US-CERT Technical Cyber Security Alert TA08-087A -- Mozilla Updates for Multiple Vulnerabilities
2008-03-28T00:00:00
ID SECURITYVULNS:DOC:19530 Type securityvulns Reporter Securityvulns Modified 2008-03-28T00:00:00
Description
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA08-087A
Mozilla Updates for Multiple Vulnerabilities
Original release date: March 27, 2008
Last revised: --
Source: US-CERT
Systems Affected
* Mozilla Firefox
* Mozilla Thunderbird
* Mozilla SeaMonkey
Other products based on Mozilla components may also be affected.
Overview
New versions of Firefox, Thunderbird, and SeaMonkey address several
vulnerabilities, the most severe of which could allow a remote
attacker to execute arbitrary code on an affected system.
I. Description
The Mozilla and the SeaMonkey projects have released new versions of
Firefox, Thunderbird and SeaMonkey to address several vulnerabilities.
Further details about these vulnerabilities are available in Mozilla
Foundation Security Advisories and the Vulnerability Notes Database.
An attacker could exploit these vulnerabilities by convincing a user
to view a specially crafted HTML document, such as a web page or an
HTML email message.
II. Impact
While the impacts of the individual vulnerabilities vary, the most
severe could allow a remote, unauthenticated attacker to execute
arbitrary code on a vulnerable system. An attacker may also be able to
cause a denial of service or execute cross-site scripting attacks.
III. Solution
Upgrade
These vulnerabilities are addressed in Mozilla Firefox 2.0.0.13,
Thunderbird 2.0.0.13, and SeaMonkey 1.1.9.
Disable JavaScript
Some of these vulnerabilities can be mitigated by disabling JavaScript
or by using the NoScript extension. For more information about
configuring Firefox, please see the Securing Your Web Browser
document. Thunderbird disables JavaScript by default.
{"id": "SECURITYVULNS:DOC:19530", "bulletinFamily": "software", "title": "US-CERT Technical Cyber Security Alert TA08-087A -- Mozilla Updates for Multiple Vulnerabilities", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n National Cyber Alert System\r\n \r\nTechnical Cyber Security Alert TA08-087A\r\n\r\n\r\nMozilla Updates for Multiple Vulnerabilities\r\n\r\n Original release date: March 27, 2008\r\n Last revised: --\r\n Source: US-CERT\r\n\r\nSystems Affected\r\n\r\n * Mozilla Firefox\r\n * Mozilla Thunderbird\r\n * Mozilla SeaMonkey\r\n\r\n Other products based on Mozilla components may also be affected.\r\n\r\nOverview\r\n\r\n New versions of Firefox, Thunderbird, and SeaMonkey address several\r\n vulnerabilities, the most severe of which could allow a remote\r\n attacker to execute arbitrary code on an affected system.\r\n\r\nI. Description\r\n\r\n The Mozilla and the SeaMonkey projects have released new versions of\r\n Firefox, Thunderbird and SeaMonkey to address several vulnerabilities.\r\n Further details about these vulnerabilities are available in Mozilla\r\n Foundation Security Advisories and the Vulnerability Notes Database.\r\n An attacker could exploit these vulnerabilities by convincing a user\r\n to view a specially crafted HTML document, such as a web page or an\r\n HTML email message.\r\n\r\nII. Impact\r\n\r\n While the impacts of the individual vulnerabilities vary, the most\r\n severe could allow a remote, unauthenticated attacker to execute\r\n arbitrary code on a vulnerable system. An attacker may also be able to\r\n cause a denial of service or execute cross-site scripting attacks.\r\n\r\nIII. Solution\r\n\r\nUpgrade\r\n\r\n These vulnerabilities are addressed in Mozilla Firefox 2.0.0.13,\r\n Thunderbird 2.0.0.13, and SeaMonkey 1.1.9.\r\n\r\nDisable JavaScript\r\n\r\n Some of these vulnerabilities can be mitigated by disabling JavaScript\r\n or by using the NoScript extension. For more information about\r\n configuring Firefox, please see the Securing Your Web Browser\r\n document. Thunderbird disables JavaScript by default.\r\n\r\nIV. References\r\n\r\n * US-CERT Vulnerability Notes -\r\n <http://www.kb.cert.org/vuls/byid?searchview&query=mozilla_200803>\r\n \r\n * Securing Your Web Browser -\r\n <http://www.us-cert.gov/reading_room/securing_browser/browser_security.html#Mozilla_Firefox>\r\n \r\n * Mozilla Foundation Security Advisories -\r\n <http://www.mozilla.org/security/announce/>\r\n \r\n * Known Vulnerabilities in Mozilla Products -\r\n <http://www.mozilla.org/projects/security/known-vulnerabilities.html>\r\n \r\n * Mozilla Hall of Fame -\r\n <http://www.mozilla.org/university/HOF.html>\r\n \r\n * NoScript Firefox Extension - <http://noscript.net/>\r\n \r\n _________________________________________________________________\r\n\r\n The most recent version of this document can be found at:\r\n\r\n <http://www.us-cert.gov/cas/techalerts/TA08-087A.html>\r\n _________________________________________________________________\r\n\r\n Feedback can be directed to US-CERT Technical Staff. Please send\r\n email to <cert@cert.org> with "TA08-087A Feedback VU#466521" in the\r\n subject.\r\n _________________________________________________________________\r\n\r\n For instructions on subscribing to or unsubscribing from this\r\n mailing list, visit <http://www.us-cert.gov/cas/signup.html>.\r\n _________________________________________________________________\r\n\r\n Produced 2008 by US-CERT, a government organization.\r\n\r\n Terms of use:\r\n\r\n <http://www.us-cert.gov/legal.html>\r\n ____________________________________________________________________\r\n\r\n Revision History\r\n\r\n March 27, 2008: Initial release\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.1 (GNU/Linux)\r\n\r\niQEVAwUBR+wDN/RFkHkM87XOAQJAhgf/bIVWAfAziBM4goXAtieyD2iOa3IG+6In\r\nKhYvC97IuQhVi2OBXW6mIBjBIGSg1mPehN9Su1N2/58hHH5yvmH2mhus2unOV6cQ\r\nz+SXE8fuVbWthaeYaAlCRFGjtwek6uaXre1PmfUV4tbrPLZIyo3GgU/W37SIxp3L\r\nBtBJTUL2rnEh+c7GH+6PjY6WNZvLHjuSaktSVXkFZZ7cr8cbVF2Q/qluK0Yb04Zu\r\nsYlzZnI8kqwlck+EuNOgU1BDfkDCz2ZIMcre6/y7og+btXiLeo+f84DfXLlthqyo\r\nNg4D/I2+9iI/k4QhUOShrOKY3ZQzr9liQn/mtZUFPVxXTuOe9dtK5w==\r\n=Ite0\r\n-----END PGP SIGNATURE-----", "published": "2008-03-28T00:00:00", "modified": "2008-03-28T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19530", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:25", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "d85137565f48e790076e31adde90dc65"}, {"key": "href", "hash": "ced9e8d89e271bb7cc71a88a66f554db"}, {"key": "modified", "hash": "be18afe4d0b3131011cbbc82188f800c"}, {"key": "published", "hash": "be18afe4d0b3131011cbbc82188f800c"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "3e055e56a2cd7d06834648c8a2341912"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "7a39b2894d8f624b351800e99fdc7740a83f6900edf81250a65915611afafe32", "viewCount": 9, "enchantments": {"score": {"value": 0.5, "vector": "NONE", "modified": "2018-08-31T11:10:25", "rev": 2}, "dependencies": {"references": [{"type": "mskb", "idList": ["KB2526297", "KB317244", "KB980408", "KB981401", "KB2410679", "KB2785908", "KB953331", "KB2404575", "KB3191913", "KB2874216"]}], "modified": "2018-08-31T11:10:25", "rev": 2}, "vulnersScore": 0.5}, "objectVersion": "1.3", "affectedSoftware": []}
{"nessus": [{"lastseen": "2020-06-24T08:53:52", "bulletinFamily": "scanner", "description": "According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):In the Linux kernel before\n 5.5.8, get_raw_socket in drivers/vhost/ net.c lacks\n validation of an sk_family field, which might allow\n attackers to trigger kernel stack corruption via\n crafted system calls.(CVE-2020-10942)In the Linux\n kernel 5.0.21, a setxattr operation, after a mount of a\n crafted ext4 image, can cause a slab-out-of-bounds\n write access because of an ext4_xattr_set_entry\n use-after-free in fs/ext4/xattr.c when a large old_size\n value is used in a memset call.(CVE-2019-19319)In\n kernel/compat.c in the Linux kernel before 3.17, as\n used in Google Chrome OS and other products, there is a\n possible out-of-bounds read. restart_syscall uses\n uninitialized data when restarting\n compat_sys_nanosleep. NOTE: this is disputed because\n the code path is unreachable.(CVE-2014-3180)In the\n Linux kernel 5.4.0-rc2, there is a use-after-free\n (read) in the __blk_add_trace function in\n kernel/trace/blktrace.c (which is used to fill out a\n blk_io_trace structure and place it in a per-cpu\n sub-buffer).(CVE-2019-19768)There is a use-after-free\n vulnerability in the Linux kernel through 5.5.2 in the\n vc_do_resize function in\n drivers/tty/vt/vt.c.(CVE-2020-8647)There is a\n use-after-free vulnerability in the Linux kernel\n through 5.5.2 in the vgacon_invert_region function in\n drivers/video/console/vgacon.c.(CVE-2020-8649)drivers/g\n pu/drm/radeon/radeon_display.c in the Linux kernel\n 5.2.14 does not check the alloc_workqueue return value,\n leading to a NULL pointer dereference. NOTE: A\n third-party software maintainer states that the work\n queue allocation is happening during device\n initialization, which for a graphics card occurs during\n boot. It is not attacker controllable and OOM at that\n time is highly unlikely.(CVE-2019-16230)There is a\n use-after-free vulnerability in the Linux kernel\n through 5.5.2 in the n_tty_receive_buf_common function\n in drivers/tty/ n_tty.c.(CVE-2020-8648)A flaw was\n discovered in the way that the KVM hypervisor handled\n instruction emulation for an L2 guest when nested\n virtualisation is enabled. Under some circumstances, an\n L2 guest may trick the L0 guest into accessing\n sensitive L1 resources that should be inaccessible to\n the L2 guest.(CVE-2020-2732)An issue was discovered in\n the Linux kernel through 5.5.6. set_fdc in\n drivers/block/floppy.c leads to a wait_til_ready\n out-of-bounds read because the FDC index is not checked\n for errors before assigning it, aka\n CID-2e90ca68b0d2.(CVE-2020-9383)ext4_protect_reserved_i\n node in fs/ext4/block_validity.c in the Linux kernel\n through 5.5.3 allows attackers to cause a denial of\n service (soft lockup) via a crafted journal\n size.(CVE-2020-8992)Wi-Fi Protected Access (WPA and\n WPA2) allows reinstallation of the Group Temporal Key\n (GTK) during the group key handshake, allowing an\n attacker within radio range to replay frames from\n access points to clients.(CVE-2017-13080)Linux Kernel\n version 3.18 to 4.16 incorrectly handles an SG_IO ioctl\n on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and\n an empty 6-byte cmdp. This may lead to copying up to\n 1000 kernel heap pages to the userspace. This has been\n fixed upstream in\n https://github.com/torvalds/linux/commit/a45b599ad808c3\n c982fdcdc12b0b8611c2f92824 already. The problem has\n limited scope, as users don", "modified": "2020-06-17T00:00:00", "id": "EULEROS_SA-2020-1674.NASL", "href": "https://www.tenable.com/plugins/nessus/137516", "published": "2020-06-17T00:00:00", "title": "EulerOS 2.0 SP2 : kernel (EulerOS-SA-2020-1674)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137516);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/22\");\n\n script_cve_id(\n \"CVE-2014-3180\",\n \"CVE-2014-4508\",\n \"CVE-2014-4608\",\n \"CVE-2014-5206\",\n \"CVE-2014-5207\",\n \"CVE-2014-7970\",\n \"CVE-2016-3951\",\n \"CVE-2016-9756\",\n \"CVE-2017-12153\",\n \"CVE-2017-13080\",\n \"CVE-2017-13693\",\n \"CVE-2017-8068\",\n \"CVE-2018-1000204\",\n \"CVE-2018-13093\",\n \"CVE-2018-9383\",\n \"CVE-2018-9389\",\n \"CVE-2019-10220\",\n \"CVE-2019-14895\",\n \"CVE-2019-14896\",\n \"CVE-2019-14897\",\n \"CVE-2019-14898\",\n \"CVE-2019-14901\",\n \"CVE-2019-16230\",\n \"CVE-2019-18675\",\n \"CVE-2019-19054\",\n \"CVE-2019-19056\",\n \"CVE-2019-19057\",\n \"CVE-2019-19060\",\n \"CVE-2019-19062\",\n \"CVE-2019-19063\",\n \"CVE-2019-19066\",\n \"CVE-2019-19073\",\n \"CVE-2019-19074\",\n \"CVE-2019-19227\",\n \"CVE-2019-19319\",\n \"CVE-2019-19332\",\n \"CVE-2019-19523\",\n \"CVE-2019-19524\",\n \"CVE-2019-19527\",\n \"CVE-2019-19528\",\n \"CVE-2019-19530\",\n \"CVE-2019-19531\",\n \"CVE-2019-19532\",\n \"CVE-2019-19533\",\n \"CVE-2019-19534\",\n \"CVE-2019-19536\",\n \"CVE-2019-19537\",\n \"CVE-2019-19768\",\n \"CVE-2019-19922\",\n \"CVE-2019-19965\",\n \"CVE-2019-19966\",\n \"CVE-2019-20054\",\n \"CVE-2019-20096\",\n \"CVE-2019-20636\",\n \"CVE-2019-2215\",\n \"CVE-2019-5108\",\n \"CVE-2019-9458\",\n \"CVE-2020-10720\",\n \"CVE-2020-10942\",\n \"CVE-2020-11494\",\n \"CVE-2020-11565\",\n \"CVE-2020-11608\",\n \"CVE-2020-11609\",\n \"CVE-2020-11668\",\n \"CVE-2020-12464\",\n \"CVE-2020-12652\",\n \"CVE-2020-12653\",\n \"CVE-2020-12654\",\n \"CVE-2020-12655\",\n \"CVE-2020-12770\",\n \"CVE-2020-12826\",\n \"CVE-2020-13143\",\n \"CVE-2020-2732\",\n \"CVE-2020-8647\",\n \"CVE-2020-8648\",\n \"CVE-2020-8649\",\n \"CVE-2020-8992\",\n \"CVE-2020-9383\"\n );\n script_bugtraq_id(\n 68126,\n 68214,\n 69214,\n 69216,\n 70319\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2020-1674)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):In the Linux kernel before\n 5.5.8, get_raw_socket in drivers/vhost/ net.c lacks\n validation of an sk_family field, which might allow\n attackers to trigger kernel stack corruption via\n crafted system calls.(CVE-2020-10942)In the Linux\n kernel 5.0.21, a setxattr operation, after a mount of a\n crafted ext4 image, can cause a slab-out-of-bounds\n write access because of an ext4_xattr_set_entry\n use-after-free in fs/ext4/xattr.c when a large old_size\n value is used in a memset call.(CVE-2019-19319)In\n kernel/compat.c in the Linux kernel before 3.17, as\n used in Google Chrome OS and other products, there is a\n possible out-of-bounds read. restart_syscall uses\n uninitialized data when restarting\n compat_sys_nanosleep. NOTE: this is disputed because\n the code path is unreachable.(CVE-2014-3180)In the\n Linux kernel 5.4.0-rc2, there is a use-after-free\n (read) in the __blk_add_trace function in\n kernel/trace/blktrace.c (which is used to fill out a\n blk_io_trace structure and place it in a per-cpu\n sub-buffer).(CVE-2019-19768)There is a use-after-free\n vulnerability in the Linux kernel through 5.5.2 in the\n vc_do_resize function in\n drivers/tty/vt/vt.c.(CVE-2020-8647)There is a\n use-after-free vulnerability in the Linux kernel\n through 5.5.2 in the vgacon_invert_region function in\n drivers/video/console/vgacon.c.(CVE-2020-8649)drivers/g\n pu/drm/radeon/radeon_display.c in the Linux kernel\n 5.2.14 does not check the alloc_workqueue return value,\n leading to a NULL pointer dereference. NOTE: A\n third-party software maintainer states that the work\n queue allocation is happening during device\n initialization, which for a graphics card occurs during\n boot. It is not attacker controllable and OOM at that\n time is highly unlikely.(CVE-2019-16230)There is a\n use-after-free vulnerability in the Linux kernel\n through 5.5.2 in the n_tty_receive_buf_common function\n in drivers/tty/ n_tty.c.(CVE-2020-8648)A flaw was\n discovered in the way that the KVM hypervisor handled\n instruction emulation for an L2 guest when nested\n virtualisation is enabled. Under some circumstances, an\n L2 guest may trick the L0 guest into accessing\n sensitive L1 resources that should be inaccessible to\n the L2 guest.(CVE-2020-2732)An issue was discovered in\n the Linux kernel through 5.5.6. set_fdc in\n drivers/block/floppy.c leads to a wait_til_ready\n out-of-bounds read because the FDC index is not checked\n for errors before assigning it, aka\n CID-2e90ca68b0d2.(CVE-2020-9383)ext4_protect_reserved_i\n node in fs/ext4/block_validity.c in the Linux kernel\n through 5.5.3 allows attackers to cause a denial of\n service (soft lockup) via a crafted journal\n size.(CVE-2020-8992)Wi-Fi Protected Access (WPA and\n WPA2) allows reinstallation of the Group Temporal Key\n (GTK) during the group key handshake, allowing an\n attacker within radio range to replay frames from\n access points to clients.(CVE-2017-13080)Linux Kernel\n version 3.18 to 4.16 incorrectly handles an SG_IO ioctl\n on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and\n an empty 6-byte cmdp. This may lead to copying up to\n 1000 kernel heap pages to the userspace. This has been\n fixed upstream in\n https://github.com/torvalds/linux/commit/a45b599ad808c3\n c982fdcdc12b0b8611c2f92824 already. The problem has\n limited scope, as users don't usually have permissions\n to access SCSI devices. On the other hand, e.g. the\n Nero user manual suggests doing `chmod o+r+w /dev/sg*`\n to make the devices accessible. NOTE: third parties\n dispute the relevance of this report, noting that the\n requirement for an attacker to have both the\n CAP_SYS_ADMIN and CAP_SYS_RAWIO capabilities makes it\n 'virtually impossible to exploit.'(CVE-2018-1000204)The\n Linux kernel through 5.3.13 has a start_offset+size\n Integer Overflow in cpia2_remap_buffer in\n drivers/media/usb/cpia2/cpia2_core.c because cpia2 has\n its own mmap implementation. This allows local users\n (with /dev/video0 access) to obtain read and write\n permissions on kernel physical pages, which can\n possibly result in a privilege\n escalation.(CVE-2019-18675)arch/x86/kvm/emulate.c in\n the Linux kernel before 4.8.12 does not properly\n initialize Code Segment (CS) in certain error cases,\n which allows local users to obtain sensitive\n information from kernel stack memory via a crafted\n application.(CVE-2016-9756)Double free vulnerability in\n drivers/ net/usb/cdc_ncm.c in the Linux kernel before\n 4.5 allows physically proximate attackers to cause a\n denial of service (system crash) or possibly have\n unspecified other impact by inserting a USB device with\n an invalid USB descriptor.(CVE-2016-3951)Linux Kernel\n contains an out-of-bounds read flaw in the\n asn1_ber_decoder() function in lib/asn1_decoder.c that\n is triggered when decoding ASN.1 data. This may allow a\n remote attacker to disclose potentially sensitive\n memory contents.(CVE-2018-9383)Linux Kernel contains a\n flaw in the ip6_setup_cork() function in\n net/ipv6/ip6_output.c that is triggered when handling\n too small IPv6 MTU sizes. This may allow a local\n attacker to cause a crash or potentially gain elevated\n privileges.(CVE-2018-9389)In the Android kernel in the\n video driver there is a use after free due to a race\n condition. This could lead to local escalation of\n privilege with no additional execution privileges\n needed. User interaction is not needed for\n exploitation.(CVE-2019-9458)An out-of-bounds memory\n write issue was found in the Linux Kernel, version 3.13\n through 5.4, in the way the Linux kernel's KVM\n hypervisor handled the 'KVM_GET_EMULATED_CPUID'\n ioctl(2) request to get CPUID features emulated by the\n KVM hypervisor. A user or process able to access the\n '/dev/kvm' device could use this flaw to crash the\n system, resulting in a denial of\n service.(CVE-2019-19332)kernel/sched/fair.c in the\n Linux kernel before 5.3.9, when cpu.cfs_quota_us is\n used (e.g., with Kubernetes), allows attackers to cause\n a denial of service against non-cpu-bound applications\n by generating a workload that triggers unwanted slice\n expiration, aka CID-de53fd7aedb1. (In other words,\n although this slice expiration would typically be seen\n with benign workloads, it is possible that an attacker\n could calculate how many stray requests are required to\n force an entire Kubernetes cluster into a\n low-performance state caused by slice expiration, and\n ensure that a DDoS attack sent that number of stray\n requests. An attack does not affect the stability of\n the kernel it only causes mismanagement of application\n execution.)(CVE-2019-19922)An exploitable\n denial-of-service vulnerability exists in the Linux\n kernel prior to mainline 5.3. An attacker could exploit\n this vulnerability by triggering AP to send IAPP\n location updates for stations before the required\n authentication process has completed. This could lead\n to different denial-of-service scenarios, either by\n causing CAM table attacks, or by leading to traffic\n flapping if faking already existing clients in other\n nearby APs of the same wireless infrastructure. An\n attacker can forge Authentication and Association\n Request packets to trigger this\n vulnerability.(CVE-2019-5108)A heap-based buffer\n overflow vulnerability was found in the Linux kernel,\n version kernel-2.6.32, in Marvell WiFi chip driver. A\n remote attacker could cause a denial of service (system\n crash) or, possibly execute arbitrary code, when the\n lbs_ibss_join_existing function is called after a STA\n connects to an AP.(CVE-2019-14896)A stack-based buffer\n overflow was found in the Linux kernel, version\n kernel-2.6.32, in Marvell WiFi chip driver. An attacker\n is able to cause a denial of service (system crash) or,\n possibly execute arbitrary code, when a STA works in\n IBSS mode (allows connecting stations together without\n the use of an AP) and connects to another\n STA.(CVE-2019-14897)In the Linux kernel through 5.4.6,\n there is a NULL pointer dereference in\n drivers/scsi/libsas/sas_discover.c because of\n mishandling of port disconnection during discovery,\n related to a PHY down race condition, aka\n CID-f70267f379b5.(CVE-2019-19965)In the Linux kernel\n before 5.1.6, there is a use-after-free in cpia2_exit()\n in drivers/media/usb/cpia2/cpia2_v4l.c that will cause\n denial of service, aka\n CID-dea37a972655.(CVE-2019-19966)In the Linux kernel\n before 5.1, there is a memory leak in\n __feat_register_sp() in net/dccp/feat.c, which may\n cause denial of service, aka\n CID-1d3ff0950e2b.(CVE-2019-20096)In the Linux kernel\n before 5.0.6, there is a NULL pointer dereference in\n drop_sysctl_table() in fs/proc/proc_sysctl.c, related\n to put_links, aka\n CID-23da9588037e.(CVE-2019-20054)drivers/\n net/usb/pegasus.c in the Linux kernel 4.9.x before\n 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK\n option, which allows local users to cause a denial of\n service (system crash or memory corruption) or possibly\n have unspecified other impact by leveraging use of more\n than one virtual page for a DMA\n scatterlist.(CVE-2017-8068)A heap-based buffer overflow\n was discovered in the Linux kernel, all versions 3.x.x\n and 4.x.x before 4.18.0, in Marvell WiFi chip driver.\n The flaw could occur when the station attempts a\n connection negotiation during the handling of the\n remote devices country settings. This could allow the\n remote device to cause a denial of service (system\n crash) or possibly execute arbitrary\n code.(CVE-2019-14895)The acpi_ds_create_operands()\n function in drivers/acpi/acpica/dsutils.c in the Linux\n kernel through 4.12.9 does not flush the operand cache\n and causes a kernel stack dump, which allows local\n users to obtain sensitive information from kernel\n memory and bypass the KASLR protection mechanism (in\n the kernel through 4.9) via a crafted ACPI\n table.