoc: fix unbalanced clock error handling\n (bsc#1111666).\n\n - audit: fix a memleak caused by auditing load module\n (bsc#1051510).\n\n - b43: shut up clang -Wuninitialized variable warning\n (bsc#1051510).\n\n - backlight: lm3630a: Return 0 on success in update_status\n functions (bsc#1051510).\n\n - batman-adv: Reduce claim hash refcnt only for removed\n entry (bsc#1051510).\n\n - batman-adv: Reduce tt_global hash refcnt only for\n removed entry (bsc#1051510).\n\n - batman-adv: Reduce tt_local hash refcnt only for removed\n entry (bsc#1051510).\n\n - bcache: account size of buckets used in uuid write to\n ca->meta_sectors_written (bsc#1130972).\n\n - bcache: add a comment in super.c (bsc#1130972).\n\n - bcache: add code comments for bset.c (bsc#1130972).\n\n - bcache: add comment for cache_set->fill_iter\n (bsc#1130972).\n\n - bcache: add identifier names to arguments of function\n definitions (bsc#1130972).\n\n - bcache: add missing SPDX header (bsc#1130972).\n\n - bcache: add MODULE_DESCRIPTION information\n (bsc#1130972).\n\n - bcache: add separate workqueue for journal_write to\n avoid deadlock (bsc#1130972).\n\n - bcache: add static const prefix to char * array\n declarations (bsc#1130972).\n\n - bcache: add sysfs_strtoul_bool() for setting bit-field\n variables (bsc#1130972).\n\n - bcache: add the missing comments for smp_mb()/smp_wmb()\n (bsc#1130972).\n\n - bcache: cannot set writeback_running via sysfs if no\n writeback kthread created (bsc#1130972).\n\n - bcache: correct dirty data statistics (bsc#1130972).\n\n - bcache: do not assign in if condition in bcache_init()\n (bsc#1130972).\n\n - bcache: do not assign in if condition register_bcache()\n (bsc#1130972).\n\n - bcache: do not check if debug dentry is ERR or NULL\n explicitly on remove (bsc#1130972).\n\n - bcache: do not check NULL pointer before calling\n kmem_cache_destroy (bsc#1130972).\n\n - bcache: do not clone bio in bch_data_verify\n (bsc#1130972).\n\n - bcache: do not mark writeback_running too early\n (bsc#1130972).\n\n - bcache: export backing_dev_name via sysfs (bsc#1130972).\n\n - bcache: export backing_dev_uuid via sysfs (bsc#1130972).\n\n - bcache: fix code comments style (bsc#1130972).\n\n - bcache: fix indentation issue, remove tabs on a hunk of\n code (bsc#1130972).\n\n - bcache: fix indent by replacing blank by tabs\n (bsc#1130972).\n\n - bcache: fix input integer overflow of congested\n threshold (bsc#1130972).\n\n - bcache: fix input overflow to cache set io_error_limit\n (bsc#1130972).\n\n - bcache: fix input overflow to cache set sysfs file\n io_error_halflife (bsc#1130972).\n\n - bcache: fix input overflow to journal_delay_ms\n (bsc#1130972).\n\n - bcache: fix input overflow to sequential_cutoff\n (bsc#1130972).\n\n - bcache: fix input overflow to writeback_delay\n (bsc#1130972).\n\n - bcache: fix input overflow to writeback_rate_minimum\n (bsc#1130972).\n\n - bcache: fix ioctl in flash device (bsc#1130972).\n\n - bcache: fix mistaken code comments in bcache.h\n (bsc#1130972).\n\n - bcache: fix mistaken comments in request.c\n (bsc#1130972).\n\n - bcache: fix potential div-zero error of\n writeback_rate_i_term_inverse (bsc#1130972).\n\n - bcache: fix potential div-zero error of\n writeback_rate_p_term_inverse (bsc#1130972).\n\n - bcache: fix typo in code comments of\n closure_return_with_destructor() (bsc#1130972).\n\n - bcache: fix typo 'succesfully' to 'successfully'\n (bsc#1130972).\n\n - bcache: improve sysfs_strtoul_clamp() (bsc#1130972).