(CVE-2017-13693)Linux kernel CIFS implementation,\n version 4.9.0 is vulnerable to a relative paths\n injection in directory entry lists.(CVE-2019-10220)A\n heap overflow flaw was found in the Linux kernel, all\n versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi\n chip driver. The vulnerability allows a remote attacker\n to cause a system crash, resulting in a denial of\n service, or execute arbitrary code. The highest threat\n with this vulnerability is with the availability of the\n system. If code execution occurs, the code will run\n with the permissions of root. This will affect both\n confidentiality and integrity of files on the\n system.(CVE-2019-14901)In the AppleTalk subsystem in\n the Linux kernel before 5.1, there is a potential NULL\n pointer dereference because register_snap_client may\n return NULL. This will lead to denial of service in\n net/appletalk/aarp.c and net/appletalk/ddp.c, as\n demonstrated by unregister_snap_client, aka\n CID-9804501fa122.(CVE-2019-19227)In the Linux kernel\n before 5.2.10, there is a use-after-free bug that can\n be caused by a malicious USB device in the\n drivers/usb/class/cdc-acm.c driver, aka\n CID-c52873e5a1ef.(CVE-2019-19530)In the Linux kernel\n before 5.3.9, there are multiple out-of-bounds write\n bugs that can be caused by a malicious USB device in\n the Linux kernel HID drivers, aka CID-d9d4b1e46d95.\n This affects drivers/hid/hid-axff.c,\n drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c,\n drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c,\n drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c,\n drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c,\n drivers/hid/hid-logitech-hidpp.c,\n drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c,\n drivers/hid/hid-tmff.c, and\n drivers/hid/hid-zpff.c.(CVE-2019-19532)A use-after-free\n in binder.c allows an elevation of privilege from an\n application to the Linux Kernel. No user interaction is\n required to exploit this vulnerability, however\n exploitation does require either the installation of a\n malicious local application or a separate vulnerability\n in a network facing application.Product: AndroidAndroid\n ID: A-141720095(CVE-2019-2215)The do_remount function\n in fs/ namespace.c in the Linux kernel through 3.16.1\n does not maintain the MNT_LOCK_READONLY bit across a\n remount of a bind mount, which allows local users to\n bypass an intended read-only restriction and defeat\n certain sandbox protection mechanisms via a 'mount -o\n remount' command within a user\n namespace.(CVE-2014-5206)Multiple integer overflows in\n the lzo1x_decompress_safe function in\n lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor\n in the Linux kernel before 3.15.2 allow\n context-dependent attackers to cause a denial of\n service (memory corruption) via a crafted Literal Run.\n NOTE: the author of the LZO algorithms says 'the Linux\n kernel is *not* affected media hype.'(CVE-2014-4608)The\n pivot_root implementation in fs/ namespace.c in the\n Linux kernel through 3.17 does not properly interact\n with certain locations of a chroot directory, which\n allows local users to cause a denial of service\n (mount-tree loop) via . (dot) values in both arguments\n to the pivot_root system call.(CVE-2014-7970)A security\n flaw was discovered in nl80211_set_rekey_data()\n function in the Linux kernel since v3.1-rc1 through\n v4.13. This function does not check whether the\n required attributes are present in a netlink request.\n This request can be issued by a user with CAP_NET_ADMIN\n privilege and may result in NULL dereference and a\n system crash.(CVE-2017-12153)arch/x86/kernel/entry_32.S\n in the Linux kernel through 3.15.1 on 32-bit x86\n platforms, when syscall auditing is enabled and the sep\n CPU feature flag is set, allows local users to cause a\n denial of service (OOPS and system crash) via an\n invalid syscall number, as demonstrated by number\n 1000.(CVE-2014-4508)fs/ namespace.c in the Linux kernel\n through 3.16.1 does not properly restrict clearing\n MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing\n MNT_ATIME_MASK during a remount of a bind mount, which\n allows local users to gain privileges, interfere with\n backups and auditing on systems that had atime enabled,\n or cause a denial of service (excessive filesystem\n updating) on systems that had atime disabled via a\n 'mount -o remount' command within a user\n namespace.(CVE-2014-5207)In the Linux kernel before\n 5.3.7, there is a use-after-free bug that can be caused\n by a malicious USB device in the\n drivers/usb/misc/adutux.c driver, aka\n CID-44efc269db79.(CVE-2019-19523)In the Linux kernel\n before 5.3.12, there is a use-after-free bug that can\n be caused by a malicious USB device in the\n drivers/input/ff-memless.c driver, aka\n CID-fa3a5a1880c9.(CVE-2019-19524)In the Linux kernel\n before 5.2.10, there is a use-after-free bug that can\n be caused by a malicious USB device in the\n drivers/hid/usbhid/hiddev.c driver, aka\n CID-9c09b214f30e.(CVE-2019-19527)In the Linux kernel\n before 5.3.7, there is a use-after-free bug that can be\n caused by a malicious USB device in the\n drivers/usb/misc/iowarrior.c driver, aka\n CID-edc4746f253d.(CVE-2019-19528)In the Linux kernel\n before 5.2.9, there is a use-after-free bug that can be\n caused by a malicious USB device in the\n drivers/usb/misc/yurex.c driver, aka\n CID-fc05481b2fca.(CVE-2019-19531)In the Linux kernel\n before 5.3.4, there is an info-leak bug that can be\n caused by a malicious USB device in the\n drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka\n CID-a10feaf8c464.(CVE-2019-19533)In the Linux kernel\n before 5.3.11, there is an info-leak bug that can be\n caused by a malicious USB device in the drivers/\n net/can/usb/peak_usb/pcan_usb_core.c driver, aka\n CID-f7a1337f0d29..(CVE-2019-19534)In the Linux kernel\n before 5.2.9, there is an info-leak bug that can be\n caused by a malicious USB device in the drivers/\n net/can/usb/peak_usb/pcan_usb_pro.c driver, aka\n CID-ead16e53c2f0.(CVE-2019-19536)In the Linux kernel\n before 5.2.10, there is a race condition bug that can\n be caused by a malicious USB device in the USB\n character device driver layer, aka CID-303911cfc5b9.\n This affects drivers/usb/core/file.c.(CVE-2019-19537)A\n memory leak in the cx23888_ir_probe() function in\n drivers/media/pci/cx23885/cx23888-ir.c in the Linux\n kernel through 5.3.11 allows attackers to cause a\n denial of service (memory consumption) by triggering\n kfifo_alloc() failures, aka\n CID-a7b2df76b42b.(CVE-2019-19054)A memory leak in the\n mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/\n net/wireless/marvell/mwifiex/pcie.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption) by triggering\n mwifiex_map_pci_memory() failures, aka\n CID-db8fd2cde932.(CVE-2019-19056)Two memory leaks in\n the mwifiex_pcie_init_evt_ring() function in drivers/\n net/wireless/marvell/mwifiex/pcie.c in the Linux kernel\n through 5.3.11 allow attackers to cause a denial of\n service (memory consumption) by triggering\n mwifiex_map_pci_memory() failures, aka\n CID-d10dcb615c8e.(CVE-2019-19057)A memory leak in the\n adis_update_scan_mode() function in\n drivers/iio/imu/adis_buffer.c in the Linux kernel\n before 5.3.9 allows attackers to cause a denial of\n service (memory consumption), aka\n CID-ab612b1daf41.(CVE-2019-19060)A memory leak in the\n crypto_report() function in crypto/crypto_user_base.c\n in the Linux kernel through 5.3.11 allows attackers to\n cause a denial of service (memory consumption) by\n triggering crypto_report_alg() failures, aka\n CID-ffdde5932042.(CVE-2019-19062)Two memory leaks in\n the rtl_usb_probe() function in drivers/\n net/wireless/realtek/rtlwifi/usb.c in the Linux kernel\n through 5.3.11 allow attackers to cause a denial of\n service (memory consumption), aka\n CID-3f9361695113.(CVE-2019-19063)A memory leak in the\n bfad_im_get_stats() function in\n drivers/scsi/bfa/bfad_attr.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption) by triggering\n bfa_port_get_stats() failures, aka\n CID-0e62395da2bd.(CVE-2019-19066)Memory leaks in\n drivers/ net/wireless/ath/ath9k/htc_hst.c in the Linux\n kernel through 5.3.11 allow attackers to cause a denial\n of service (memory consumption) by triggering\n wait_for_completion_timeout() failures. This affects\n the htc_config_pipe_credits() function, the\n htc_setup_complete() function, and the\n htc_connect_service() function, aka\n CID-853acf7caf10.(CVE-2019-19073)A memory leak in the\n ath9k_wmi_cmd() function in drivers/\n net/wireless/ath/ath9k/wmi.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption), aka\n CID-728c1e2a05e4.(CVE-2019-19074)An issue was\n discovered in fs/xfs/xfs_icache.c in the Linux kernel\n through 4.17.3. There is a NULL pointer dereference and\n panic in lookup_slow() on a NULL inode->i_ops pointer\n when doing pathwalks on a corrupted xfs image. This\n occurs because of a lack of proper validation that\n cached inodes are free during\n allocation.(CVE-2018-13093)An issue was discovered in\n slc_bump in drivers/ net/can/slcan.c in the Linux\n kernel through 5.6.2. It allows attackers to read\n uninitialized can_frame data, potentially containing\n sensitive information from kernel stack memory, if the\n configuration lacks CONFIG_INIT_STACK_ALL, aka\n CID-b9258a2cece4.(CVE-2020-11494)An issue was\n discovered in the Linux kernel through 5.6.2.\n mpol_parse_str in mm/mempolicy.c has a stack-based\n out-of-bounds write because an empty nodelist is\n mishandled during mount option parsing, aka\n CID-aa9f7d5172fa. NOTE: Someone in the security\n community disagrees that this is a vulnerability\n because the issue 'is a bug in parsing mount options\n which can only be specified by a privileged user, so\n triggering the bug does not grant any powers not\n already held.'.(CVE-2020-11565)In the Linux kernel\n before 5.4.12, drivers/input/input.c has out-of-bounds\n writes via a crafted keycode table, as demonstrated by\n input_set_keycode, aka\n CID-cb222aed03d7.(CVE-2019-20636)An issue was\n discovered in the Linux kernel before 5.6.1.\n drivers/media/usb/gspca/ov519.c allows NULL pointer\n dereferences in ov511_mode_init_regs and\n ov518_mode_init_regs when there are zero endpoints, aka\n CID-998912346c0d.(CVE-2020-11608)An issue was\n discovered in the stv06xx subsystem in the Linux kernel\n before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c\n and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c\n mishandle invalid descriptors, as demonstrated by a\n NULL pointer dereference, aka\n CID-485b06aadb93.(CVE-2020-11609)In the Linux kernel\n before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c\n (aka the Xirlink camera USB driver) mishandles invalid\n descriptors, aka CID-a246b4d54770.(CVE-2020-11668)A\n flaw was found in the Linux kernel's implementation of\n GRO. This flaw allows an attacker with local access to\n crash the\n system.(CVE-2020-10720)gadget_dev_desc_UDC_store in\n drivers/usb/gadget/configfs.c in the Linux kernel\n through 5.6.13 relies on kstrdup without considering\n the possibility of an internal '\\0' value, which allows\n attackers to trigger an out-of-bounds read, aka\n CID-15753588bcd4.(CVE-2020-13143)An issue was\n discovered in the Linux kernel through 5.6.11. sg_write\n lacks an sg_remove_request call in a certain failure\n case, aka CID-83c6f2390040.(CVE-2020-12770)A signal\n access-control issue was discovered in the Linux kernel\n before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in\n include/linux/sched.h is only 32 bits, an integer\n overflow can interfere with a do_notify_parent\n protection mechanism. A child process can send an\n arbitrary signal to a parent process in a different\n security domain. Exploitation limitations include the\n amount of elapsed time before an integer overflow\n occurs, and the lack of scenarios where signals to a\n parent process present a substantial operational\n threat.(CVE-2020-12826)The fix for CVE-2019-11599,\n affecting the Linux kernel before 5.0.10 was not\n complete. A local user could use this flaw to obtain\n sensitive information, cause a denial of service, or\n possibly have other unspecified impacts by triggering a\n race condition with mmget_not_zero or get_task_mm\n calls.(CVE-2019-14898)usb_sg_cancel in\n drivers/usb/core/message.c in the Linux kernel before\n 5.6.8 has a use-after-free because a transfer occurs\n without a reference, aka\n CID-056ad39ee925.(CVE-2020-12464)The __mptctl_ioctl\n function in drivers/message/fusion/mptctl.c in the\n Linux kernel before 5.4.14 allows local users to hold\n an incorrect lock during the ioctl operation and\n trigger a race condition, i.e., a 'double fetch'\n vulnerability, aka CID-28d76df18f0a. NOTE: the vendor\n states 'The security impact of this bug is not as bad\n as it could have been because these operations are all\n privileged and root already has enormous destructive\n power.'(CVE-2020-12652)An issue was found in Linux\n kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv()\n function in drivers/\n net/wireless/marvell/mwifiex/scan.c allows local users\n to gain privileges or cause a denial of service because\n of an incorrect memcpy and buffer overflow, aka\n CID-b70261a288ea.(CVE-2020-12653)An issue was found in\n Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status()\n in drivers/ net/wireless/marvell/mwifiex/wmm.c allows a\n remote AP to trigger a heap-based buffer overflow\n because of an incorrect memcpy, aka\n CID-3a9b153c5591.(CVE-2020-12654)An issue was\n discovered in xfs_agf_verify in\n fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through\n 5.6.10. Attackers may trigger a sync of excessive\n duration via an XFS v5 image with crafted metadata, aka\n CID-d0c7feaf8767.(CVE-2020-12655)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1674\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?35c58a13\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Android Binder Use-After-Free Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.62.59.83.h230\",\n \"kernel-debug-3.10.0-327.62.59.83.h230\",\n \"kernel-debug-devel-3.10.0-327.62.59.83.h230\",\n \"kernel-debuginfo-3.10.0-327.62.59.83.h230\",\n \"kernel-debuginfo-common-x86_64-3.10.0-327.62.59.83.h230\",\n \"kernel-devel-3.10.0-327.62.59.83.h230\",\n \"kernel-headers-3.10.0-327.62.59.83.h230\",\n \"kernel-tools-3.10.0-327.62.59.83.h230\",\n \"kernel-tools-libs-3.10.0-327.62.59.83.h230\",\n \"perf-3.10.0-327.62.59.83.h230\",\n \"python-perf-3.10.0-327.62.59.83.h230\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-21T20:25:11", "bulletinFamily": "scanner", "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-11494: An issue was discovered in slc_bump in\ndrivers/net/can/slcan.c, which allowed attackers to read uninitialized\ncan_frame data, potentially containing sensitive information from\nkernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL\n(bnc#1168424).\n\nCVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks\nvalidation of an sk_family field, which might allow attackers to\ntrigger kernel stack corruption via crafted system calls\n(bnc#1167629).\n\nCVE-2020-8647: Fixed a use-after-free vulnerability in the\nvc_do_resize function in drivers/tty/vt/vt.c (bnc#1162929).\n\nCVE-2020-8649: Fixed a use-after-free vulnerability in the\nvgacon_invert_region function in drivers/video/console/vgacon.c\n(bnc#1162931).\n\nCVE-2020-9383: Fixed an issue in set_fdc in drivers/block/floppy.c,\nwhich leads to a wait_til_ready out-of-bounds read (bnc#1165111).\n\nCVE-2019-9458: In the video driver there was a use after free due to a\nrace condition. This could lead to local escalation of privilege with\nno additional execution privileges needed (bnc#1168295).\n\nCVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a\nsystem crash (bnc#1120386).\n\nCVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function\nin kernel/trace/blktrace.c (bnc#1159285).\n\nCVE-2020-11609: Fixed a NULL pointer dereference in the stv06xx\nsubsystem caused by mishandling invalid descriptors (bnc#1168854).\n\nCVE-2020-10720: Fixed a use-after-free read in napi_gro_frags()\n(bsc#1170778).\n\nCVE-2020-10690: Fixed the race between the release of ptp_clock and\ncdev (bsc#1170056).\n\nCVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a\nvideo driver. This could lead to local information disclosure with\nSystem execution privileges needed (bnc#1170345).\n\nCVE-2020-11608: Fixed an issue in drivers/media/usb/gspca/ov519.c\ncaused by a NULL pointer dereferences in ov511_mode_init_regs and\nov518_mode_init_regs when there are zero endpoints (bnc#1168829).\n\nCVE-2017-18255: The perf_cpu_time_max_percent_handler function in\nkernel/events/core.c allowed local users to cause a denial of service\n(integer overflow) or possibly have unspecified other impact via a\nlarge value, as demonstrated by an incorrect sample-rate calculation\n(bnc#1087813).\n\nCVE-2020-8648: There was a use-after-free vulnerability in the\nn_tty_receive_buf_common function in drivers/tty/n_tty.c\n(bnc#1162928).\n\nCVE-2020-2732: A flaw was discovered in the way that the KVM\nhypervisor handled instruction emulation for an L2 guest when nested\nvirtualisation is enabled. Under some circumstances, an L2 guest may\ntrick the L0 guest into accessing sensitive L1 resources that should\nbe inaccessible to the L2 guest (bnc#1163971).\n\nCVE-2019-5108: Fixed a denial-of-service vulnerability caused by\ntriggering AP to send IAPP location updates for stations before the\nrequired authentication process has completed (bnc#1159912).\n\nCVE-2020-8992: ext4_protect_reserved_inode in fs/ext4/block_validity.c\nallowed attackers to cause a denial of service (soft lockup) via a\ncrafted journal size (bnc#1164069).\n\nCVE-2018-21008: Fixed a use-after-free which could be caused by the\nfunction rsi_mac80211_detach in the file\ndrivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591).\n\nCVE-2019-14896: A heap-based buffer overflow vulnerability was found\nin Marvell WiFi chip driver. A remote attacker could cause a denial of\nservice (system crash) or, possibly execute arbitrary code, when the\nlbs_ibss_join_existing function is called after a STA connects to an\nAP (bnc#1157157).\n\nCVE-2019-14897: A stack-based buffer overflow was found in Marvell\nWiFi chip driver. An attacker is able to cause a denial of service\n(system crash) or, possibly execute arbitrary code, when a STA works\nin IBSS mode (allows connecting stations together without the use of\nan AP) and connects to another STA (bnc#1157155).\n\nCVE-2019-18675: Fixed an integer overflow in cpia2_remap_buffer in\ndrivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap\nimplementation. This allowed local users (with /dev/video0 access) to\nobtain read and write permissions on kernel physical pages, which can\npossibly result in a privilege escalation (bnc#1157804).\n\nCVE-2019-14615: Insufficient control flow in certain data structures\nfor some Intel(R) Processors with Intel(R) Processor Graphics may have\nallowed an unauthenticated user to potentially enable information\ndisclosure via local access (bnc#1160195, bsc#1165881).\n\nCVE-2019-19965: Fixed a NULL pointer dereference in\ndrivers/scsi/libsas/sas_discover.c because of mishandling of port\ndisconnection during discovery, related to a PHY down race condition\n(bnc#1159911).\n\nCVE-2019-20054: Fixed a NULL pointer dereference in\ndrop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links\n(bnc#1159910).\n\nCVE-2019-20096: Fixed a memory leak in __feat_register_sp() in\nnet/dccp/feat.c, which may cause denial of service (bnc#1159908).\n\nCVE-2019-19966: Fixed a use-after-free in cpia2_exit() in\ndrivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service\n(bnc#1159841).\n\nCVE-2019-19447: Fixed an issue with mounting a crafted ext4 filesystem\nimage, performing some operations, and unmounting could lead to a\nuse-after-free in ext4_put_super in fs/ext4/super.c, related to\ndump_orphan_list in fs/ext4/super.c (bnc#1158819).\n\nCVE-2019-19319: Fixed an issue with a setxattr operation, after a\nmount of a crafted ext4 image, can cause a slab-out-of-bounds write\naccess because of an ext4_xattr_set_entry use-after-free in\nfs/ext4/xattr.c when a large old_size value is used in a memset call\n(bnc#1158021).\n\nCVE-2019-19767: Fixed mishandling of ext4_expand_extra_isize, as\ndemonstrated by use-after-free errors in __ext4_expand_extra_isize and\next4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c\n(bnc#1159297).\n\nCVE-2019-19066: Fixed memory leak in the bfad_im_get_stats() function\nin drivers/scsi/bfa/bfad_attr.c that allowed attackers to cause a\ndenial of service (memory consumption) by triggering\nbfa_port_get_stats() failures (bnc#1157303).\n\nCVE-2019-19332: There was an OOB memory write via\nkvm_dev_ioctl_get_cpuid (bsc#1158827).\n\nCVE-2019-19537: There was a race condition bug that could have been\ncaused by a malicious USB device in the USB character device driver\nlayer (bnc#1158904).\n\nCVE-2019-19535: There was an info-leak bug that could have been caused\nby a malicious USB device in the\ndrivers/net/can/usb/peak_usb/pcan_usb_fd.c driver (bnc#1158903).\n\nCVE-2019-19527: There was a use-after-free bug that could have been\ncaused by a malicious USB device in the drivers/hid/usbhid/hiddev.c\ndriver (bnc#1158900).\n\nCVE-2019-19533: There was an info-leak bug that could have been caused\nby a malicious USB device in the\ndrivers/media/usb/ttusb-dec/ttusb_dec.c driver (bnc#1158834).\n\nCVE-2019-19532: There were multiple out-of-bounds write bugs that\ncould have been caused by a malicious USB device in the Linux kernel\nHID drivers (bnc#1158824).\n\nCVE-2019-19523: There was a use-after-free bug that could have been\ncaused by a malicious USB device in the drivers/usb/misc/adutux.c\ndriver (bnc#1158823).\n\nCVE-2019-15213: An issue was discovered in the Linux kernel, there was\na use-after-free caused by a malicious USB device in the\ndrivers/media/usb/dvb-usb/dvb-usb-init.c driver (bnc#1146544).\n\nCVE-2019-19531: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/misc/yurex.c driver\n(bnc#1158445).\n\nCVE-2019-19525: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/net/ieee802154/atusb.c driver\n(bnc#1158417).\n\nCVE-2019-19530: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/class/cdc-acm.c driver\n(bnc#1158410).\n\nCVE-2019-19536: There was an info-leak bug that can be caused by a\nmalicious USB device in the\ndrivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394).\n\nCVE-2019-19524: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/input/ff-memless.c driver\n(bnc#1158413).\n\nCVE-2019-19534: There was an info-leak bug that can be caused by a\nmalicious USB device in the\ndrivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398).\n\nCVE-2019-14901: A heap overflow flaw was found in the Linux kernel in\nMarvell WiFi chip driver. The vulnerability allowed a remote attacker\nto cause a system crash, resulting in a denial of service, or execute\narbitrary code. The highest threat with this vulnerability is with the\navailability of the system. If code execution occurs, the code will\nrun with the permissions of root. This will affect both\nconfidentiality and integrity of files on the system (bnc#1157042).\n\nCVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi\nchip driver. The flaw could occur when the station attempts a\nconnection negotiation during the handling of the remote devices\ncountry settings. This could allow the remote device to cause a denial\nof service (system crash) or possibly execute arbitrary code\n(bnc#1157158).\n\nCVE-2019-18660: Fixed a information disclosure on powerpc related to\nthe Spectre-RSB mitigation. This is related to\narch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c\n(bnc#1157038 1157923).\n\nCVE-2019-18683: Fixed a privilege escalation where local users have\n/dev/video0 access, but only if the driver happens to be loaded. There\nare multiple race conditions during streaming stopping in this driver\n(part of the V4L2 subsystem) (bnc#1155897).\n\nCVE-2019-19062: Fixed a memory leak in the crypto_report() function in\ncrypto/crypto_user_base.c, which allowed attackers to cause a denial\nof service (memory consumption) by triggering crypto_report_alg()\nfailures (bnc#1157333).\n\nCVE-2019-19052: A memory leak in the gs_can_open() function in\ndrivers/net/can/usb/gs_usb.c allowed attackers to cause a denial of\nservice (memory consumption) by triggering usb_submit_urb() failures\n(bnc#1157324).\n\nCVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in\ndrivers/net/wireless/ath/ath9k/wmi.c allowed attackers to cause a\ndenial of service (memory consumption) (bnc#1157143).\n\nCVE-2019-19073: Memory leaks in\ndrivers/net/wireless/ath/ath9k/htc_hst.c allowed attackers to cause a\ndenial of service (memory consumption) by triggering\nwait_for_completion_timeout() failures (bnc#1157070).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-05-15T00:00:00", "id": "SUSE_SU-2020-1255-1.NASL", "href": "https://www.tenable.com/plugins/nessus/136661", "published": "2020-05-15T00:00:00", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1255-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1255-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136661);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/19\");\n\n script_cve_id(\"CVE-2017-18255\", \"CVE-2018-21008\", \"CVE-2019-14615\", \"CVE-2019-14895\", \"CVE-2019-14896\", \"CVE-2019-14897\", \"CVE-2019-14901\", \"CVE-2019-15213\", \"CVE-2019-18660\", \"CVE-2019-18675\", \"CVE-2019-18683\", \"CVE-2019-19052\", \"CVE-2019-19062\", \"CVE-2019-19066\", \"CVE-2019-19073\", \"CVE-2019-19074\", \"CVE-2019-19319\", \"CVE-2019-19332\", \"CVE-2019-19447\", \"CVE-2019-19523\", \"CVE-2019-19524\", \"CVE-2019-19525\", \"CVE-2019-19527\", \"CVE-2019-19530\", \"CVE-2019-19531\", \"CVE-2019-19532\", \"CVE-2019-19533\", \"CVE-2019-19534\", \"CVE-2019-19535\", \"CVE-2019-19536\", \"CVE-2019-19537\", \"CVE-2019-19767\", \"CVE-2019-19768\", \"CVE-2019-19965\", \"CVE-2019-19966\", \"CVE-2019-20054\", \"CVE-2019-20096\", \"CVE-2019-3701\", \"CVE-2019-5108\", \"CVE-2019-9455\", \"CVE-2019-9458\", \"CVE-2020-10690\", \"CVE-2020-10720\", \"CVE-2020-10942\", \"CVE-2020-11494\", \"CVE-2020-11608\", \"CVE-2020-11609\", \"CVE-2020-2732\", \"CVE-2020-8647\", \"CVE-2020-8648\", \"CVE-2020-8649\", \"CVE-2020-8992\", \"CVE-2020-9383\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1255-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-11494: An issue was discovered in slc_bump in\ndrivers/net/can/slcan.c, which allowed attackers to read uninitialized\ncan_frame data, potentially containing sensitive information from\nkernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL\n(bnc#1168424).\n\nCVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks\nvalidation of an sk_family field, which might allow attackers to\ntrigger kernel stack corruption via crafted system calls\n(bnc#1167629).\n\nCVE-2020-8647: Fixed a use-after-free vulnerability in the\nvc_do_resize function in drivers/tty/vt/vt.c (bnc#1162929).\n\nCVE-2020-8649: Fixed a use-after-free vulnerability in the\nvgacon_invert_region function in drivers/video/console/vgacon.c\n(bnc#1162931).\n\nCVE-2020-9383: Fixed an issue in set_fdc in drivers/block/floppy.c,\nwhich leads to a wait_til_ready out-of-bounds read (bnc#1165111).\n\nCVE-2019-9458: In the video driver there was a use after free due to a\nrace condition. This could lead to local escalation of privilege with\nno additional execution privileges needed (bnc#1168295).\n\nCVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a\nsystem crash (bnc#1120386).\n\nCVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function\nin kernel/trace/blktrace.c (bnc#1159285).\n\nCVE-2020-11609: Fixed a NULL pointer dereference in the stv06xx\nsubsystem caused by mishandling invalid descriptors (bnc#1168854).\n\nCVE-2020-10720: Fixed a use-after-free read in napi_gro_frags()\n(bsc#1170778).\n\nCVE-2020-10690: Fixed the race between the release of ptp_clock and\ncdev (bsc#1170056).\n\nCVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a\nvideo driver. This could lead to local information disclosure with\nSystem execution privileges needed (bnc#1170345).\n\nCVE-2020-11608: Fixed an issue in drivers/media/usb/gspca/ov519.c\ncaused by a NULL pointer dereferences in ov511_mode_init_regs and\nov518_mode_init_regs when there are zero endpoints (bnc#1168829).\n\nCVE-2017-18255: The perf_cpu_time_max_percent_handler function in\nkernel/events/core.c allowed local users to cause a denial of service\n(integer overflow) or possibly have unspecified other impact via a\nlarge value, as demonstrated by an incorrect sample-rate calculation\n(bnc#1087813).\n\nCVE-2020-8648: There was a use-after-free vulnerability in the\nn_tty_receive_buf_common function in drivers/tty/n_tty.c\n(bnc#1162928).\n\nCVE-2020-2732: A flaw was discovered in the way that the KVM\nhypervisor handled instruction emulation for an L2 guest when nested\nvirtualisation is enabled. Under some circumstances, an L2 guest may\ntrick the L0 guest into accessing sensitive L1 resources that should\nbe inaccessible to the L2 guest (bnc#1163971).\n\nCVE-2019-5108: Fixed a denial-of-service vulnerability caused by\ntriggering AP to send IAPP location updates for stations before the\nrequired authentication process has completed (bnc#1159912).\n\nCVE-2020-8992: ext4_protect_reserved_inode in fs/ext4/block_validity.c\nallowed attackers to cause a denial of service (soft lockup) via a\ncrafted journal size (bnc#1164069).\n\nCVE-2018-21008: Fixed a use-after-free which could be caused by the\nfunction rsi_mac80211_detach in the file\ndrivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591).\n\nCVE-2019-14896: A heap-based buffer overflow vulnerability was found\nin Marvell WiFi chip driver. A remote attacker could cause a denial of\nservice (system crash) or, possibly execute arbitrary code, when the\nlbs_ibss_join_existing function is called after a STA connects to an\nAP (bnc#1157157).\n\nCVE-2019-14897: A stack-based buffer overflow was found in Marvell\nWiFi chip driver. An attacker is able to cause a denial of service\n(system crash) or, possibly execute arbitrary code, when a STA works\nin IBSS mode (allows connecting stations together without the use of\nan AP) and connects to another STA (bnc#1157155).\n\nCVE-2019-18675: Fixed an integer overflow in cpia2_remap_buffer in\ndrivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap\nimplementation. This allowed local users (with /dev/video0 access) to\nobtain read and write permissions on kernel physical pages, which can\npossibly result in a privilege escalation (bnc#1157804).\n\nCVE-2019-14615: Insufficient control flow in certain data structures\nfor some Intel(R) Processors with Intel(R) Processor Graphics may have\nallowed an unauthenticated user to potentially enable information\ndisclosure via local access (bnc#1160195, bsc#1165881).\n\nCVE-2019-19965: Fixed a NULL pointer dereference in\ndrivers/scsi/libsas/sas_discover.c because of mishandling of port\ndisconnection during discovery, related to a PHY down race condition\n(bnc#1159911).\n\nCVE-2019-20054: Fixed a NULL pointer dereference in\ndrop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links\n(bnc#1159910).\n\nCVE-2019-20096: Fixed a memory leak in __feat_register_sp() in\nnet/dccp/feat.c, which may cause denial of service (bnc#1159908).\n\nCVE-2019-19966: Fixed a use-after-free in cpia2_exit() in\ndrivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service\n(bnc#1159841).\n\nCVE-2019-19447: Fixed an issue with mounting a crafted ext4 filesystem\nimage, performing some operations, and unmounting could lead to a\nuse-after-free in ext4_put_super in fs/ext4/super.c, related to\ndump_orphan_list in fs/ext4/super.c (bnc#1158819).\n\nCVE-2019-19319: Fixed an issue with a setxattr operation, after a\nmount of a crafted ext4 image, can cause a slab-out-of-bounds write\naccess because of an ext4_xattr_set_entry use-after-free in\nfs/ext4/xattr.c when a large old_size value is used in a memset call\n(bnc#1158021).\n\nCVE-2019-19767: Fixed mishandling of ext4_expand_extra_isize, as\ndemonstrated by use-after-free errors in __ext4_expand_extra_isize and\next4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c\n(bnc#1159297).\n\nCVE-2019-19066: Fixed memory leak in the bfad_im_get_stats() function\nin drivers/scsi/bfa/bfad_attr.c that allowed attackers to cause a\ndenial of service (memory consumption) by triggering\nbfa_port_get_stats() failures (bnc#1157303).\n\nCVE-2019-19332: There was an OOB memory write via\nkvm_dev_ioctl_get_cpuid (bsc#1158827).\n\nCVE-2019-19537: There was a race condition bug that could have been\ncaused by a malicious USB device in the USB character device driver\nlayer (bnc#1158904).\n\nCVE-2019-19535: There was an info-leak bug that could have been caused\nby a malicious USB device in the\ndrivers/net/can/usb/peak_usb/pcan_usb_fd.c driver (bnc#1158903).\n\nCVE-2019-19527: There was a use-after-free bug that could have been\ncaused by a malicious USB device in the drivers/hid/usbhid/hiddev.c\ndriver (bnc#1158900).\n\nCVE-2019-19533: There was an info-leak bug that could have been caused\nby a malicious USB device in the\ndrivers/media/usb/ttusb-dec/ttusb_dec.c driver (bnc#1158834).\n\nCVE-2019-19532: There were multiple out-of-bounds write bugs that\ncould have been caused by a malicious USB device in the Linux kernel\nHID drivers (bnc#1158824).\n\nCVE-2019-19523: There was a use-after-free bug that could have been\ncaused by a malicious USB device in the drivers/usb/misc/adutux.c\ndriver (bnc#1158823).\n\nCVE-2019-15213: An issue was discovered in the Linux kernel, there was\na use-after-free caused by a malicious USB device in the\ndrivers/media/usb/dvb-usb/dvb-usb-init.c driver (bnc#1146544).\n\nCVE-2019-19531: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/misc/yurex.c driver\n(bnc#1158445).\n\nCVE-2019-19525: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/net/ieee802154/atusb.c driver\n(bnc#1158417).\n\nCVE-2019-19530: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/class/cdc-acm.c driver\n(bnc#1158410).\n\nCVE-2019-19536: There was an info-leak bug that can be caused by a\nmalicious USB device in the\ndrivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394).\n\nCVE-2019-19524: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/input/ff-memless.c driver\n(bnc#1158413).\n\nCVE-2019-19534: There was an info-leak bug that can be caused by a\nmalicious USB device in the\ndrivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398).\n\nCVE-2019-14901: A heap overflow flaw was found in the Linux kernel in\nMarvell WiFi chip driver. The vulnerability allowed a remote attacker\nto cause a system crash, resulting in a denial of service, or execute\narbitrary code. The highest threat with this vulnerability is with the\navailability of the system. If code execution occurs, the code will\nrun with the permissions of root. This will affect both\nconfidentiality and integrity of files on the system (bnc#1157042).\n\nCVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi\nchip driver. The flaw could occur when the station attempts a\nconnection negotiation during the handling of the remote devices\ncountry settings. This could allow the remote device to cause a denial\nof service (system crash) or possibly execute arbitrary code\n(bnc#1157158).\n\nCVE-2019-18660: Fixed a information disclosure on powerpc related to\nthe Spectre-RSB mitigation. This is related to\narch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c\n(bnc#1157038 1157923).\n\nCVE-2019-18683: Fixed a privilege escalation where local users have\n/dev/video0 access, but only if the driver happens to be loaded. There\nare multiple race conditions during streaming stopping in this driver\n(part of the V4L2 subsystem) (bnc#1155897).\n\nCVE-2019-19062: Fixed a memory leak in the crypto_report() function in\ncrypto/crypto_user_base.c, which allowed attackers to cause a denial\nof service (memory consumption) by triggering crypto_report_alg()\nfailures (bnc#1157333).\n\nCVE-2019-19052: A memory leak in the gs_can_open() function in\ndrivers/net/can/usb/gs_usb.c allowed attackers to cause a denial of\nservice (memory consumption) by triggering usb_submit_urb() failures\n(bnc#1157324).\n\nCVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in\ndrivers/net/wireless/ath/ath9k/wmi.c allowed attackers to cause a\ndenial of service (memory consumption) (bnc#1157143).\n\nCVE-2019-19073: Memory leaks in\ndrivers/net/wireless/ath/ath9k/htc_hst.c allowed attackers to cause a\ndenial of service (memory consumption) by triggering\nwait_for_completion_timeout() failures (bnc#1157070).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136449\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155897\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158394\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159199\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162298\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1165111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1165311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1165873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1165881\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1165984\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1165985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168295\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170056\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18255/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-21008/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14615/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14895/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14896/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14897/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14901/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-15213/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18660/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18675/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18683/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19052/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19062/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19066/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19073/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19074/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19319/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19332/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19447/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19523/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19524/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19525/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19527/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19530/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19531/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19532/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19533/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19534/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19535/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19536/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19537/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19767/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19768/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19965/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19966/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-20054/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-20096/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-3701/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5108/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9455/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9458/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-10690/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-10720/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-10942/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11494/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11608/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11609/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-2732/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8647/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8648/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8649/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8992/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-9383/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201255-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?11d53778\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-1255=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1255=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-1255=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-1255=1\n\nSUSE Linux Enterprise High Availability 12-SP2 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP2-2020-1255=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_129-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_129-default-1-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-4.4.121-92.129.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-base-4.4.121-92.129.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-base-debuginfo-4.4.121-92.129.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.121-92.129.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.121-92.129.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.121-92.129.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.121-92.129.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.121-92.129.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-4.4.121-92.129.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-4.4.121-92.129.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-debuginfo-4.4.121-92.129.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debuginfo-4.4.121-92.129.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debugsource-4.4.121-92.129.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-devel-4.4.121-92.129.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-syms-4.4.121-92.129.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-06T00:55:25", "bulletinFamily": "scanner", "description": "According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - drivers/gpu/drm/radeon/radeon_display.c in the Linux\n kernel 5.2.14 does not check the alloc_workqueue return\n value, leading to a NULL pointer dereference. NOTE: A\n third-party software maintainer states that the work\n queue allocation is happening during device\n initialization, which for a graphics card occurs during\n boot. It is not attacker controllable and OOM at that\n time is highly unlikely.(CVE-2019-16230)\n\n - In the Linux kernel 5.4.0-rc2, there is a\n use-after-free (read) in the __blk_add_trace function\n in kernel/trace/blktrace.c (which is used to fill out a\n blk_io_trace structure and place it in a per-cpu\n sub-buffer).(CVE-2019-19768)\n\n - A flaw was discovered in the way that the KVM\n hypervisor handled instruction emulation for an L2\n guest when nested virtualisation is enabled. Under some\n circumstances, an L2 guest may trick the L0 guest into\n accessing sensitive L1 resources that should be\n inaccessible to the L2 guest.(CVE-2020-2732)\n\n - There is a use-after-free vulnerability in the Linux\n kernel through 5.5.2 in the vc_do_resize function in\n drivers/tty/vt/vt.c.(CVE-2020-8647)\n\n - There is a use-after-free vulnerability in the Linux\n kernel through 5.5.2 in the n_tty_receive_buf_common\n function in drivers/tty/n_tty.c.(CVE-2020-8648)\n\n - There is a use-after-free vulnerability in the Linux\n kernel through 5.5.2 in the vgacon_invert_region\n function in\n drivers/video/console/vgacon.c.(CVE-2020-8649)\n\n - ext4_protect_reserved_inode in fs/ext4/block_validity.c\n in the Linux kernel through 5.5.3 allows attackers to\n cause a denial of service (soft lockup) via a crafted\n journal size.(CVE-2020-8992)\n\n - An issue was discovered in the Linux kernel through\n 5.5.6. set_fdc in drivers/block/floppy.c leads to a\n wait_til_ready out-of-bounds read because the FDC index\n is not checked for errors before assigning it, aka\n CID-2e90ca68b0d2.(CVE-2020-9383)\n\n - In kernel/compat.c in the Linux kernel before 3.17, as\n used in Google Chrome OS and other products, there is a\n possible out-of-bounds read. restart_syscall uses\n uninitialized data when restarting\n compat_sys_nanosleep. NOTE: this is disputed because\n the code path is unreachable.(CVE-2014-3180)\n\n - A heap-based buffer overflow vulnerability was found in\n the Linux kernel, version kernel-2.6.32, in Marvell\n WiFi chip driver. A remote attacker could cause a\n denial of service (system crash) or, possibly execute\n arbitrary code, when the lbs_ibss_join_existing\n function is called after a STA connects to an\n AP.