\n\n - bcache: introduce force_wake_up_gc() (bsc#1130972).\n\n - bcache: make cutoff_writeback and cutoff_writeback_sync\n tunable (bsc#1130972).\n\n - bcache: Move couple of functions to sysfs.c\n (bsc#1130972).\n\n - bcache: Move couple of string arrays to sysfs.c\n (bsc#1130972).\n\n - bcache: move open brace at end of function definitions\n to next line (bsc#1130972).\n\n - bcache: never writeback a discard operation\n (bsc#1130972).\n\n - bcache: not use hard coded memset size in\n bch_cache_accounting_clear() (bsc#1130972).\n\n - bcache: option to automatically run gc thread after\n writeback (bsc#1130972).\n\n - bcache: panic fix for making cache device (bsc#1130972).\n\n - bcache: Populate writeback_rate_minimum attribute\n (bsc#1130972).\n\n - bcache: prefer 'help' in Kconfig (bsc#1130972).\n\n - bcache: print number of keys in\n trace_bcache_journal_write (bsc#1130972).\n\n - bcache: recal cached_dev_sectors on detach\n (bsc#1130972).\n\n - bcache: remove unnecessary space before ioctl function\n pointer arguments (bsc#1130972).\n\n - bcache: remove unused bch_passthrough_cache\n (bsc#1130972).\n\n - bcache: remove useless parameter of bch_debug_init()\n (bsc#1130972).\n\n - bcache: Replace bch_read_string_list() by\n __sysfs_match_string() (bsc#1130972).\n\n - bcache: replace hard coded number with BUCKET_GC_GEN_MAX\n (bsc#1130972).\n\n - bcache: replace '%pF' by '%pS' in seq_printf()\n (bsc#1130972).\n\n - bcache: replace printk() by pr_*() routines\n (bsc#1130972).\n\n - bcache: replace Symbolic permissions by octal permission\n numbers (bsc#1130972).\n\n - bcache: set writeback_percent in a flexible range\n (bsc#1130972).\n\n - bcache: split combined if-condition code into separate\n ones (bsc#1130972).\n\n - bcache: stop bcache device when backing device is\n offline (bsc#1130972).\n\n - bcache: stop using the deprecated get_seconds()\n (bsc#1130972).\n\n - bcache: style fixes for lines over 80 characters\n (bsc#1130972).\n\n - bcache: style fix to add a blank line after declarations\n (bsc#1130972).\n\n - bcache: style fix to replace 'unsigned' by 'unsigned\n int' (bsc#1130972).\n\n - bcache: treat stale && dirty keys as bad keys\n (bsc#1130972).\n\n - bcache: trivial - remove tailing backslash in macro\n BTREE_FLAG (bsc#1130972).\n\n - bcache: update comment for bch_data_insert\n (bsc#1130972).\n\n - bcache: update comment in sysfs.c (bsc#1130972).\n\n - bcache: use MAX_CACHES_PER_SET instead of magic number 8\n in __bch_bucket_alloc_set (bsc#1130972).\n\n - bcache: use (REQ_META|REQ_PRIO) to indicate bio for\n metadata (bsc#1130972).\n\n - bcache: use REQ_PRIO to indicate bio for metadata\n (bsc#1130972).\n\n - bcache: use routines from lib/crc64.c for CRC64\n calculation (bsc#1130972).\n\n - bcache: use sysfs_strtoul_bool() to set bit-field\n variables (bsc#1130972).\n\n - bcm2835: MMC issues (bsc#1070872).\n\n - blkcg: Introduce blkg_root_lookup() (bsc#1131673).\n\n - blkcg: Make blkg_root_lookup() work for queues in bypass\n mode (bsc#1131673).\n\n - blk-mq: adjust debugfs and sysfs register when updating\n nr_hw_queues (bsc#1131673).\n\n - blk-mq: Avoid that submitting a bio concurrently with\n device removal triggers a crash (bsc#1131673).\n\n - blk-mq: change gfp flags to GFP_NOIO in\n blk_mq_realloc_hw_ctxs (bsc#1131673).\n\n - blk-mq: fallback to previous nr_hw_queues when updating\n fails (bsc#1131673).\n\n - blk-mq: init hctx sched after update ctx and hctx\n mapping (bsc#1131673).