(CVE-2019-14896)\n\n - A stack-based buffer overflow was found in the Linux\n kernel, version kernel-2.6.32, in Marvell WiFi chip\n driver. An attacker is able to cause a denial of\n service (system crash) or, possibly execute arbitrary\n code, when a STA works in IBSS mode (allows connecting\n stations together without the use of an AP) and\n connects to another STA.(CVE-2019-14897)\n\n - An out-of-bounds memory write issue was found in the\n Linux Kernel, version 3.13 through 5.4, in the way the\n Linux kernel", "modified": "2020-04-15T00:00:00", "id": "EULEROS_SA-2020-1396.NASL", "href": "https://www.tenable.com/plugins/nessus/135525", "published": "2020-04-15T00:00:00", "title": "EulerOS 2.0 SP3 : kernel (EulerOS-SA-2020-1396)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135525);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/04\");\n\n script_cve_id(\n \"CVE-2014-3180\",\n \"CVE-2014-9888\",\n \"CVE-2017-12134\",\n \"CVE-2017-13216\",\n \"CVE-2017-13693\",\n \"CVE-2017-7346\",\n \"CVE-2017-8068\",\n \"CVE-2017-8069\",\n \"CVE-2017-8070\",\n \"CVE-2018-12207\",\n \"CVE-2018-14633\",\n \"CVE-2019-0154\",\n \"CVE-2019-0155\",\n \"CVE-2019-10126\",\n \"CVE-2019-10220\",\n \"CVE-2019-11135\",\n \"CVE-2019-14895\",\n \"CVE-2019-14896\",\n \"CVE-2019-14897\",\n \"CVE-2019-14901\",\n \"CVE-2019-15291\",\n \"CVE-2019-16230\",\n \"CVE-2019-16231\",\n \"CVE-2019-16232\",\n \"CVE-2019-18675\",\n \"CVE-2019-18805\",\n \"CVE-2019-18806\",\n \"CVE-2019-19054\",\n \"CVE-2019-19056\",\n \"CVE-2019-19057\",\n \"CVE-2019-19060\",\n \"CVE-2019-19062\",\n \"CVE-2019-19063\",\n \"CVE-2019-19066\",\n \"CVE-2019-19073\",\n \"CVE-2019-19074\",\n \"CVE-2019-19227\",\n \"CVE-2019-19332\",\n \"CVE-2019-19523\",\n \"CVE-2019-19524\",\n \"CVE-2019-19527\",\n \"CVE-2019-19528\",\n \"CVE-2019-19530\",\n \"CVE-2019-19531\",\n \"CVE-2019-19532\",\n \"CVE-2019-19533\",\n \"CVE-2019-19534\",\n \"CVE-2019-19536\",\n \"CVE-2019-19537\",\n \"CVE-2019-19768\",\n \"CVE-2019-19922\",\n \"CVE-2019-19965\",\n \"CVE-2019-19966\",\n \"CVE-2019-20054\",\n \"CVE-2019-20096\",\n \"CVE-2019-2215\",\n \"CVE-2019-5108\",\n \"CVE-2020-2732\",\n \"CVE-2020-8647\",\n \"CVE-2020-8648\",\n \"CVE-2020-8649\",\n \"CVE-2020-8992\",\n \"CVE-2020-9383\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : kernel (EulerOS-SA-2020-1396)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - drivers/gpu/drm/radeon/radeon_display.c in the Linux\n kernel 5.2.14 does not check the alloc_workqueue return\n value, leading to a NULL pointer dereference. NOTE: A\n third-party software maintainer states that the work\n queue allocation is happening during device\n initialization, which for a graphics card occurs during\n boot. It is not attacker controllable and OOM at that\n time is highly unlikely.(CVE-2019-16230)\n\n - In the Linux kernel 5.4.0-rc2, there is a\n use-after-free (read) in the __blk_add_trace function\n in kernel/trace/blktrace.c (which is used to fill out a\n blk_io_trace structure and place it in a per-cpu\n sub-buffer).(CVE-2019-19768)\n\n - A flaw was discovered in the way that the KVM\n hypervisor handled instruction emulation for an L2\n guest when nested virtualisation is enabled. Under some\n circumstances, an L2 guest may trick the L0 guest into\n accessing sensitive L1 resources that should be\n inaccessible to the L2 guest.(CVE-2020-2732)\n\n - There is a use-after-free vulnerability in the Linux\n kernel through 5.5.2 in the vc_do_resize function in\n drivers/tty/vt/vt.c.(CVE-2020-8647)\n\n - There is a use-after-free vulnerability in the Linux\n kernel through 5.5.2 in the n_tty_receive_buf_common\n function in drivers/tty/n_tty.c.(CVE-2020-8648)\n\n - There is a use-after-free vulnerability in the Linux\n kernel through 5.5.2 in the vgacon_invert_region\n function in\n drivers/video/console/vgacon.c.(CVE-2020-8649)\n\n - ext4_protect_reserved_inode in fs/ext4/block_validity.c\n in the Linux kernel through 5.5.3 allows attackers to\n cause a denial of service (soft lockup) via a crafted\n journal size.(CVE-2020-8992)\n\n - An issue was discovered in the Linux kernel through\n 5.5.6. set_fdc in drivers/block/floppy.c leads to a\n wait_til_ready out-of-bounds read because the FDC index\n is not checked for errors before assigning it, aka\n CID-2e90ca68b0d2.(CVE-2020-9383)\n\n - In kernel/compat.c in the Linux kernel before 3.17, as\n used in Google Chrome OS and other products, there is a\n possible out-of-bounds read. restart_syscall uses\n uninitialized data when restarting\n compat_sys_nanosleep. NOTE: this is disputed because\n the code path is unreachable.(CVE-2014-3180)\n\n - A heap-based buffer overflow vulnerability was found in\n the Linux kernel, version kernel-2.6.32, in Marvell\n WiFi chip driver. A remote attacker could cause a\n denial of service (system crash) or, possibly execute\n arbitrary code, when the lbs_ibss_join_existing\n function is called after a STA connects to an\n AP.(CVE-2019-14896)\n\n - A stack-based buffer overflow was found in the Linux\n kernel, version kernel-2.6.32, in Marvell WiFi chip\n driver. An attacker is able to cause a denial of\n service (system crash) or, possibly execute arbitrary\n code, when a STA works in IBSS mode (allows connecting\n stations together without the use of an AP) and\n connects to another STA.(CVE-2019-14897)\n\n - An out-of-bounds memory write issue was found in the\n Linux Kernel, version 3.13 through 5.4, in the way the\n Linux kernel's KVM hypervisor handled the\n 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID\n features emulated by the KVM hypervisor. A user or\n process able to access the '/dev/kvm' device could use\n this flaw to crash the system, resulting in a denial of\n service.(CVE-2019-19332)\n\n - In the Linux kernel before 5.3.9, there are multiple\n out-of-bounds write bugs that can be caused by a\n malicious USB device in the Linux kernel HID drivers,\n aka CID-d9d4b1e46d95. This affects\n drivers/hid/hid-axff.c, drivers/hid/hid-dr.c,\n drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c,\n drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c,\n drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c,\n drivers/hid/hid-lgff.c,\n drivers/hid/hid-logitech-hidpp.c,\n drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c,\n drivers/hid/hid-tmff.c, and\n drivers/hid/hid-zpff.c.(CVE-2019-19532)\n\n - kernel/sched/fair.c in the Linux kernel before 5.3.9,\n when cpu.cfs_quota_us is used (e.g., with Kubernetes),\n allows attackers to cause a denial of service against\n non-cpu-bound applications by generating a workload\n that triggers unwanted slice expiration, aka\n CID-de53fd7aedb1. (In other words, although this slice\n expiration would typically be seen with benign\n workloads, it is possible that an attacker could\n calculate how many stray requests are required to force\n an entire Kubernetes cluster into a low-performance\n state caused by slice expiration, and ensure that a\n DDoS attack sent that number of stray requests. An\n attack does not affect the stability of the kernel it\n only causes mismanagement of application\n execution.)(CVE-2019-19922)\n\n - In the Linux kernel through 5.4.6, there is a NULL\n pointer dereference in\n drivers/scsi/libsas/sas_discover.c because of\n mishandling of port disconnection during discovery,\n related to a PHY down race condition, aka\n CID-f70267f379b5.(CVE-2019-19965)\n\n - In the Linux kernel before 5.1.6, there is a\n use-after-free in cpia2_exit() in\n drivers/media/usb/cpia2/cpia2_v4l.c that will cause\n denial of service, aka\n CID-dea37a972655.(CVE-2019-19966)\n\n - In the Linux kernel before 5.0.6, there is a NULL\n pointer dereference in drop_sysctl_table() in\n fs/proc/proc_sysctl.c, related to put_links, aka\n CID-23da9588037e.(CVE-2019-20054)\n\n - An exploitable denial-of-service vulnerability exists\n in the Linux kernel prior to mainline 5.3. An attacker\n could exploit this vulnerability by triggering AP to\n send IAPP location updates for stations before the\n required authentication process has completed. This\n could lead to different denial-of-service scenarios,\n either by causing CAM table attacks, or by leading to\n traffic flapping if faking already existing clients in\n other nearby APs of the same wireless infrastructure.\n An attacker can forge Authentication and Association\n Request packets to trigger this\n vulnerability.(CVE-2019-5108)\n\n - In the Linux kernel before 5.1, there is a memory leak\n in __feat_register_sp() in net/dccp/feat.c, which may\n cause denial of service, aka\n CID-1d3ff0950e2b.(CVE-2019-20096)\n\n - Improper invalidation for page table updates by a\n virtual guest operating system for multiple Intel(R)\n Processors may allow an authenticated user to\n potentially enable denial of service of the host system\n via local access.(CVE-2018-12207)\n\n - Insufficient access control in subsystem for Intel (R)\n processor graphics in 6th, 7th, 8th and 9th Generation\n Intel(R) Core(TM) Processor Families Intel(R)\n Pentium(R) Processor J, N, Silver and Gold Series\n Intel(R) Celeron(R) Processor J, N, G3900 and G4900\n Series Intel(R) Atom(R) Processor A and E3900 Series\n Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100\n Processor Families may allow an authenticated user to\n potentially enable denial of service via local\n access.(CVE-2019-0154)\n\n - Insufficient access control in a subsystem for Intel\n (R) processor graphics in 6th, 7th, 8th and 9th\n Generation Intel(R) Core(TM) Processor Families\n Intel(R) Pentium(R) Processor J, N, Silver and Gold\n Series Intel(R) Celeron(R) Processor J, N, G3900 and\n G4900 Series Intel(R) Atom(R) Processor A and E3900\n Series Intel(R) Xeon(R) Processor E3-1500 v5 and v6,\n E-2100 and E-2200 Processor Families Intel(R) Graphics\n Driver for Windows before 26.20.100.6813 (DCH) or\n 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077),\n i915 Linux Driver for Intel(R) Processor Graphics\n before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154,\n 4.9.201, 4.4.201 may allow an authenticated user to\n potentially enable escalation of privilege via local\n access.(CVE-2019-0155)\n\n - TSX Asynchronous Abort condition on some CPUs utilizing\n speculative execution may allow an authenticated user\n to potentially enable information disclosure via a side\n channel with local access.(CVE-2019-11135)\n\n - Linux kernel CIFS implementation, version 4.9.0 is\n vulnerable to a relative paths injection in directory\n entry lists.(CVE-2019-10220)\n\n - A heap overflow flaw was found in the Linux kernel, all\n versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi\n chip driver. The vulnerability allows a remote attacker\n to cause a system crash, resulting in a denial of\n service, or execute arbitrary code. The highest threat\n with this vulnerability is with the availability of the\n system. If code execution occurs, the code will run\n with the permissions of root. This will affect both\n confidentiality and integrity of files on the\n system.(CVE-2019-14901)\n\n - The vmw_gb_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux\n kernel through 4.10.7 does not validate certain levels\n data, which allows local users to cause a denial of\n service (system hang) via a crafted ioctl call for a\n /dev/dri/renderD* device.(CVE-2017-7346)\n\n - A heap-based buffer overflow was discovered in the\n Linux kernel, all versions 3.x.x and 4.x.x before\n 4.18.0, in Marvell WiFi chip driver. The flaw could\n occur when the station attempts a connection\n negotiation during the handling of the remote devices\n country settings. This could allow the remote device to\n cause a denial of service (system crash) or possibly\n execute arbitrary code.(CVE-2019-14895)\n\n - An issue was discovered in the Linux kernel through\n 5.2.9. There is a NULL pointer dereference caused by a\n malicious USB device in the flexcop_usb_probe function\n in the drivers/media/usb/b2c2/flexcop-usb.c\n driver.(CVE-2019-15291)\n\n - The Linux kernel through 5.3.13 has a start_offset+size\n Integer Overflow in cpia2_remap_buffer in\n drivers/media/usb/cpia2/cpia2_core.c because cpia2 has\n its own mmap implementation. This allows local users\n (with /dev/video0 access) to obtain read and write\n permissions on kernel physical pages, which can\n possibly result in a privilege\n escalation.(CVE-2019-18675)\n\n - In the AppleTalk subsystem in the Linux kernel before\n 5.1, there is a potential NULL pointer dereference\n because register_snap_client may return NULL. This will\n lead to denial of service in net/appletalk/aarp.c and\n net/appletalk/ddp.c, as demonstrated by\n unregister_snap_client, aka\n CID-9804501fa122.(CVE-2019-19227)\n\n - In the Linux kernel before 5.3.7, there is a\n use-after-free bug that can be caused by a malicious\n USB device in the drivers/usb/misc/adutux.c driver, aka\n CID-44efc269db79.(CVE-2019-19523)\n\n - In the Linux kernel before 5.3.12, there is a\n use-after-free bug that can be caused by a malicious\n USB device in the drivers/input/ff-memless.c driver,\n aka CID-fa3a5a1880c9.(CVE-2019-19524)\n\n - In the Linux kernel before 5.2.10, there is a\n use-after-free bug that can be caused by a malicious\n USB device in the drivers/hid/usbhid/hiddev.c driver,\n aka CID-9c09b214f30e.(CVE-2019-19527)\n\n - In the Linux kernel before 5.3.7, there is a\n use-after-free bug that can be caused by a malicious\n USB device in the drivers/usb/misc/iowarrior.c driver,\n aka CID-edc4746f253d.(CVE-2019-19528)\n\n - In the Linux kernel before 5.2.10, there is a\n use-after-free bug that can be caused by a malicious\n USB device in the drivers/usb/class/cdc-acm.c driver,\n aka CID-c52873e5a1ef.(CVE-2019-19530)\n\n - In the Linux kernel before 5.2.9, there is a\n use-after-free bug that can be caused by a malicious\n USB device in the drivers/usb/misc/yurex.c driver, aka\n CID-fc05481b2fca.(CVE-2019-19531)\n\n - In the Linux kernel before 5.3.4, there is an info-leak\n bug that can be caused by a malicious USB device in the\n drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka\n CID-a10feaf8c464.(CVE-2019-19533)\n\n - In the Linux kernel before 5.3.11, there is an\n info-leak bug that can be caused by a malicious USB\n device in the\n drivers/net/can/usb/peak_usb/pcan_usb_core.c driver,\n aka CID-f7a1337f0d29.(CVE-2019-19534)\n\n - In the Linux kernel before 5.2.10, there is a race\n condition bug that can be caused by a malicious USB\n device in the USB character device driver layer, aka\n CID-303911cfc5b9. This affects\n drivers/usb/core/file.c.(CVE-2019-19536)\n\n - In the Linux kernel before 5.2.10, there is a race\n condition bug that can be caused by a malicious USB\n device in the USB character device driver layer, aka\n CID-303911cfc5b9. This affects\n drivers/usb/core/file.c.(CVE-2019-19537)\n\n - The xen_biovec_phys_mergeable function in\n drivers/xen/biomerge.c in Xen might allow local OS\n guest users to corrupt block device data streams and\n consequently obtain sensitive memory information, cause\n a denial of service, or gain host OS privileges by\n leveraging incorrect block IO merge-ability\n calculation.(CVE-2017-12134)\n\n - In ashmem_ioctl of ashmem.c, there is an out-of-bounds\n write due to insufficient locking when accessing asma.\n This could lead to a local elevation of privilege\n enabling code execution as a privileged process with no\n additional execution privileges needed. User\n interaction is not needed for exploitation. Product:\n Android. Versions: Android kernel. Android ID:\n A-66954097.(CVE-2017-13216)\n\n - The acpi_ds_create_operands() function in\n drivers/acpi/acpica/dsutils.c in the Linux kernel\n through 4.12.9 does not flush the operand cache and\n causes a kernel stack dump, which allows local users to\n obtain sensitive information from kernel memory and\n bypass the KASLR protection mechanism (in the kernel\n through 4.9) via a crafted ACPI table.(CVE-2017-13693)\n\n - drivers/net/usb/pegasus.c in the Linux kernel 4.9.x\n before 4.9.11 interacts incorrectly with the\n CONFIG_VMAP_STACK option, which allows local users to\n cause a denial of service (system crash or memory\n corruption) or possibly have unspecified other impact\n by leveraging use of more than one virtual page for a\n DMA scatterlist.(CVE-2017-8068)\n\n - drivers/net/usb/rtl8150.c in the Linux kernel 4.9.x\n before 4.9.11 interacts incorrectly with the\n CONFIG_VMAP_STACK option, which allows local users to\n cause a denial of service (system crash or memory\n corruption) or possibly have unspecified other impact\n by leveraging use of more than one virtual page for a\n DMA scatterlist.(CVE-2017-8069)\n\n - drivers/net/usb/catc.c in the Linux kernel 4.9.x before\n 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK\n option, which allows local users to cause a denial of\n service (system crash or memory corruption) or possibly\n have unspecified other impact by leveraging use of more\n than one virtual page for a DMA\n scatterlist.(CVE-2017-8070)\n\n - A security flaw was found in the\n chap_server_compute_md5() function in the ISCSI target\n code in the Linux kernel in a way an authentication\n request from an ISCSI initiator is processed. An\n unauthenticated remote attacker can cause a stack\n buffer overflow and smash up to 17 bytes of the stack.\n The attack requires the iSCSI target to be enabled on\n the victim host. Depending on how the target's code was\n built (i.e. depending on a compiler, compile flags and\n hardware architecture) an attack may lead to a system\n crash and thus to a denial-of-service or possibly to a\n non-authorized access to data exported by an iSCSI\n target. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we\n believe it is highly unlikely. Kernel versions 4.18.x,\n 4.14.x and 3.10.x are believed to be\n vulnerable.(CVE-2018-14633)\n\n - A flaw was found in the Linux kernel. A heap based\n buffer overflow in mwifiex_uap_parse_tail_ies function\n in drivers/net/wireless/marvell/mwifiex/ie.c might lead\n to memory corruption and possibly other\n consequences.(CVE-2019-10126)\n\n - An issue was discovered in net/ipv4/sysctl_net_ipv4.c\n in the Linux kernel before 5.0.11. There is a\n net/ipv4/tcp_input.c signed integer overflow in\n tcp_ack_update_rtt() when userspace writes a very large\n integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading\n to a denial of service or possibly unspecified other\n impact, aka CID-19fad20d15a6.(CVE-2019-18805)\n\n - A memory leak in the ql_alloc_large_buffers() function\n in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux\n kernel before 5.3.5 allows local users to cause a\n denial of service (memory consumption) by triggering\n pci_dma_mapping_error() failures, aka\n CID-1acb8f2a7a9f.(CVE-2019-18806)\n\n - A use-after-free in binder.c allows an elevation of\n privilege from an application to the Linux Kernel. No\n user interaction is required to exploit this\n vulnerability, however exploitation does require either\n the installation of a malicious local application or a\n separate vulnerability in a network facing\n application.Product: AndroidAndroid ID:\n A-141720095(CVE-2019-2215)\n\n - arch/arm/mm/dma-mapping.c in the Linux kernel before\n 3.13 on ARM platforms, as used in Android before\n 2016-08-05 on Nexus 5 and 7 (2013) devices, does not\n prevent executable DMA mappings, which might allow\n local users to gain privileges via a crafted\n application, aka Android internal bug 28803642 and\n Qualcomm internal bug CR642735.(CVE-2014-9888)\n\n - A memory leak in the cx23888_ir_probe() function in\n drivers/media/pci/cx23885/cx23888-ir.c in the Linux\n kernel through 5.3.11 allows attackers to cause a\n denial of service (memory consumption) by triggering\n kfifo_alloc() failures, aka\n CID-a7b2df76b42b.(CVE-2019-19054)\n\n - A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf()\n function in drivers/net/wireless/marvell/mwifiex/pcie.c\n in the Linux kernel through 5.3.11 allows attackers to\n cause a denial of service (memory consumption) by\n triggering mwifiex_map_pci_memory() failures, aka\n CID-db8fd2cde932.(CVE-2019-19056)\n\n - Two memory leaks in the mwifiex_pcie_init_evt_ring()\n function in drivers/net/wireless/marvell/mwifiex/pcie.c\n in the Linux kernel through 5.3.11 allow attackers to\n cause a denial of service (memory consumption) by\n triggering mwifiex_map_pci_memory() failures, aka\n CID-d10dcb615c8e.(CVE-2019-19057)\n\n - A memory leak in the adis_update_scan_mode() function\n in drivers/iio/imu/adis_buffer.c in the Linux kernel\n before 5.3.9 allows attackers to cause a denial of\n service (memory consumption), aka\n CID-ab612b1daf41.(CVE-2019-19060)\n\n - A memory leak in the crypto_report() function in\n crypto/crypto_user_base.c in the Linux kernel through\n 5.3.11 allows attackers to cause a denial of service\n (memory consumption) by triggering(CVE-2019-19062)\n\n - Two memory leaks in the rtl_usb_probe() function in\n drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux\n kernel through 5.3.11 allow attackers to cause a denial\n of service (memory consumption), aka\n CID-3f9361695113.(CVE-2019-19063)\n\n - A memory leak in the bfad_im_get_stats() function in\n drivers/scsi/bfa/bfad_attr.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption) by triggering\n bfa_port_get_stats() failures, aka\n CID-0e62395da2bd.(CVE-2019-19066)\n\n - Memory leaks in\n drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux\n kernel through 5.3.11 allow attackers to cause a denial\n of service (memory consumption) by triggering\n wait_for_completion_timeout() failures. This affects\n the htc_config_pipe_credits() function, the\n htc_setup_complete() function, and the\n htc_connect_service() function, aka\n CID-853acf7caf10.(CVE-2019-19073)\n\n - A memory leak in the ath9k_wmi_cmd() function in\n drivers/net/wireless/ath/ath9k/wmi.c in the Linux\n kernel through 5.3.11 allows attackers to cause a\n denial of service (memory consumption), aka\n CID-728c1e2a05e4.(CVE-2019-19074)\n\n - drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14\n does not check the alloc_workqueue return value,\n leading to a NULL pointer dereference.(CVE-2019-16231)\n\n - drivers/net/wireless/marvell/libertas/if_sdio.c in the\n Linux kernel 5.2.14 does not check the alloc_workqueue\n return value, leading to a NULL pointer\n dereference.(CVE-2019-16232)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1396\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1f67439f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Android Binder Use-After-Free Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.44.5.10.h254\",\n \"kernel-debuginfo-3.10.0-514.44.5.10.h254\",\n \"kernel-debuginfo-common-x86_64-3.10.0-514.44.5.10.h254\",\n \"kernel-devel-3.10.0-514.44.5.10.h254\",\n \"kernel-headers-3.10.0-514.44.5.10.h254\",\n \"kernel-tools-3.10.0-514.44.5.10.h254\",\n \"kernel-tools-libs-3.10.0-514.44.5.10.h254\",\n \"perf-3.10.0-514.44.5.10.h254\",\n \"python-perf-3.10.0-514.44.5.10.h254\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-18T03:15:47", "bulletinFamily": "scanner", "description": "The SUSE Linux Enterprise 15 SP1 real-time kernel was updated to\nreceive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-14615: An information disclosure vulnerability existed due to\ninsufficient control flow in certain data structures for some Intel(R)\nProcessors (bnc#1160195).\n\nCVE-2019-14895: A heap-based buffer overflow was discovered in the\nMarvell WiFi driver. The flaw could occur when the station attempts a\nconnection negotiation during the handling of the remote devices\ncountry settings. This could allow the remote device to cause a denial\nof service or possibly execute arbitrary code (bnc#1157158).\n\nCVE-2019-14896: A heap overflow was found in the add_ie_rates()\nfunction of the Marvell Wifi Driver (bsc#1157157).\n\nCVE-2019-14897: A stack overflow was found in the\nlbs_ibss_join_existing() function of the Marvell Wifi Driver\n(bsc#1157155).\n\nCVE-2019-14901: A heap overflow flaw was found in the Marvell WiFi\ndriver. The vulnerability allowed a remote attacker to cause a system\ncrash, resulting in a denial of service, or execute arbitrary code\n(bnc#1157042).\n\nCVE-2019-15213: A use-after-free bug caused by a malicious USB device\nwas found in drivers/media/usb/dvb-usb/dvb-usb-init.c (bsc#1146544).\n\nCVE-2019-16746: An issue was discovered in net/wireless/nl80211.c. The\ncheck for the length of variable elements in a beacon head was\ninsufficient, leading to a buffer overflow (bnc#1152107).\n\nCVE-2019-16994: A memory leak existed in sit_init_net() in\nnet/ipv6/sit.c which might have caused denial of service, aka\nCID-07f12b26e21a (bnc#1161523).\n\nCVE-2019-18660: An information disclosure bug occured because the\nSpectre-RSB mitigation were not in place for all applicable CPUs, aka\nCID-39e72bf96f58 (bnc#1157038).\n\nCVE-2019-18683: Multiple race conditions were discovered in\ndrivers/media/platform/vivid. It was exploitable for privilege\nescalation if local users had access to /dev/video0, but only if the\ndriver happened to be loaded. At least one of these race conditions\nled to a use-after-free (bnc#1155897).\n\nCVE-2019-18808: A memory leak in drivers/crypto/ccp/ccp-ops.c allowed\nattackers to cause a denial of service (memory consumption), aka\nCID-128c66429247 (bnc#1156259).\n\nCVE-2019-18809: A memory leak in drivers/media/usb/dvb-usb/af9005.c\nallowed attackers to cause a denial of service (memory consumption),\naka CID-2289adbfa559 (bnc#1156258).\n\nCVE-2019-19036: An issue discovered in btrfs_root_node in\nfs/btrfs/ctree.c allowed a NULL pointer dereference because\nrcu_dereference(root->node) can be zero (bnc#1157692).\n\nCVE-2019-19045: A memory leak in\ndrivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c allowed attackers\nto cause a denial of service (memory consumption) by triggering\nmlx5_vector2eqn() failures, aka CID-c8c2a057fdc7 (bnc#1161522).\n\nCVE-2019-19046: There was a memory leak in __ipmi_bmc_register\n(bsc#1157304).\n\nCVE-2019-19049: There was an unlikely memory leak in unittest_data_add\n(bsc#1157173).\n\nCVE-2019-19051: A memory leak in drivers/net/wimax/i2400m/op-rfkill.c\nallowed attackers to cause a denial of service (memory consumption),\naka CID-6f3ef5c25cc7 (bnc#1159024).\n\nCVE-2019-19052: A memory leak in drivers/net/can/usb/gs_usb.c allowed\nattackers to cause a denial of service (memory consumption), aka\nCID-fb5be6a7b486 (bnc#1157324).\n\nCVE-2019-19054: A memory leak in the cx23888_ir_probe() function in\ndrivers/media/pci/cx23885/cx23888-ir.c allowed attackers to cause a\ndenial of service (memory consumption) by triggering kfifo_alloc()\nfailures, aka CID-a7b2df76b42b (bnc#1161518).\n\nCVE-2019-19056: A memory leak in\ndrivers/net/wireless/marvell/mwifiex/pcie.c allowed attackers to cause\na denial of service (memory consumption), aka CID-db8fd2cde932\n(bnc#1157197).\n\nCVE-2019-19057: Two memory leaks in\ndrivers/net/wireless/marvell/mwifiex/pcie.c allowed attackers to cause\na denial of service (memory consumption), aka CID-d10dcb615c8e\n(bnc#1157193 bsc#1157197).\n\nCVE-2019-19058: A memory leak in\ndrivers/net/wireless/intel/iwlwifi/fw/dbg.c allowed attackers to cause\na denial of service (memory consumption), aka CID-b4b814fec1a5\n(bnc#1157145).\n\nCVE-2019-19060: A memory leak in drivers/iio/imu/adis_buffer.c allowed\nattackers to cause a denial of service (memory consumption), aka\nCID-ab612b1daf41 (bnc#1157178).\n\nCVE-2019-19062: A memory leak in crypto/crypto_user_base.c allowed\nattackers to cause a denial of service (memory consumption), aka\nCID-ffdde5932042 (bnc#1157333).\n\nCVE-2019-19063: Two memory leaks in\ndrivers/net/wireless/realtek/rtlwifi/usb.c allowed attackers to cause\na denial of service (memory consumption), aka CID-3f9361695113\n(bnc#1157298).\n\nCVE-2019-19065: A memory leak in drivers/infiniband/hw/hfi1/sdma.c\nallowed attackers to cause a denial of service (memory consumption),\naka CID-34b3be18a04e (bnc#1157191).\n\nCVE-2019-19066: A memory leak in drivers/scsi/bfa/bfad_attr.c allowed\nattackers to cause a denial of service (memory consumption), aka\nCID-0e62395da2bd (bnc#1157303).\n\nCVE-2019-19067: There were four unlikely memory leaks in the\nacp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c\n(bnc#1157180).\n\nCVE-2019-19068: A memory leak in\ndrivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allowed\nattackers to cause a denial of service (memory consumption), aka\nCID-a2cdd07488e6 (bnc#1157307).\n\nCVE-2019-19073: Memory leaks in\ndrivers/net/wireless/ath/ath9k/htc_hst.c allowed attackers to cause a\ndenial of service (memory consumption), aka CID-853acf7caf10\n(bnc#1157070).\n\nCVE-2019-19074: A memory leak in drivers/net/wireless/ath/ath9k/wmi.c\nallowed attackers to cause a denial of service (memory consumption),\naka CID-728c1e2a05e4 (bnc#1157143).\n\nCVE-2019-19075: A memory leak in drivers/net/ieee802154/ca8210.c\nallowed attackers to cause a denial of service (memory consumption) by\ntriggering ca8210_get_platform_data() failures, aka CID-6402939ec86e\n(bnc#1157162).\n\nCVE-2019-19077: A memory leak in\ndrivers/infiniband/hw/bnxt_re/ib_verbs.c allowed attackers to cause a\ndenial of service (memory consumption), aka CID-4a9d46a9fe14\n(bnc#1157171).\n\nCVE-2019-19078: A memory leak in drivers/net/wireless/ath/ath10k/usb.c\nallowed attackers to cause a denial of service (memory consumption) by\ntriggering usb_submit_urb() failures, aka CID-b8d17e7d93d2\n(bnc#1157032).\n\nCVE-2019-19080: Four memory leaks in\ndrivers/net/ethernet/netronome/nfp/flower/main.c allowed attackers to\ncause a denial of service (memory consumption), aka CID-8572cea1461a\n(bnc#1157044).\n\nCVE-2019-19081: A memory leak in\ndrivers/net/ethernet/netronome/nfp/flower/main.c allowed attackers to\ncause a denial of service (memory consumption), aka CID-8ce39eb5a67a\n(bnc#1157045).\n\nCVE-2019-19082: Memory leaks were found in the *create_resource_pool()\nfunctions under drivers/gpu/drm/amd/display/dc, aka CID-104c307147ad\n(bnc#1157046).\n\nCVE-2019-19083: Memory leaks were found in the *clock_source_create()\nfunctions under drivers/gpu/drm/amd/display/dc, aka CID-055e547478a1\n(bnc#1157049).\n\nCVE-2019-19227: In the AppleTalk subsystem there was a potential NULL\npointer dereference because register_snap_client may return NULL. This\ncould have led to denial of service, aka CID-9804501fa122\n(bnc#1157678).\n\nCVE-2019-19318: Mounting a crafted btrfs image twice could have caused\na use-after-free (bnc#1158026).\n\nCVE-2019-19319: A slab-out-of-bounds write access could have occured\nwhen setxattr was called after mounting of a specially crafted ext4\nimage (bnc#1158021).\n\nCVE-2019-19332: An out-of-bounds memory write issue was found in the\nway the KVM hypervisor handled the ", "modified": "2020-03-10T00:00:00", "id": "SUSE_SU-2020-0613-1.NASL", "href": "https://www.tenable.com/plugins/nessus/134363", "published": "2020-03-10T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:0613-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0613-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134363);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_cve_id(\"CVE-2019-14615\", \"CVE-2019-14895\", \"CVE-2019-14896\", \"CVE-2019-14897\", \"CVE-2019-14901\", \"CVE-2019-15213\", \"CVE-2019-16746\", \"CVE-2019-16994\", \"CVE-2019-18660\", \"CVE-2019-18683\", \"CVE-2019-18808\", \"CVE-2019-18809\", \"CVE-2019-19036\", \"CVE-2019-19045\", \"CVE-2019-19046\", \"CVE-2019-19049\", \"CVE-2019-19051\", \"CVE-2019-19052\", \"CVE-2019-19054\", \"CVE-2019-19056\", \"CVE-2019-19057\", \"CVE-2019-19058\", \"CVE-2019-19060\", \"CVE-2019-19062\", \"CVE-2019-19063\", \"CVE-2019-19065\", \"CVE-2019-19066\", \"CVE-2019-19067\", \"CVE-2019-19068\", \"CVE-2019-19073\", \"CVE-2019-19074\", \"CVE-2019-19075\", \"CVE-2019-19077\", \"CVE-2019-19078\", \"CVE-2019-19080\", \"CVE-2019-19081\", \"CVE-2019-19082\", \"CVE-2019-19083\", \"CVE-2019-19227\", \"CVE-2019-19318\", \"CVE-2019-19319\", \"CVE-2019-19332\", \"CVE-2019-19338\", \"CVE-2019-19447\", \"CVE-2019-19523\", \"CVE-2019-19524\", \"CVE-2019-19525\", \"CVE-2019-19526\", \"CVE-2019-19527\", \"CVE-2019-19528\", \"CVE-2019-19529\", \"CVE-2019-19530\", \"CVE-2019-19531\", \"CVE-2019-19532\", \"CVE-2019-19533\", \"CVE-2019-19534\", \"CVE-2019-19535\", \"CVE-2019-19536\", \"CVE-2019-19537\", \"CVE-2019-19543\", \"CVE-2019-19767\", \"CVE-2019-19927\", \"CVE-2019-19965\", \"CVE-2019-19966\", \"CVE-2019-20054\", \"CVE-2019-20095\", \"CVE-2019-20096\", \"CVE-2020-7053\", \"CVE-2020-8428\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:0613-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 15 SP1 real-time kernel was updated to\nreceive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-14615: An information disclosure vulnerability existed due to\ninsufficient control flow in certain data structures for some Intel(R)\nProcessors (bnc#1160195).\n\nCVE-2019-14895: A heap-based buffer overflow was discovered in the\nMarvell WiFi driver. The flaw could occur when the station attempts a\nconnection negotiation during the handling of the remote devices\ncountry settings. This could allow the remote device to cause a denial\nof service or possibly execute arbitrary code (bnc#1157158).\n\nCVE-2019-14896: A heap overflow was found in the add_ie_rates()\nfunction of the Marvell Wifi Driver (bsc#1157157).\n\nCVE-2019-14897: A stack overflow was found in the\nlbs_ibss_join_existing() function of the Marvell Wifi Driver\n(bsc#1157155).\n\nCVE-2019-14901: A heap overflow flaw was found in the Marvell WiFi\ndriver. The vulnerability allowed a remote attacker to cause a system\ncrash, resulting in a denial of service, or execute arbitrary code\n(bnc#1157042).\n\nCVE-2019-15213: A use-after-free bug caused by a malicious USB device\nwas found in drivers/media/usb/dvb-usb/dvb-usb-init.c (bsc#1146544).\n\nCVE-2019-16746: An issue was discovered in net/wireless/nl80211.c. The\ncheck for the length of variable elements in a beacon head was\ninsufficient, leading to a buffer overflow (bnc#1152107).\n\nCVE-2019-16994: A memory leak existed in sit_init_net() in\nnet/ipv6/sit.c which might have caused denial of service, aka\nCID-07f12b26e21a (bnc#1161523).\n\nCVE-2019-18660: An information disclosure bug occured because the\nSpectre-RSB mitigation were not in place for all applicable CPUs, aka\nCID-39e72bf96f58 (bnc#1157038).\n\nCVE-2019-18683: Multiple race conditions were discovered in\ndrivers/media/platform/vivid. It was exploitable for privilege\nescalation if local users had access to /dev/video0, but only if the\ndriver happened to be loaded. At least one of these race conditions\nled to a use-after-free (bnc#1155897).\n\nCVE-2019-18808: A memory leak in drivers/crypto/ccp/ccp-ops.c allowed\nattackers to cause a denial of service (memory consumption), aka\nCID-128c66429247 (bnc#1156259).\n\nCVE-2019-18809: A memory leak in drivers/media/usb/dvb-usb/af9005.c\nallowed attackers to cause a denial of service (memory consumption),\naka CID-2289adbfa559 (bnc#1156258).\n\nCVE-2019-19036: An issue discovered in btrfs_root_node in\nfs/btrfs/ctree.c allowed a NULL pointer dereference because\nrcu_dereference(root->node) can be zero (bnc#1157692).\n\nCVE-2019-19045: A memory leak in\ndrivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c allowed attackers\nto cause a denial of service (memory consumption) by triggering\nmlx5_vector2eqn() failures, aka CID-c8c2a057fdc7 (bnc#1161522).\n\nCVE-2019-19046: There was a memory leak in __ipmi_bmc_register\n(bsc#1157304).\n\nCVE-2019-19049: There was an unlikely memory leak in unittest_data_add\n(bsc#1157173).\n\nCVE-2019-19051: A memory leak in drivers/net/wimax/i2400m/op-rfkill.c\nallowed attackers to cause a denial of service (memory consumption),\naka CID-6f3ef5c25cc7 (bnc#1159024).\n\nCVE-2019-19052: A memory leak in drivers/net/can/usb/gs_usb.c allowed\nattackers to cause a denial of service (memory consumption), aka\nCID-fb5be6a7b486 (bnc#1157324).\n\nCVE-2019-19054: A memory leak in the cx23888_ir_probe() function in\ndrivers/media/pci/cx23885/cx23888-ir.c allowed attackers to cause a\ndenial of service (memory consumption) by triggering kfifo_alloc()\nfailures, aka CID-a7b2df76b42b (bnc#1161518).\n\nCVE-2019-19056: A memory leak in\ndrivers/net/wireless/marvell/mwifiex/pcie.c allowed attackers to cause\na denial of service (memory consumption), aka CID-db8fd2cde932\n(bnc#1157197).\n\nCVE-2019-19057: Two memory leaks in\ndrivers/net/wireless/marvell/mwifiex/pcie.c allowed attackers to cause\na denial of service (memory consumption), aka CID-d10dcb615c8e\n(bnc#1157193 bsc#1157197).\n\nCVE-2019-19058: A memory leak in\ndrivers/net/wireless/intel/iwlwifi/fw/dbg.c allowed attackers to cause\na denial of service (memory consumption), aka CID-b4b814fec1a5\n(bnc#1157145).\n\nCVE-2019-19060: A memory leak in drivers/iio/imu/adis_buffer.c allowed\nattackers to cause a denial of service (memory consumption), aka\nCID-ab612b1daf41 (bnc#1157178).\n\nCVE-2019-19062: A memory leak in crypto/crypto_user_base.c allowed\nattackers to cause a denial of service (memory consumption), aka\nCID-ffdde5932042 (bnc#1157333).\n\nCVE-2019-19063: Two memory leaks in\ndrivers/net/wireless/realtek/rtlwifi/usb.c allowed attackers to cause\na denial of service (memory consumption), aka CID-3f9361695113\n(bnc#1157298).\n\nCVE-2019-19065: A memory leak in drivers/infiniband/hw/hfi1/sdma.c\nallowed attackers to cause a denial of service (memory consumption),\naka CID-34b3be18a04e (bnc#1157191).\n\nCVE-2019-19066: A memory leak in drivers/scsi/bfa/bfad_attr.c allowed\nattackers to cause a denial of service (memory consumption), aka\nCID-0e62395da2bd (bnc#1157303).\n\nCVE-2019-19067: There were four unlikely memory leaks in the\nacp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c\n(bnc#1157180).\n\nCVE-2019-19068: A memory leak in\ndrivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allowed\nattackers to cause a denial of service (memory consumption), aka\nCID-a2cdd07488e6 (bnc#1157307).\n\nCVE-2019-19073: Memory leaks in\ndrivers/net/wireless/ath/ath9k/htc_hst.c allowed attackers to cause a\ndenial of service (memory consumption), aka CID-853acf7caf10\n(bnc#1157070).\n\nCVE-2019-19074: A memory leak in drivers/net/wireless/ath/ath9k/wmi.c\nallowed attackers to cause a denial of service (memory consumption),\naka CID-728c1e2a05e4 (bnc#1157143).\n\nCVE-2019-19075: A memory leak in drivers/net/ieee802154/ca8210.c\nallowed attackers to cause a denial of service (memory consumption) by\ntriggering ca8210_get_platform_data() failures, aka CID-6402939ec86e\n(bnc#1157162).\n\nCVE-2019-19077: A memory leak in\ndrivers/infiniband/hw/bnxt_re/ib_verbs.c allowed attackers to cause a\ndenial of service (memory consumption), aka CID-4a9d46a9fe14\n(bnc#1157171).\n\nCVE-2019-19078: A memory leak in drivers/net/wireless/ath/ath10k/usb.c\nallowed attackers to cause a denial of service (memory consumption) by\ntriggering usb_submit_urb() failures, aka CID-b8d17e7d93d2\n(bnc#1157032).\n\nCVE-2019-19080: Four memory leaks in\ndrivers/net/ethernet/netronome/nfp/flower/main.c allowed attackers to\ncause a denial of service (memory consumption), aka CID-8572cea1461a\n(bnc#1157044).\n\nCVE-2019-19081: A memory leak in\ndrivers/net/ethernet/netronome/nfp/flower/main.c allowed attackers to\ncause a denial of service (memory consumption), aka CID-8ce39eb5a67a\n(bnc#1157045).\n\nCVE-2019-19082: Memory leaks were found in the *create_resource_pool()\nfunctions under drivers/gpu/drm/amd/display/dc, aka CID-104c307147ad\n(bnc#1157046).\n\nCVE-2019-19083: Memory leaks were found in the *clock_source_create()\nfunctions under drivers/gpu/drm/amd/display/dc, aka CID-055e547478a1\n(bnc#1157049).\n\nCVE-2019-19227: In the AppleTalk subsystem there was a potential NULL\npointer dereference because register_snap_client may return NULL. This\ncould have led to denial of service, aka CID-9804501fa122\n(bnc#1157678).\n\nCVE-2019-19318: Mounting a crafted btrfs image twice could have caused\na use-after-free (bnc#1158026).\n\nCVE-2019-19319: A slab-out-of-bounds write access could have occured\nwhen setxattr was called after mounting of a specially crafted ext4\nimage (bnc#1158021).\n\nCVE-2019-19332: An out-of-bounds memory write issue was found in the\nway the KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2)\nrequest to get CPUID features emulated by the KVM hypervisor. A user\nor process able to access the '/dev/kvm' device could have used this\nflaw to crash the system (bnc#1158827).\n\nCVE-2019-19338: There was an incomplete fix for an issue with\nTransactional Synchronisation Extensions in the KVM code\n(bsc#1158954).\n\nCVE-2019-19447: Mounting a crafted ext4 filesystem image, performing\nsome operations, and unmounting could have led to a use-after-free in\nfs/ext4/super.c (bnc#1158819).\n\nCVE-2019-19523: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/misc/adutux.c driver, aka\nCID-44efc269db79 (bsc#1158823).\n\nCVE-2019-19524: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/input/ff-memless.c driver, aka\nCID-fa3a5a1880c9 (bsc#1158413).\n\nCVE-2019-19525: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/net/ieee802154/atusb.c driver, aka\nCID-7fd25e6fc035 (bsc#1158417).\n\nCVE-2019-19526: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/nfc/pn533/usb.c driver, aka\nCID-6af3aa57a098 (bsc#1158893).\n\nCVE-2019-19527: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka\nCID-9c09b214f30e (bsc#1158900).\n\nCVE-2019-19528: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/misc/iowarrior.c driver, aka\nCID-edc4746f253d (bsc#1158407).\n\nCVE-2019-19529: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka\nCID-4d6636498c41 (bnc#1158381).\n\nCVE-2019-19530: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/class/cdc-acm.c driver, aka\nCID-c52873e5a1ef (bsc#1158410).\n\nCVE-2019-19531: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/misc/yurex.c driver, aka\nCID-fc05481b2fca (bsc#1158445).\n\nCVE-2019-19532: There were multiple out-of-bounds write bugs that can\nbe caused by a malicious USB HID device, aka CID-d9d4b1e46d95\n(bsc#1158824).\n\nCVE-2019-19533: There was an info-leak bug that can be caused by a\nmalicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c\ndriver, aka CID-a10feaf8c464 (bsc#1158834).\n\nCVE-2019-19534: There was an info-leak bug that can be caused by a\nmalicious USB device in the\ndrivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka\nCID-f7a1337f0d29 (bsc#1158398).\n\nCVE-2019-19535: There was an info-leak bug that can be caused by a\nmalicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c\ndriver, aka CID-30a8beeb3042 (bsc#1158903).\n\nCVE-2019-19536: There was an info-leak bug that can be caused by a\nmalicious USB device in the\ndrivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka\nCID-ead16e53c2f0 (bsc#1158394).\n\nCVE-2019-19537: There was a race condition bug that can be caused by a\nmalicious USB device in the USB character device driver layer, aka\nCID-303911cfc5b9 (bsc#1158904).\n\nCVE-2019-19543: There was a use-after-free in serial_ir_init_module()\nin drivers/media/rc/serial_ir.c (bnc#1158427).\n\nCVE-2019-19767: There were multiple use-after-free errors in\n__ext4_expand_extra_isize and ext4_xattr_set_entry, related to\nfs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163\n(bnc#1159297).\n\nCVE-2019-19927: A slab-out-of-bounds read access occured when mounting\na crafted f2fs filesystem image and performing some operations on it\n(bnc#1160147).\n\nCVE-2019-19965: There was a NULL pointer dereference in\ndrivers/scsi/libsas/sas_discover.c because of mishandling of port\ndisconnection during discovery, related to a PHY down race condition,\naka CID-f70267f379b5 (bnc#1159911).\n\nCVE-2019-19966: There was a use-after-free in cpia2_exit() in\ndrivers/media/usb/cpia2/cpia2_v4l.c that could have caused a denial of\nservice, aka CID-dea37a972655 (bnc#1159841).\n\nCVE-2019-20054: There was a NULL pointer dereference in\ndrop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links,\naka CID-23da9588037e (bnc#1159910).\n\nCVE-2019-20095: Several memory leaks were found in\ndrivers/net/wireless/marvell/mwifiex/cfg80211.c, aka CID-003b686ace82\n(bnc#1159909).\n\nCVE-2019-20096: There was a memory leak in __feat_register_sp() in\nnet/dccp/feat.c, aka CID-1d3ff0950e2b (bnc#1159908).\n\nCVE-2020-7053: There was a use-after-free (write) in the\ni915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka\nCID-7dc40713618c (bnc#1160966).\n\nCVE-2020-8428: There was a use-after-free bug in fs/namei.c, which\nallowed local users to cause a denial of service (OOPS) or possibly\nobtain sensitive information from kernel memory, aka CID-d0cb50185ae9\n(bnc#1162109).