\n\n - blk-mq: realloc hctx when hw queue is mapped to another\n node (bsc#1131673).\n\n - blk-mq: sync the update nr_hw_queues with\n blk_mq_queue_tag_busy_iter (bsc#1131673).\n\n - block: check_events: do not bother with events if\n unsupported (bsc#1110946, bsc#1119843).\n\n - block: check_events: do not bother with events if\n unsupported (bsc#1110946, bsc#1119843).\n\n - block: disk_events: introduce event flags (bsc#1110946,\n bsc#1119843).\n\n - block: disk_events: introduce event flags (bsc#1110946,\n bsc#1119843).\n\n - block: do not leak memory in bio_copy_user_iov()\n (bsc#1135309).\n\n - block: Ensure that a request queue is dissociated from\n the cgroup controller (bsc#1131673).\n\n - block: Fix a race between request queue removal and the\n block cgroup controller (bsc#1131673).\n\n - block: fix the return errno for direct IO (bsc#1135320).\n\n - block: fix use-after-free on gendisk (bsc#1135312).\n\n - block: Introduce blk_exit_queue() (bsc#1131673).\n\n - block: kABI fixes for bio_rewind_iter() removal\n (bsc#1131673).\n\n - block: remove bio_rewind_iter() (bsc#1131673).\n\n - Bluetooth: Align minimum encryption key size for LE and\n BR/EDR connections (bsc#1051510).\n\n - Bluetooth: btusb: request wake pin with NOAUTOEN\n (bsc#1051510).\n\n - Bluetooth: hci_uart: Check if socket buffer is ERR_PTR\n in h4_recv_buf() (bsc#1133731).\n\n - Bluetooth: hidp: fix buffer overflow (bsc#1051510).\n\n - bnxt_en: Drop oversize TX packets to prevent errors\n (networking-stable-19_03_07).\n\n - bnxt_en: Improve RX consumer index validity check\n (networking-stable-19_04_10).\n\n - bnxt_en: Reset device on RX buffer errors\n (networking-stable-19_04_10).\n\n - bonding: fix PACKET_ORIGDEV regression (git-fixes).\n\n - bpf: fix use after free in bpf_evict_inode\n (bsc#1083647).\n\n - brcm80211: potential NULL dereference in\n brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510).\n\n - brcmfmac: fix leak of mypkt on error return path\n (bsc#1111666).\n\n - btrfs: add a helper to return a head ref (bsc#1134813).\n\n - btrfs: Avoid possible qgroup_rsv_size overflow in\n btrfs_calculate_inode_block_rsv_size (git-fixes).\n\n - btrfs: breakout empty head cleanup to a helper\n (bsc#1134813).\n\n - btrfs: delayed-ref: Introduce better documented delayed\n ref structures (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: delayed-ref: Use btrfs_ref to refactor\n btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052\n bsc#1108838).\n\n - btrfs: delayed-ref: Use btrfs_ref to refactor\n btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052\n bsc#1108838).\n\n - btrfs: do not allow trimming when a fs is mounted with\n the nologreplay option (bsc#1135758).\n\n - btrfs: Do not panic when we can't find a root key\n (bsc#1112063).\n\n - btrfs: extent-tree: Fix a bug that btrfs is unable to\n add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: extent-tree: Open-code process_func in\n __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: extent-tree: Use btrfs_ref to refactor\n add_pinned_bytes() (bsc#1063638 bsc#1128052\n bsc#1108838).\n\n - btrfs: extent-tree: Use btrfs_ref to refactor\n btrfs_free_extent() (bsc#1063638 bsc#1128052\n bsc#1108838).\n\n - btrfs: extent-tree: Use btrfs_ref to refactor\n btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052\n bsc#1108838).\n\n - btrfs: Factor out common delayed refs init code\n (bsc#1134813).\n\n - btrfs: fix assertion failure on fsync with NO_HOLES\n enabled (bsc#1131848).