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078248\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085030\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086314\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103989\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103991\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123328\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127611\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134983\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141054\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151927\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152631\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154355\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154601\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155897\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155921\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157046\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157049\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157173\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157298\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157678\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158049\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158394\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158638\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158643\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158954\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159394\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160678\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160756\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161522\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161935\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161936\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14615/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14895/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14896/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14897/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14901/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-15213/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16746/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16994/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18660/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18683/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18808/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18809/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19036/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19045/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19046/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19049/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19051/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19052/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19054/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19056/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19057/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19058/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19060/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19062/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19063/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19065/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19066/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19067/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19068/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19073/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19074/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19075/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19077/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19078/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19080/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19081/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19082/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19083/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19227/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19318/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19319/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19332/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19338/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19447/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19523/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19524/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19525/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19526/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19527/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19528/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19529/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19530/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19531/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19532/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19533/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19534/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19535/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19536/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19537/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19767/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19927/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19965/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19966/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-20054/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-20095/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-20096/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-7053/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8428/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200613-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e18d9374\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Realtime 15-SP1:zypper in -t patch\nSUSE-SLE-Module-RT-15-SP1-2020-613=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-613=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-base-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-base-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debugsource-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-devel-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-devel-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debugsource-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-syms-rt-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt_debug-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt_debug-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt_debug-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt_debug-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt_debug-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt_debug-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debugsource-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-extra-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-extra-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-livepatch-devel-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-base-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-base-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debugsource-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-extra-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-extra-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-livepatch-devel-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-rt-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-rt-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-rt_debug-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-rt_debug-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt_debug-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt_debug-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-rt-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-rt-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-rt_debug-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-rt_debug-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt_debug-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt_debug-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt_debug-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt_debug-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt_debug-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt_debug-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debugsource-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-extra-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-extra-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-livepatch-devel-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-base-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-base-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debugsource-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-extra-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-extra-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-livepatch-devel-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-rt-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-rt-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-rt_debug-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-rt_debug-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt_debug-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt_debug-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-rt-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-rt-debuginfo-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-rt_debug-4.12.14-14.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-rt_debug-debuginfo-4.12.14-14.17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-18T03:15:27", "bulletinFamily": "scanner", "description": "The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-2732: Fixed an issue affecting Intel CPUs where an L2 guest\nmay trick the L0 hypervisor into accessing sensitive L1 resources\n(bsc#1163971).\n\nCVE-2019-19338: There was an incomplete fix for an issue with\nTransactional Synchronisation Extensions in the KVM code\n(bsc#1158954).\n\nCVE-2019-14615: An information disclosure vulnerability existed due to\ninsufficient control flow in certain data structures for some Intel(R)\nProcessors (bnc#1160195).\n\nCVE-2019-14896: A heap overflow was found in the add_ie_rates()\nfunction of the Marvell Wifi Driver (bsc#1157157).\n\nCVE-2019-14897: A stack overflow was found in the\nlbs_ibss_join_existing() function of the Marvell Wifi Driver\n(bsc#1157155).\n\nCVE-2019-15213: A use-after-free bug caused by a malicious USB device\nwas found in drivers/media/usb/dvb-usb/dvb-usb-init.c (bsc#1146544).\n\nCVE-2019-16994: A memory leak existed in sit_init_net() in\nnet/ipv6/sit.c which might have caused denial of service, aka\nCID-07f12b26e21a (bnc#1161523).\n\nCVE-2019-18808: A memory leak in drivers/crypto/ccp/ccp-ops.c allowed\nattackers to cause a denial of service (memory consumption), aka\nCID-128c66429247 (bnc#1156259).\n\nCVE-2019-19036: An issue discovered in btrfs_root_node in\nfs/btrfs/ctree.c allowed a NULL pointer dereference because\nrcu_dereference(root->node) can be zero (bnc#1157692).\n\nCVE-2019-19045: A memory leak in\ndrivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c allowed attackers\nto cause a denial of service (memory consumption) by triggering\nmlx5_vector2eqn() failures, aka CID-c8c2a057fdc7 (bnc#1161522).\n\nCVE-2019-19051: A memory leak in drivers/net/wimax/i2400m/op-rfkill.c\nallowed attackers to cause a denial of service (memory consumption),\naka CID-6f3ef5c25cc7 (bnc#1159024).\n\nCVE-2019-19054: A memory leak in the cx23888_ir_probe() function in\ndrivers/media/pci/cx23885/cx23888-ir.c allowed attackers to cause a\ndenial of service (memory consumption) by triggering kfifo_alloc()\nfailures, aka CID-a7b2df76b42b (bnc#1161518).\n\nCVE-2019-19066: A memory leak in drivers/scsi/bfa/bfad_attr.c allowed\nattackers to cause a denial of service (memory consumption), aka\nCID-0e62395da2bd (bnc#1157303).\n\nCVE-2019-19318: Mounting a crafted btrfs image twice could have caused\na use-after-free (bnc#1158026).\n\nCVE-2019-19319: A slab-out-of-bounds write access could have occured\nwhen setxattr was called after mounting of a specially crafted ext4\nimage (bnc#1158021).\n\nCVE-2019-19332: An out-of-bounds memory write issue was found in the\nway the KVM hypervisor handled the ", "modified": "2020-03-06T00:00:00", "id": "SUSE_SU-2020-0584-1.NASL", "href": "https://www.tenable.com/plugins/nessus/134293", "published": "2020-03-06T00:00:00", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0584-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0584-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134293);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/10\");\n\n script_cve_id(\"CVE-2019-14615\", \"CVE-2019-14896\", \"CVE-2019-14897\", \"CVE-2019-15213\", \"CVE-2019-16994\", \"CVE-2019-18808\", \"CVE-2019-19036\", \"CVE-2019-19045\", \"CVE-2019-19051\", \"CVE-2019-19054\", \"CVE-2019-19066\", \"CVE-2019-19318\", \"CVE-2019-19319\", \"CVE-2019-19332\", \"CVE-2019-19338\", \"CVE-2019-19447\", \"CVE-2019-19523\", \"CVE-2019-19524\", \"CVE-2019-19525\", \"CVE-2019-19526\", \"CVE-2019-19527\", \"CVE-2019-19528\", \"CVE-2019-19529\", \"CVE-2019-19530\", \"CVE-2019-19531\", \"CVE-2019-19532\", \"CVE-2019-19533\", \"CVE-2019-19534\", \"CVE-2019-19535\", \"CVE-2019-19536\", \"CVE-2019-19537\", \"CVE-2019-19543\", \"CVE-2019-19767\", \"CVE-2019-19965\", \"CVE-2019-19966\", \"CVE-2019-20054\", \"CVE-2019-20095\", \"CVE-2019-20096\", \"CVE-2020-2732\", \"CVE-2020-7053\", \"CVE-2020-8428\", \"CVE-2020-8648\", \"CVE-2020-8992\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0584-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-2732: Fixed an issue affecting Intel CPUs where an L2 guest\nmay trick the L0 hypervisor into accessing sensitive L1 resources\n(bsc#1163971).\n\nCVE-2019-19338: There was an incomplete fix for an issue with\nTransactional Synchronisation Extensions in the KVM code\n(bsc#1158954).\n\nCVE-2019-14615: An information disclosure vulnerability existed due to\ninsufficient control flow in certain data structures for some Intel(R)\nProcessors (bnc#1160195).\n\nCVE-2019-14896: A heap overflow was found in the add_ie_rates()\nfunction of the Marvell Wifi Driver (bsc#1157157).\n\nCVE-2019-14897: A stack overflow was found in the\nlbs_ibss_join_existing() function of the Marvell Wifi Driver\n(bsc#1157155).\n\nCVE-2019-15213: A use-after-free bug caused by a malicious USB device\nwas found in drivers/media/usb/dvb-usb/dvb-usb-init.c (bsc#1146544).\n\nCVE-2019-16994: A memory leak existed in sit_init_net() in\nnet/ipv6/sit.c which might have caused denial of service, aka\nCID-07f12b26e21a (bnc#1161523).\n\nCVE-2019-18808: A memory leak in drivers/crypto/ccp/ccp-ops.c allowed\nattackers to cause a denial of service (memory consumption), aka\nCID-128c66429247 (bnc#1156259).\n\nCVE-2019-19036: An issue discovered in btrfs_root_node in\nfs/btrfs/ctree.c allowed a NULL pointer dereference because\nrcu_dereference(root->node) can be zero (bnc#1157692).\n\nCVE-2019-19045: A memory leak in\ndrivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c allowed attackers\nto cause a denial of service (memory consumption) by triggering\nmlx5_vector2eqn() failures, aka CID-c8c2a057fdc7 (bnc#1161522).\n\nCVE-2019-19051: A memory leak in drivers/net/wimax/i2400m/op-rfkill.c\nallowed attackers to cause a denial of service (memory consumption),\naka CID-6f3ef5c25cc7 (bnc#1159024).\n\nCVE-2019-19054: A memory leak in the cx23888_ir_probe() function in\ndrivers/media/pci/cx23885/cx23888-ir.c allowed attackers to cause a\ndenial of service (memory consumption) by triggering kfifo_alloc()\nfailures, aka CID-a7b2df76b42b (bnc#1161518).\n\nCVE-2019-19066: A memory leak in drivers/scsi/bfa/bfad_attr.c allowed\nattackers to cause a denial of service (memory consumption), aka\nCID-0e62395da2bd (bnc#1157303).\n\nCVE-2019-19318: Mounting a crafted btrfs image twice could have caused\na use-after-free (bnc#1158026).\n\nCVE-2019-19319: A slab-out-of-bounds write access could have occured\nwhen setxattr was called after mounting of a specially crafted ext4\nimage (bnc#1158021).\n\nCVE-2019-19332: An out-of-bounds memory write issue was found in the\nway the KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2)\nrequest to get CPUID features emulated by the KVM hypervisor. A user\nor process able to access the '/dev/kvm' device could have used this\nflaw to crash the system (bnc#1158827).\n\nCVE-2019-19447: Mounting a crafted ext4 filesystem image, performing\nsome operations, and unmounting could have led to a use-after-free in\nfs/ext4/super.c (bnc#1158819).\n\nCVE-2019-19523: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/misc/adutux.c driver, aka\nCID-44efc269db79 (bsc#1158823).\n\nCVE-2019-19524: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/input/ff-memless.c driver, aka\nCID-fa3a5a1880c9 (bsc#1158413).\n\nCVE-2019-19525: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/net/ieee802154/atusb.c driver, aka\nCID-7fd25e6fc035 (bsc#1158417).\n\nCVE-2019-19526: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/nfc/pn533/usb.c driver, aka\nCID-6af3aa57a098 (bsc#1158893).\n\nCVE-2019-19527: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka\nCID-9c09b214f30e (bsc#1158900).\n\nCVE-2019-19528: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/misc/iowarrior.c driver, aka\nCID-edc4746f253d (bsc#1158407).\n\nCVE-2019-19529: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka\nCID-4d6636498c41 (bnc#1158381).\n\nCVE-2019-19530: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/class/cdc-acm.c driver, aka\nCID-c52873e5a1ef (bsc#1158410).\n\nCVE-2019-19531: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/misc/yurex.c driver, aka\nCID-fc05481b2fca (bsc#1158445).\n\nCVE-2019-19532: There were multiple out-of-bounds write bugs that can\nbe caused by a malicious USB HID device, aka CID-d9d4b1e46d95\n(bsc#1158824).\n\nCVE-2019-19533: There was an info-leak bug that can be caused by a\nmalicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c\ndriver, aka CID-a10feaf8c464 (bsc#1158834).\n\nCVE-2019-19534: There was an info-leak bug that can be caused by a\nmalicious USB device in the\ndrivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka\nCID-f7a1337f0d29 (bsc#1158398).\n\nCVE-2019-19535: There was an info-leak bug that can be caused by a\nmalicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c\ndriver, aka CID-30a8beeb3042 (bsc#1158903).\n\nCVE-2019-19536: There was an info-leak bug that can be caused by a\nmalicious USB device in the\ndrivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka\nCID-ead16e53c2f0 (bsc#1158394).\n\nCVE-2019-19537: There was a race condition bug that can be caused by a\nmalicious USB device in the USB character device driver layer, aka\nCID-303911cfc5b9 (bsc#1158904).\n\nCVE-2019-19543: There was a use-after-free in serial_ir_init_module()\nin drivers/media/rc/serial_ir.c (bnc#1158427).\n\nCVE-2019-19767: There were multiple use-after-free errors in\n__ext4_expand_extra_isize and ext4_xattr_set_entry, related to\nfs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163\n(bnc#1159297).\n\nCVE-2019-19965: There was a NULL pointer dereference in\ndrivers/scsi/libsas/sas_discover.c because of mishandling of port\ndisconnection during discovery, related to a PHY down race condition,\naka CID-f70267f379b5 (bnc#1159911).\n\nCVE-2019-19966: There was a use-after-free in cpia2_exit() in\ndrivers/media/usb/cpia2/cpia2_v4l.c that could have caused a denial of\nservice, aka CID-dea37a972655 (bnc#1159841).\n\nCVE-2019-20054: There was a NULL pointer dereference in\ndrop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links,\naka CID-23da9588037e (bnc#1159910).\n\nCVE-2019-20095: Several memory leaks were found in\ndrivers/net/wireless/marvell/mwifiex/cfg80211.c, aka CID-003b686ace82\n(bnc#1159909).\n\nCVE-2019-20096: There was a memory leak in __feat_register_sp() in\nnet/dccp/feat.c, aka CID-1d3ff0950e2b (bnc#1159908).\n\nCVE-2020-7053: There was a use-after-free (write) in the\ni915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka\nCID-7dc40713618c (bnc#1160966).\n\nCVE-2020-8428: There was a use-after-free bug in fs/namei.c, which\nallowed local users to cause a denial of service (OOPS) or possibly\nobtain sensitive information from kernel memory, aka CID-d0cb50185ae9\n(bnc#1162109).\n\nCVE-2020-8648: There was a use-after-free vulnerability in the\nn_tty_receive_buf_common function in drivers/tty/n_tty.c\n(bnc#1162928).\n\nCVE-2020-8992: An issue was discovered in ext4_protect_reserved_inode\nin fs/ext4/block_validity.c that allowed attackers to cause a soft\nlockup via a crafted journal size (bnc#1164069).