\n\n - btrfs: Fix bound checking in\n qgroup_trace_new_subtree_blocks (git-fixes).\n\n - btrfs: fix incorrect file size after shrinking truncate\n and fsync (bsc#1130195).\n\n - btrfs: improve performance on fsync of files with\n multiple hardlinks (bsc#1123454).\n\n - btrfs: Introduce init_delayed_ref_head (bsc#1134813).\n\n - btrfs: move all ref head cleanup to the helper function\n (bsc#1134813).\n\n - btrfs: move extent_op cleanup to a helper (bsc#1134813).\n\n - btrfs: move ref_mod modification into the if (ref) logic\n (bsc#1134813).\n\n - btrfs: Open-code add_delayed_data_ref (bsc#1134813).\n\n - btrfs: Open-code add_delayed_tree_ref (bsc#1134813).\n\n - btrfs: qgroup: Do not scan leaf if we're modifying reloc\n tree (bsc#1063638 bsc#1128052 bsc#1108838).\n\n - btrfs: qgroup: Move reserved data accounting from\n btrfs_delayed_ref_head to btrfs_qgroup_extent_record\n (bsc#1134162).\n\n - btrfs: qgroup: Remove duplicated trace points for\n qgroup_rsv_add/release (bsc#1134160).\n\n - btrfs: remove delayed_ref_node from ref_head\n (bsc#1134813).\n\n - btrfs: remove WARN_ON in log_dir_items (bsc#1131847).\n\n - btrfs: send, flush dellaloc in order to avoid data loss\n (bsc#1133320).\n\n - btrfs: split delayed ref head initialization and\n addition (bsc#1134813).\n\n - btrfs: track refs in a rb_tree instead of a list\n (bsc#1134813).\n\n - btrfs: Use init_delayed_ref_common in\n add_delayed_data_ref (bsc#1134813).\n\n - btrfs: Use init_delayed_ref_common in\n add_delayed_tree_ref (bsc#1134813).\n\n - btrfs: Use init_delayed_ref_head in add_delayed_ref_head\n (bsc#1134813).\n\n - cdrom: Fix race condition in cdrom_sysctl_register\n (bsc#1051510).\n\n - ceph: ensure d_name stability in ceph_dentry_hash()\n (bsc#1134461).\n\n - ceph: ensure d_name stability in ceph_dentry_hash()\n (bsc#1134461).\n\n - ceph: fix ci->i_head_snapc leak (bsc#1122776).\n\n - ceph: fix ci->i_head_snapc leak (bsc#1122776).\n\n - ceph: fix use-after-free on symlink traversal\n (bsc#1134459).\n\n - ceph: fix use-after-free on symlink traversal\n (bsc#1134459).\n\n - ceph: only use d_name directly when parent is locked\n (bsc#1134460).\n\n - ceph: only use d_name directly when parent is locked\n (bsc#1134460).\n\n - cfg80211: Handle WMM rules in regulatory domain\n intersection (bsc#1111666).\n\n - cgroup: fix parsing empty mount option string\n (bsc#1133094).\n\n - cifs: Do not count -ENODATA as failure for query\n directory (bsc#1051510).\n\n - cifs: do not dereference smb_file_target before null\n check (bsc#1051510).\n\n - cifs: Do not hide EINTR after sending network packets\n (bsc#1051510).\n\n - cifs: Do not reconnect TCP session in add_credits()\n (bsc#1051510).\n\n - cifs: Do not reset lease state to NONE on lease break\n (bsc#1051510).\n\n - cifs: Fix adjustment of credits for MTU requests\n (bsc#1051510).\n\n - cifs: Fix credit calculation for encrypted reads with\n errors (bsc#1051510).\n\n - cifs: Fix credits calculations for reads with errors\n (bsc#1051510).\n\n - cifs: fix POSIX lock leak and invalid ptr deref\n (bsc#1114542).\n\n - cifs: Fix possible hang during async MTU reads and\n writes (bsc#1051510).\n\n - cifs: Fix potential OOB access of lock element array\n (bsc#1051510).\n\n - cifs: Fix read after write for files with read caching\n (bsc#1051510).\n\n - cifs: keep FileInfo handle live during oplock break\n (bsc#1106284, bsc#1131565).\n\n - clk: fractional-divider: check parent rate only if flag\n is set (bsc#1051510).