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085030\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086314\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123328\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141054\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151927\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152631\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158394\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158638\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158643\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158954\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159394\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160756\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161522\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161935\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161936\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162623\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162943\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163836\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163842\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163857\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163859\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163860\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164314\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14615/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14896/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14897/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-15213/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16994/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18808/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19036/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19045/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19051/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19054/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19066/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19318/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19319/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19332/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19338/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19447/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19523/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19524/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19525/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19526/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19527/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19528/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19529/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19530/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19531/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19532/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19533/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19534/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19535/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19536/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19537/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19767/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19965/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19966/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-20054/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-20095/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-20096/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-2732/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-7053/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8428/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8648/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8992/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200584-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?93a06234\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch\nSUSE-SLE-WE-12-SP4-2020-584=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2020-584=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2020-584=1\n\nSUSE Linux Enterprise Live Patching 12-SP4:zypper in -t patch\nSUSE-SLE-Live-Patching-12-SP4-2020-584=1\n\nSUSE Linux Enterprise High Availability 12-SP4:zypper in -t patch\nSUSE-SLE-HA-12-SP4-2020-584=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-95.48.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-95.48.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-4.12.14-95.48.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-4.12.14-95.48.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-debuginfo-4.12.14-95.48.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debuginfo-4.12.14-95.48.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debugsource-4.12.14-95.48.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-devel-4.12.14-95.48.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-syms-4.12.14-95.48.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T22:58:45", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2018-13093, CVE-2018-13094\n\nWen Xu from SSLab at Gatech reported several NULL pointer dereference\nflaws that may be triggered when mounting and operating a crafted XFS\nvolume. An attacker able to mount arbitrary XFS volumes could use this\nto cause a denial of service (crash).\n\nCVE-2018-20976\n\nIt was discovered that the XFS file-system implementation did not\ncorrectly handle some mount failure conditions, which could lead to a\nuse-after-free. The security impact of this is unclear.\n\nCVE-2018-21008\n\nIt was discovered that the rsi wifi driver did not correctly handle\nsome failure conditions, which could lead to a use-after- free. The\nsecurity impact of this is unclear.\n\nCVE-2019-0136\n\nIt was discovered that the wifi soft-MAC implementation (mac80211) did\nnot properly authenticate Tunneled Direct Link Setup (TDLS) messages.\nA nearby attacker could use this for denial of service (loss of wifi\nconnectivity).\n\nCVE-2019-2215\n\nThe syzkaller tool discovered a use-after-free vulnerability in the\nAndroid binder driver. A local user on a system with this driver\nenabled could use this to cause a denial of service (memory corruption\nor crash) or possibly for privilege escalation. However, this driver\nis not enabled on Debian packaged kernels.\n\nCVE-2019-10220\n\nVarious developers and researchers found that if a crafted file-\nsystem or malicious file server presented a directory with filenames\nincluding a ", "modified": "2020-03-06T00:00:00", "id": "DEBIAN_DLA-2114.NASL", "href": "https://www.tenable.com/plugins/nessus/134240", "published": "2020-03-06T00:00:00", "title": "Debian DLA-2114-1 : linux-4.9 security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2114-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134240);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/10\");\n\n script_cve_id(\"CVE-2018-13093\", \"CVE-2018-13094\", \"CVE-2018-20976\", \"CVE-2018-21008\", \"CVE-2019-0136\", \"CVE-2019-10220\", \"CVE-2019-14615\", \"CVE-2019-14814\", \"CVE-2019-14815\", \"CVE-2019-14816\", \"CVE-2019-14895\", \"CVE-2019-14896\", \"CVE-2019-14897\", \"CVE-2019-14901\", \"CVE-2019-15098\", \"CVE-2019-15217\", \"CVE-2019-15291\", \"CVE-2019-15505\", \"CVE-2019-15917\", \"CVE-2019-16746\", \"CVE-2019-17052\", \"CVE-2019-17053\", \"CVE-2019-17054\", \"CVE-2019-17055\", \"CVE-2019-17056\", \"CVE-2019-17075\", \"CVE-2019-17133\", \"CVE-2019-17666\", \"CVE-2019-18282\", \"CVE-2019-18683\", \"CVE-2019-18809\", \"CVE-2019-19037\", \"CVE-2019-19051\", \"CVE-2019-19052\", \"CVE-2019-19056\", \"CVE-2019-19057\", \"CVE-2019-19062\", \"CVE-2019-19066\", \"CVE-2019-19068\", \"CVE-2019-19227\", \"CVE-2019-19332\", \"CVE-2019-19447\", \"CVE-2019-19523\", \"CVE-2019-19524\", \"CVE-2019-19525\", \"CVE-2019-19527\", \"CVE-2019-19530\", \"CVE-2019-19531\", \"CVE-2019-19532\", \"CVE-2019-19533\", \"CVE-2019-19534\", \"CVE-2019-19535\", \"CVE-2019-19536\", \"CVE-2019-19537\", \"CVE-2019-19767\", \"CVE-2019-19947\", \"CVE-2019-19965\", \"CVE-2019-20096\", \"CVE-2019-2215\");\n\n script_name(english:\"Debian DLA-2114-1 : linux-4.9 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2018-13093, CVE-2018-13094\n\nWen Xu from SSLab at Gatech reported several NULL pointer dereference\nflaws that may be triggered when mounting and operating a crafted XFS\nvolume. An attacker able to mount arbitrary XFS volumes could use this\nto cause a denial of service (crash).\n\nCVE-2018-20976\n\nIt was discovered that the XFS file-system implementation did not\ncorrectly handle some mount failure conditions, which could lead to a\nuse-after-free. The security impact of this is unclear.\n\nCVE-2018-21008\n\nIt was discovered that the rsi wifi driver did not correctly handle\nsome failure conditions, which could lead to a use-after- free. The\nsecurity impact of this is unclear.\n\nCVE-2019-0136\n\nIt was discovered that the wifi soft-MAC implementation (mac80211) did\nnot properly authenticate Tunneled Direct Link Setup (TDLS) messages.\nA nearby attacker could use this for denial of service (loss of wifi\nconnectivity).\n\nCVE-2019-2215\n\nThe syzkaller tool discovered a use-after-free vulnerability in the\nAndroid binder driver. A local user on a system with this driver\nenabled could use this to cause a denial of service (memory corruption\nor crash) or possibly for privilege escalation. However, this driver\nis not enabled on Debian packaged kernels.\n\nCVE-2019-10220\n\nVarious developers and researchers found that if a crafted file-\nsystem or malicious file server presented a directory with filenames\nincluding a '/' character, this could confuse and possibly defeat\nsecurity checks in applications that read the directory.\n\nThe kernel will now return an error when reading such a\ndirectory, rather than passing the invalid filenames on to\nuser-space.\n\nCVE-2019-14615\n\nIt was discovered that Intel 9th and 10th generation GPUs did not\nclear user-visible state during a context switch, which resulted in\ninformation leaks between GPU tasks. This has been mitigated in the\ni915 driver.\n\nThe affected chips (gen9 and gen10) are listed at\n<https://en.wikipedia.org/wiki/List_of_Intel_graphics_proces\nsing_units#Gen9>.\n\nCVE-2019-14814, CVE-2019-14815, CVE-2019-14816\n\nMultiple bugs were discovered in the mwifiex wifi driver, which could\nlead to heap buffer overflows. A local user permitted to configure a\ndevice handled by this driver could probably use this for privilege\nescalation.\n\nCVE-2019-14895, CVE-2019-14901\n\nADLab of Venustech discovered potential heap buffer overflows in the\nmwifiex wifi driver. On systems using this driver, a malicious\nWireless Access Point or adhoc/P2P peer could use these to cause a\ndenial of service (memory corruption or crash) or possibly for remote\ncode execution.\n\nCVE-2019-14896, CVE-2019-14897\n\nADLab of Venustech discovered potential heap and stack buffer\noverflows in the libertas wifi driver. On systems using this driver, a\nmalicious Wireless Access Point or adhoc/P2P peer could use these to\ncause a denial of service (memory corruption or crash) or possibly for\nremote code execution.\n\nCVE-2019-15098\n\nHui Peng and Mathias Payer reported that the ath6kl wifi driver did\nnot properly validate USB descriptors, which could lead to a NULL pointer derefernce. An attacker able to add USB devices could use this\nto cause a denial of service (BUG/oops).\n\nCVE-2019-15217\n\nThe syzkaller tool discovered that the zr364xx mdia driver did not\ncorrectly handle devices without a product name string, which could\nlead to a NULL pointer dereference. An attacker able to add USB\ndevices could use this to cause a denial of service (BUG/oops).\n\nCVE-2019-15291\n\nThe syzkaller tool discovered that the b2c2-flexcop-usb media driver\ndid not properly validate USB descriptors, which could lead to a NULL pointer dereference. An attacker able to add USB devices could use\nthis to cause a denial of service (BUG/oops).\n\nCVE-2019-15505\n\nThe syzkaller tool discovered that the technisat-usb2 media driver did\nnot properly validate incoming IR packets, which could lead to a heap\nbuffer over-read. An attacker able to add USB devices could use this\nto cause a denial of service (BUG/oops) or to read sensitive\ninformation from kernel memory.\n\nCVE-2019-15917\n\nThe syzkaller tool found a race condition in code supporting\nUART-attached Bluetooth adapters, which could lead to a use-\nafter-free. A local user with access to a pty device or other suitable\ntty device could use this to cause a denial of service (memory\ncorruption or crash) or possibly for privilege escalation.\n\nCVE-2019-16746\n\nIt was discovered that the wifi stack did not validate the content of\nbeacon heads provided by user-space for use on a wifi interface in\nAccess Point mode, which could lead to a heap buffer overflow. A local\nuser permitted to configure a wifi interface could use this to cause a\ndenial of service (memory corruption or crash) or possibly for\nprivilege escalation.\n\nCVE-2019-17052, CVE-2019-17053, CVE-2019-17054, CVE-2019-17055,\nCVE-2019-17056\n\nOri Nimron reported that various network protocol implementations\n\n - AX.25, IEEE 802.15.4, Appletalk, ISDN, and NFC - allowed\n all users to create raw sockets. A local user could use\n this to send arbitrary packets on networks using those\n protocols.\n\nCVE-2019-17075\n\nIt was found that the cxgb4 Infiniband driver requested DMA (Direct\nMemory Access) to a stack-allocated buffer, which is not supported and\non some systems can result in memory corruption of the stack. A local\nuser might be able to use this for denial of service (memory\ncorruption or crash) or possibly for privilege escalation.\n\nCVE-2019-17133\n\nNicholas Waisman reported that the wifi stack did not valdiate\nreceived SSID information before copying it, which could lead to a\nbuffer overflow if it is not validated by the driver or firmware. A\nmalicious Wireless Access Point might be able to use this to cause a\ndenial of service (memory corruption or crash) or for remote code\nexecution.\n\nCVE-2019-17666\n\nNicholas Waisman reported that the rtlwifi wifi drivers did not\nproperly validate received P2P information, leading to a buffer\noverflow. A malicious P2P peer could use this to cause a denial of\nservice (memory corruption or crash) or for remote code execution.\n\nCVE-2019-18282\n\nJonathan Berger, Amit Klein, and Benny Pinkas discovered that the\ngeneration of UDP/IPv6 flow labels used a weak hash function, 'jhash'.\nThis could enable tracking individual computers as they communicate\nwith different remote servers and from different networks. The\n'siphash' function is now used instead.\n\nCVE-2019-18683\n\nMultiple race conditions were discovered in the vivid media driver,\nused for testing Video4Linux2 (V4L2) applications, These race\nconditions could result in a use-after-free. On a system where this\ndriver is loaded, a user with permission to access media devices could\nuse this to cause a denial of service (memory corruption or crash) or\npossibly for privilege escalation.\n\nCVE-2019-18809\n\nNavid Emamdoost discovered a potential memory leak in the af9005 media\ndriver if the device fails to respond to a command. The security\nimpact of this is unclear.\n\nCVE-2019-19037\n\nIt was discovered that the ext4 filesystem driver did not correctly\nhandle directories with holes (unallocated regions) in them. An\nattacker able to mount arbitrary ext4 volumes could use this to cause\na denial of service (crash).\n\nCVE-2019-19051\n\nNavid Emamdoost discovered a potential memory leak in the i2400m wimax\ndriver if the software rfkill operation fails. The security impact of\nthis is unclear.\n\nCVE-2019-19052\n\nNavid Emamdoost discovered a potential memory leak in the gs_usb CAN\ndriver if the open (interface-up) operation fails. The security impact\nof this is unclear.\n\nCVE-2019-19056, CVE-2019-19057\n\nNavid Emamdoost discovered potential memory leaks in the mwifiex wifi\ndriver if the probe operation fails. The security impact of this is\nunclear.\n\nCVE-2019-19062\n\nNavid Emamdoost discovered a potential memory leak in the AF_ALG\nsubsystem if the CRYPTO_MSG_GETALG operation fails. A local user could\npossibly use this to cause a denial of service (memory exhaustion).\n\nCVE-2019-19066\n\nNavid Emamdoost discovered a potential memory leak in the bfa SCSI\ndriver if the get_fc_host_stats operation fails. The security impact\nof this is unclear.\n\nCVE-2019-19068\n\nNavid Emamdoost discovered a potential memory leak in the rtl8xxxu\nwifi driver, in case it fails to submit an interrupt buffer to the\ndevice. The security impact of this is unclear.\n\nCVE-2019-19227\n\nDan Carpenter reported missing error checks in the Appletalk protocol\nimplementation that could lead to a NULL pointer dereference. The\nsecurity impact of this is unclear.\n\nCVE-2019-19332\n\nThe syzkaller tool discovered a missing bounds check in the KVM\nimplementation for x86, which could lead to a heap buffer overflow. A\nlocal user permitted to use KVM could use this to cause a denial of\nservice (memory corruption or crash) or possibly for privilege\nescalation.\n\nCVE-2019-19447\n\nIt was discovered that the ext4 filesystem driver did not safely\nhandle unlinking of an inode that, due to filesystem corruption,\nalready has a link count of 0. An attacker able to mount arbitrary\next4 volumes could use this to cause a denial of service (memory\ncorruption or crash) or possibly for privilege escalation.\n\nCVE-2019-19523\n\nThe syzkaller tool discovered a use-after-free bug in the adutux USB\ndriver. An attacker able to add and remove USB devices could use this\nto cause a denial of service (memory corruption or crash) or possibly\nfor privilege escalation.\n\nCVE-2019-19524\n\nThe syzkaller tool discovered a race condition in the ff-memless\nlibrary used by input drivers. An attacker able to add and remove USB\ndevices could use this to cause a denial of service (memory corruption\nor crash) or possibly for privilege escalation.\n\nCVE-2019-19525\n\nThe syzkaller tool discovered a use-after-free bug in the atusb driver\nfor IEEE 802.15.4 networking. An attacker able to add and remove USB\ndevices could possibly use this to cause a denial of service (memory\ncorruption or crash) or for privilege escalation.\n\nCVE-2019-19527\n\nThe syzkaller tool discovered that the hiddev driver did not correctly\nhandle races between a task opening the device and disconnection of\nthe underlying hardware. A local user permitted to access hiddev\ndevices, and able to add and remove USB devices, could use this to\ncause a denial of service (memory corruption or crash) or possibly for\nprivilege escalation.\n\nCVE-2019-19530\n\nThe syzkaller tool discovered a potential use-after-free in the\ncdc-acm network driver. An attacker able to add USB devices could use\nthis to cause a denial of service (memory corruption or crash) or\npossibly for privilege escalation.\n\nCVE-2019-19531\n\nThe syzkaller tool discovered a use-after-free bug in the yurex USB\ndriver. An attacker able to add and remove USB devices could use this\nto cause a denial of service (memory corruption or crash) or possibly\nfor privilege escalation.\n\nCVE-2019-19532\n\nThe syzkaller tool discovered a potential heap buffer overflow in the\nhid-gaff input driver, which was also found to exist in many other\ninput drivers. An attacker able to add USB devices could use this to\ncause a denial of service (memory corruption or crash) or possibly for\nprivilege escalation.\n\nCVE-2019-19533\n\nThe syzkaller tool discovered that the ttusb-dec media driver was\nmissing initialisation of a structure, which could leak sensitive\ninformation from kernel memory.\n\nCVE-2019-19534, CVE-2019-19535, CVE-2019-19536\n\nThe syzkaller tool discovered that the peak_usb CAN driver was missing\ninitialisation of some structures, which could leak sensitive\ninformation from kernel memory.\n\nCVE-2019-19537\n\nThe syzkaller tool discovered race conditions in the USB stack,\ninvolving character device registration. An attacker able to add USB\ndevices could use this to cause a denial of service (memory corruption\nor crash) or possibly for privilege escalation.\n\nCVE-2019-19767\n\nThe syzkaller tool discovered that crafted ext4 volumes could trigger\na buffer overflow in the ext4 filesystem driver. An attacker able to\nmount such a volume could use this to cause a denial of service\n(memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-19947\n\nIt was discovered that the kvaser_usb CAN driver was missing\ninitialisation of some structures, which could leak sensitive\ninformation from kernel memory.\n\nCVE-2019-19965\n\nGao Chuan reported a race condition in the libsas library used by SCSI\nhost drivers, which could lead to a NULL pointer dereference. An\nattacker able to add and remove SCSI devices could use this to cause a\ndenial of service (BUG/oops).\n\nCVE-2019-20096\n\nThe Hulk Robot tool discovered a potential memory leak in the DCCP\nprotocol implementation. This may be exploitable by local users, or by\nremote attackers if the system uses DCCP, to cause a denial of service\n(out of memory).\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n4.9.210-1~deb8u1. This update additionally fixes Debian bugs #869511\nand 945023; and includes many more bug fixes from stable updates\n4.9.190-4.9.210 inclusive.\n\nWe recommend that you upgrade your linux-4.9 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n # https://en.wikipedia.org/wiki/List_of_Intel_graphics_processing_units#Gen9\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?09b1ea0a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux-4.9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Android Binder Use-After-Free Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-arm\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-686\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-686-pae\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-amd64\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-armel\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-armhf\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-i386\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-amd64\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-armmp\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-armmp-lpae\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-common\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-common-rt\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-marvell\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-rt-686-pae\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-rt-amd64\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686-pae\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686-pae-dbg\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-amd64\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-amd64-dbg\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-armmp\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-armmp-lpae\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-marvell\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-686-pae\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-amd64\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-amd64-dbg\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-4.9\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-4.9.0-0.bpo.7\", reference:\"4.9.210-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T22:58:36", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service, or information\nleak.\n\nCVE-2019-2215\n\nThe syzkaller tool discovered a use-after-free vulnerability in the\nAndroid binder driver. A local user on a system with this driver\nenabled could use this to cause a denial of service (memory corruption\nor crash) or possibly for privilege escalation. However, this driver\nis not enabled on Debian packaged kernels.