\n\n - clk: rockchip: fix frac settings of GPLL clock for\n rk3328 (bsc#1051510).\n\n - clk: rockchip: Fix video codec clocks on rk3288\n (bsc#1051510).\n\n - clk: rockchip: fix wrong clock definitions for rk3328\n (bsc#1051510).\n\n - clk: x86: Add system specific quirk to mark clocks as\n critical (bsc#1051510).\n\n - configfs: fix possible use-after-free in\n configfs_register_group (bsc#1051510).\n\n - cpufreq: Add Hygon Dhyana support ().\n\n - cpufreq: Add Hygon Dhyana support (fate#327735).\n\n - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ\n ().\n\n - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ\n (fate#327735).\n\n - cpupowerutils: bench - Fix cpu online check\n (bsc#1051510).\n\n - cpu/speculation: Add 'mitigations=' cmdline option\n (bsc#1112178).\n\n - crypto: arm/aes-neonbs - do not access already-freed\n walk.iv (bsc#1051510).\n\n - crypto: caam - add missing put_device() call\n (bsc#1129770).\n\n - crypto: caam - fix caam_dump_sg that iterates through\n scatterlist (bsc#1051510).\n\n - crypto: caam/qi2 - fix DMA mapping of stack memory\n (bsc#1111666).\n\n - crypto: caam/qi2 - fix zero-length buffer DMA mapping\n (bsc#1111666).\n\n - crypto: caam/qi2 - generate hash keys in-place\n (bsc#1111666).\n\n - crypto: ccm - fix incompatibility between 'ccm' and\n 'ccm_base' (bsc#1051510).\n\n - crypto: ccp - Do not free psp_master when PLATFORM_INIT\n fails (bsc#1051510).\n\n - crypto: chacha20poly1305 - set cra_name correctly\n (bsc#1051510).\n\n - crypto: crct10dif-generic - fix use via\n crypto_shash_digest() (bsc#1051510).\n\n - crypto: crypto4xx - properly set IV after de- and\n encrypt (bsc#1051510).\n\n - crypto: fips - Grammar s/options/option/, s/to/the/\n (bsc#1051510).\n\n - crypto: gcm - fix incompatibility between 'gcm' and\n 'gcm_base' (bsc#1051510).\n\n - crypto: pcbc - remove bogus memcpy()s with src == dest\n (bsc#1051510).\n\n - crypto: sha256/arm - fix crash bug in Thumb2 build\n (bsc#1051510).\n\n - crypto: sha512/arm - fix crash bug in Thumb2 build\n (bsc#1051510).\n\n - crypto: skcipher - do not WARN on unprocessed data after\n slow walk step (bsc#1051510).\n\n - crypto: sun4i-ss - Fix invalid calculation of hash end\n (bsc#1051510).\n\n - crypto: vmx - CTR: always increment IV as quadword\n (bsc#1051510).\n\n - crypto: vmx - fix copy-paste error in CTR mode\n (bsc#1051510).\n\n - crypto: x86/crct10dif-pcl - fix use via\n crypto_shash_digest() (bsc#1051510).\n\n - crypto: x86/poly1305 - fix overflow during partial\n reduction (bsc#1051510).\n\n - cxgb4: Add capability to get/set SGE Doorbell Queue\n Timer Tick (bsc#1127371).\n\n - cxgb4: Added missing break in ndo_udp_tunnel_(add/del)\n (bsc#1127371).\n\n - cxgb4: Add flag tc_flower_initialized (bsc#1127371).\n\n - cxgb4: Add new T5 PCI device id 0x50ae (bsc#1127371).\n\n - cxgb4: Add new T5 PCI device ids 0x50af and 0x50b0\n (bsc#1127371).\n\n - cxgb4: Add new T6 PCI device ids 0x608a (bsc#1127371).\n\n - cxgb4: add per rx-queue counter for packet errors\n (bsc#1127371).\n\n - cxgb4: Add support for FW_ETH_TX_PKT_VM_WR\n (bsc#1127371).\n\n - cxgb4: add support to display DCB info (bsc#1127371).\n\n - cxgb4: Add support to read actual provisioned resources\n (bsc#1127371).\n\n - cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371).\n\n - cxgb4: collect hardware queue descriptors (bsc#1127371).\n\n - cxgb4: collect number of free PSTRUCT page pointers\n (bsc#1127371)
Important Photon OS Security Update - PHSA-2020-0238