\n\nCVE-2019-10220\n\nVarious developers and researchers found that if a crafted file-\nsystem or malicious file server presented a directory with filenames\nincluding a ", "modified": "2020-01-21T00:00:00", "id": "DEBIAN_DLA-2068.NASL", "href": "https://www.tenable.com/plugins/nessus/133101", "published": "2020-01-21T00:00:00", "title": "Debian DLA-2068-1 : linux security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2068-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133101);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2019-10220\", \"CVE-2019-14895\", \"CVE-2019-14896\", \"CVE-2019-14897\", \"CVE-2019-14901\", \"CVE-2019-15098\", \"CVE-2019-15217\", \"CVE-2019-15291\", \"CVE-2019-15505\", \"CVE-2019-16746\", \"CVE-2019-17052\", \"CVE-2019-17053\", \"CVE-2019-17054\", \"CVE-2019-17055\", \"CVE-2019-17056\", \"CVE-2019-17133\", \"CVE-2019-17666\", \"CVE-2019-19051\", \"CVE-2019-19052\", \"CVE-2019-19056\", \"CVE-2019-19057\", \"CVE-2019-19062\", \"CVE-2019-19066\", \"CVE-2019-19227\", \"CVE-2019-19332\", \"CVE-2019-19523\", \"CVE-2019-19524\", \"CVE-2019-19527\", \"CVE-2019-19530\", \"CVE-2019-19531\", \"CVE-2019-19532\", \"CVE-2019-19533\", \"CVE-2019-19534\", \"CVE-2019-19536\", \"CVE-2019-19537\", \"CVE-2019-19767\", \"CVE-2019-19922\", \"CVE-2019-19947\", \"CVE-2019-19965\", \"CVE-2019-19966\", \"CVE-2019-2215\");\n\n script_name(english:\"Debian DLA-2068-1 : linux security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service, or information\nleak.\n\nCVE-2019-2215\n\nThe syzkaller tool discovered a use-after-free vulnerability in the\nAndroid binder driver. A local user on a system with this driver\nenabled could use this to cause a denial of service (memory corruption\nor crash) or possibly for privilege escalation. However, this driver\nis not enabled on Debian packaged kernels.\n\nCVE-2019-10220\n\nVarious developers and researchers found that if a crafted file-\nsystem or malicious file server presented a directory with filenames\nincluding a '/' character, this could confuse and possibly defeat\nsecurity checks in applications that read the directory.\n\nThe kernel will now return an error when reading such a\ndirectory, rather than passing the invalid filenames on to\nuser-space.\n\nCVE-2019-14895, CVE-2019-14901\n\nADLab of Venustech discovered potential heap buffer overflows in the\nmwifiex wifi driver. On systems using this driver, a malicious\nWireless Access Point or adhoc/P2P peer could use these to cause a\ndenial of service (memory corruption or crash) or possibly for remote\ncode execution.\n\nCVE-2019-14896, CVE-2019-14897\n\nADLab of Venustech discovered potential heap and stack buffer\noverflows in the libertas wifi driver. On systems using this driver, a\nmalicious Wireless Access Point or adhoc/P2P peer could use these to\ncause a denial of service (memory corruption or crash) or possibly for\nremote code execution.\n\nCVE-2019-15098\n\nHui Peng and Mathias Payer reported that the ath6kl wifi driver did\nnot properly validate USB descriptors, which could lead to a NULL pointer derefernce. An attacker able to add USB devices could use this\nto cause a denial of service (BUG/oops).\n\nCVE-2019-15217\n\nThe syzkaller tool discovered that the zr364xx mdia driver did not\ncorrectly handle devices without a product name string, which could\nlead to a NULL pointer dereference. An attacker able to add USB\ndevices could use this to cause a denial of service (BUG/oops).\n\nCVE-2019-15291\n\nThe syzkaller tool discovered that the b2c2-flexcop-usb media driver\ndid not properly validate USB descriptors, which could lead to a NULL pointer dereference. An attacker able to add USB devices could use\nthis to cause a denial of service (BUG/oops).\n\nCVE-2019-15505\n\nThe syzkaller tool discovered that the technisat-usb2 media driver did\nnot properly validate incoming IR packets, which could lead to a heap\nbuffer over-read. An attacker able to add USB devices could use this\nto cause a denial of service (BUG/oops) or to read sensitive\ninformation from kernel memory.\n\nCVE-2019-16746\n\nIt was discovered that the wifi stack did not validate the content of\nbeacon heads provided by user-space for use on a wifi interface in\nAccess Point mode, which could lead to a heap buffer overflow. A local\nuser permitted to configure a wifi interface could use this to cause a\ndenial of service (memory corruption or crash) or possibly for\nprivilege escalation.\n\nCVE-2019-17052, CVE-2019-17053, CVE-2019-17054, CVE-2019-17055,\nCVE-2019-17056\n\nOri Nimron reported that various network protocol implementations\n\n - AX.25, IEEE 802.15.4, Appletalk, ISDN, and NFC - allowed\n all users to create raw sockets. A local user could use\n this to send arbitrary packets on networks using those\n protocols.\n\nCVE-2019-17133\n\nNicholas Waisman reported that the wifi stack did not valdiate\nreceived SSID information before copying it, which could lead to a\nbuffer overflow if it is not validated by the driver or firmware. A\nmalicious Wireless Access Point might be able to use this to cause a\ndenial of service (memory corruption or crash) or for remote code\nexecution.\n\nCVE-2019-17666\n\nNicholas Waisman reported that the rtlwifi wifi drivers did not\nproperly validate received P2P information, leading to a buffer\noverflow. A malicious P2P peer could use this to cause a denial of\nservice (memory corruption or crash) or for remote code execution.\n\nCVE-2019-19051\n\nNavid Emamdoost discovered a potential memory leak in the i2400m wimax\ndriver if the software rfkill operation fails. The security impact of\nthis is unclear.\n\nCVE-2019-19052\n\nNavid Emamdoost discovered a potential memory leak in the gs_usb CAN\ndriver if the open (interface-up) operation fails. The security impact\nof this is unclear.\n\nCVE-2019-19056, CVE-2019-19057\n\nNavid Emamdoost discovered potential memory leaks in the mwifiex wifi\ndriver if the probe operation fails. The security impact of this is\nunclear.\n\nCVE-2019-19062\n\nNavid Emamdoost discovered a potential memory leak in the AF_ALG\nsubsystem if the CRYPTO_MSG_GETALG operation fails. A local user could\npossibly use this to cause a denial of service (memory exhaustion).\n\nCVE-2019-19066\n\nNavid Emamdoost discovered a potential memory leak in the bfa SCSI\ndriver if the get_fc_host_stats operation fails. The security impact\nof this is unclear.\n\nCVE-2019-19227\n\nDan Carpenter reported missing error checks in the Appletalk protocol\nimplementation that could lead to a NULL pointer dereference. The\nsecurity impact of this is unclear.\n\nCVE-2019-19332\n\nThe syzkaller tool discovered a missing bounds check in the KVM\nimplementation for x86, which could lead to a heap buffer overflow. A\nlocal user permitted to use KVM could use this to cause a denial of\nservice (memory corruption or crash) or possibly for privilege\nescalation.\n\nCVE-2019-19523\n\nThe syzkaller tool discovered a use-after-free bug in the adutux USB\ndriver. An attacker able to add and remove USB devices could use this\nto cause a denial of service (memory corruption or crash) or possibly\nfor privilege escalation.\n\nCVE-2019-19524\n\nThe syzkaller tool discovered a race condition in the ff-memless\nlibrary used by input drivers. An attacker able to add and remove USB\ndevices could use this to cause a denial of service (memory corruption\nor crash) or possibly for privilege escalation.\n\nCVE-2019-19527\n\nThe syzkaller tool discovered that the hiddev driver did not correctly\nhandle races between a task opening the device and disconnection of\nthe underlying hardware. A local user permitted to access hiddev\ndevices, and able to add and remove USB devices, could use this to\ncause a denial of service (memory corruption or crash) or possibly for\nprivilege escalation.\n\nCVE-2019-19530\n\nThe syzkaller tool discovered a potential use-after-free in the\ncdc-acm network driver. An attacker able to add USB devices could use\nthis to cause a denial of service (memory corruption or crash) or\npossibly for privilege escalation.\n\nCVE-2019-19531\n\nThe syzkaller tool discovered a use-after-free bug in the yurex USB\ndriver. An attacker able to add and remove USB devices could use this\nto cause a denial of service (memory corruption or crash) or possibly\nfor privilege escalation.\n\nCVE-2019-19532\n\nThe syzkaller tool discovered a potential heap buffer overflow in the\nhid-gaff input driver, which was also found to exist in many other\ninput drivers. An attacker able to add USB devices could use this to\ncause a denial of service (memory corruption or crash) or possibly for\nprivilege escalation.\n\nCVE-2019-19533\n\nThe syzkaller tool discovered that the ttusb-dec media driver was\nmissing initialisation of a structure, which could leak sensitive\ninformation from kernel memory.\n\nCVE-2019-19534, CVE-2019-19536\n\nThe syzkaller tool discovered that the peak_usb CAN driver was missing\ninitialisation of some structures, which could leak sensitive\ninformation from kernel memory.\n\nCVE-2019-19537\n\nThe syzkaller tool discovered race conditions in the USB stack,\ninvolving character device registration. An attacker able to add USB\ndevices could use this to cause a denial of service (memory corruption\nor crash) or possibly for privilege escalation.\n\nCVE-2019-19767\n\nThe syzkaller tool discovered that crafted ext4 volumes could trigger\na buffer overflow in the ext4 filesystem driver. An attacker able to\nmount such a volume could use this to cause a denial of service\n(memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-19922\n\nIt was discovered that a change in Linux 3.16.61, 'sched/fair: Fix\nbandwidth timer clock drift condition', could lead to tasks being\nthrottled before using their full quota of CPU time. A local user\ncould use this bug to slow down other users' tasks. This change has\nbeen reverted.\n\nCVE-2019-19947\n\nIt was discovered that the kvaser_usb CAN driver was missing\ninitialisation of some structures, which could leak sensitive\ninformation from kernel memory.\n\nCVE-2019-19965\n\nGao Chuan reported a race condition in the libsas library used by SCSI\nhost drivers, which could lead to a NULL pointer dereference. An\nattacker able to add and remove SCSI devices could use this to cause a\ndenial of service (BUG/oops).\n\nCVE-2019-19966\n\nThe syzkaller tool discovered a missing error check in the cpia2 media\ndriver, which could lead to a use-after-free. An attacker able to add\nUSB devices could use this to cause a denial of service (memory\ncorruption or crash) or possibly for privilege escalation.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.16.81-1.\n\nWe recommend that you upgrade your linux packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Android Binder Use-After-Free Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.8-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.8-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-3.16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-586\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-ixp4xx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-kirkwood\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-orion5x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-586\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-ixp4xx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-kirkwood\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-orion5x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-3.16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-3.16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-3.16.0-9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-linux-system-3.16.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-arm\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-x86\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-x86\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-3.16\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-586\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-686-pae\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-amd64\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armel\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armhf\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-i386\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-amd64\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp-lpae\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-common\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-ixp4xx\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-kirkwood\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-orion5x\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-versatile\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-586\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae-dbg\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64-dbg\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp-lpae\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-ixp4xx\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-kirkwood\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-orion5x\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-versatile\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-libc-dev\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-3.16\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-3.16\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-3.16.0-9\", reference:\"3.16.81-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-linux-system-3.16.0-9-amd64\", reference:\"3.16.81-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-01T04:47:18", "bulletinFamily": "scanner", "description": "The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-20095: mwifiex_tm_cmd in\ndrivers/net/wireless/marvell/mwifiex/cfg80211.c had some\nerror-handling cases that did not free allocated hostcmd memory. This\nwill cause a memory leak and denial of service (bnc#1159909).\n\nCVE-2019-20054: Fixed a a NULL pointer dereference in\ndrop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links\n(bnc#1159910).\n\nCVE-2019-20096: Fixed a memory leak in __feat_register_sp() in\nnet/dccp/feat.c, which may cause denial of service (bnc#1159908).\n\nCVE-2019-19966: Fixed a use-after-free in cpia2_exit() in\ndrivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service\n(bnc#1159841).\n\nCVE-2019-19447: Mounting a crafted ext4 filesystem image, performing\nsome operations, and unmounting can lead to a use-after-free in\next4_put_super in fs/ext4/super.c, related to dump_orphan_list in\nfs/ext4/super.c (bnc#1158819).\n\nCVE-2019-19319: A setxattr operation, after a mount of a crafted ext4\nimage, can cause a slab-out-of-bounds write access because of an\next4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large\nold_size value is used in a memset call (bnc#1158021).\n\nCVE-2019-19767: Fixed mishandling of ext4_expand_extra_isize, as\ndemonstrated by use-after-free errors in __ext4_expand_extra_isize and\next4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c\n(bnc#1159297).\n\nCVE-2019-18808: A memory leak in the ccp_run_sha_cmd() function in\ndrivers/crypto/ccp/ccp-ops.c allowed attackers to cause a denial of\nservice (memory consumption) (bnc#1156259).\n\nCVE-2019-16746: An issue was discovered in net/wireless/nl80211.c\nwhere the length of variable elements in a beacon head were not\nchecked, leading to a buffer overflow (bnc#1152107).\n\nCVE-2019-19066: A memory leak in the bfad_im_get_stats() function in\ndrivers/scsi/bfa/bfad_attr.c allowed attackers to cause a denial of\nservice (memory consumption) by triggering bfa_port_get_stats()\nfailures (bnc#1157303).\n\nCVE-2019-19051: There was a memory leak in the\ni2400m_op_rfkill_sw_toggle() function in\ndrivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel allowed\nattackers to cause a denial of service (memory consumption)\n(bnc#1159024).\n\nCVE-2019-19338: There was an incomplete fix for Transaction\nAsynchronous Abort (TAA) (bnc#1158954).\n\nCVE-2019-19332: There was an OOB memory write via\nkvm_dev_ioctl_get_cpuid (bnc#1158827).\n\nCVE-2019-19537: There was a race condition bug that can be caused by a\nmalicious USB device in the USB character device driver layer\n(bnc#1158904).\n\nCVE-2019-19535: There was an info-leak bug that can be caused by a\nmalicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c\ndriver (bnc#1158903).\n\nCVE-2019-19527: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/hid/usbhid/hiddev.c driver\n(bnc#1158900).\n\nCVE-2019-19526: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/nfc/pn533/usb.c driver\n(bnc#1158893).\n\nCVE-2019-19533: There was an info-leak bug that can be caused by a\nmalicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c\ndriver (bnc#1158834).\n\nCVE-2019-19532: There were multiple out-of-bounds write bugs that can\nbe caused by a malicious USB device in the Linux kernel HID drivers\n(bnc#1158824).\n\nCVE-2019-19523: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/misc/adutux.c driver, aka\nCID-44efc269db79 (bnc#1158381 1158823 1158834).\n\nCVE-2019-15213: There was a use-after-free caused by a malicious USB\ndevice in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver\n(bnc#1146544).\n\nCVE-2019-19531: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/misc/yurex.c driver\n(bnc#1158445).\n\nCVE-2019-19543: There was a use-after-free in serial_ir_init_module()\nin drivers/media/rc/serial_ir.c (bnc#1158427).\n\nCVE-2019-19525: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/net/ieee802154/atusb.c driver\n(bnc#1158417).\n\nCVE-2019-19530: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/class/cdc-acm.c driver\n(bnc#1158410).\n\nCVE-2019-19536: There was an info-leak bug that can be caused by a\nmalicious USB device in the\ndrivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394).\n\nCVE-2019-19524: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/input/ff-memless.c driver\n(bnc#1158413).\n\nCVE-2019-19528: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/misc/iowarrior.c driver\n(bnc#1158407).\n\nCVE-2019-19534: There was an info-leak bug that can be caused by a\nmalicious USB device in the\ndrivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398).\n\nCVE-2019-19529: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/net/can/usb/mcba_usb.c driver\n(bnc#1158381).\n\nCVE-2019-14901: A heap overflow flaw was found in the Linux kernel in\nMarvell WiFi chip driver. The vulnerability allowed a remote attacker\nto cause a system crash, resulting in a denial of service, or execute\narbitrary code. The highest threat with this vulnerability is with the\navailability of the system. If code execution occurs, the code will\nrun with the permissions of root. This will affect both\nconfidentiality and integrity of files on the system (bnc#1157042).\n\nCVE-2019-14895: A heap-based buffer overflow was discovered in the\nLinux kernel in Marvell WiFi chip driver. The flaw could occur when\nthe station attempts a connection negotiation during the handling of\nthe remote devices country settings. This could have allowed the\nremote device to cause a denial of service (system crash) or possibly\nexecute arbitrary code (bnc#1157158).\n\nCVE-2019-18660: The Linux kernel on powerpc allowed Information\nExposure because the Spectre-RSB mitigation is not in place for all\napplicable CPUs. This is related to arch/powerpc/kernel/entry_64.S and\narch/powerpc/kernel/security.c (bnc#1157038).\n\nCVE-2019-18683: An issue was discovered in\ndrivers/media/platform/vivid in the Linux kernel. It is exploitable\nfor privilege escalation on some Linux distributions where local users\nhave /dev/video0 access, but only if the driver happens to be loaded.\nThere are multiple race conditions during streaming stopping in this\ndriver (part of the V4L2 subsystem). These issues are caused by wrong\nmutex locking in vivid_stop_generating_vid_cap(),\nvivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the\ncorresponding kthreads. At least one of these race conditions leads to\na use-after-free (bnc#1155897).\n\nCVE-2019-18809: A memory leak in the af9005_identify_state() function\nin drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allowed\nattackers to cause a denial of service (memory consumption)\n(bnc#1156258).\n\nCVE-2019-19046: A memory leak in the __ipmi_bmc_register() function in\ndrivers/char/ipmi/ipmi_msghandler.c in the Linux kernel allowed\nattackers to cause a denial of service (memory consumption) by\ntriggering ida_simple_get() failure (bnc#1157304).\n\nCVE-2019-19078: A memory leak in the ath10k_usb_hif_tx_sg() function\nin drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel allowed\nattackers to cause a denial of service (memory consumption) by\ntriggering usb_submit_urb() failures (bnc#1157032).\n\nCVE-2019-19062: A memory leak in the crypto_report() function in\ncrypto/crypto_user_base.c in the Linux kernel allowed attackers to\ncause a denial of service (memory consumption) by triggering\ncrypto_report_alg() failures (bnc#1157333).\n\nCVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring()\nfunction in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux\nkernel allowed attackers to cause a denial of service (memory\nconsumption) by triggering mwifiex_map_pci_memory() failures\n(bnc#1157197).\n\nCVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf()\nfunction in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux\nkernel allowed attackers to cause a denial of service (memory\nconsumption) by triggering mwifiex_map_pci_memory() failures\n(bnc#1157197).\n\nCVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb()\nfunction in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in\nthe Linux kernel allowed attackers to cause a denial of service\n(memory consumption) by triggering usb_submit_urb() failures\n(bnc#1157307).\n\nCVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in\ndrivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel allowed\nattackers to cause a denial of service (memory consumption)\n(bnc#1157298).\n\nCVE-2019-19227: In the AppleTalk subsystem in the Linux kernel there\nwas a potential NULL pointer dereference because register_snap_client\nmay return NULL. This will lead to denial of service in\nnet/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by\nunregister_snap_client (bnc#1157678).\n\nCVE-2019-19081: A memory leak in the nfp_flower_spawn_vnic_reprs()\nfunction in drivers/net/ethernet/netronome/nfp/flower/main.c in the\nLinux kernel allowed attackers to cause a denial of service (memory\nconsumption) (bnc#1157045).\n\nCVE-2019-19080: Four memory leaks in the nfp_flower_spawn_phy_reprs()\nfunction in drivers/net/ethernet/netronome/nfp/flower/main.c in the\nLinux kernel allowed attackers to cause a denial of service (memory\nconsumption) (bnc#1157044).\n\nCVE-2019-19065: A memory leak in the sdma_init() function in\ndrivers/infiniband/hw/hfi1/sdma.c in the Linux kernel allowed\nattackers to cause a denial of service (memory consumption) by\ntriggering rhashtable_init() failures (bnc#1157191).\n\nCVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in\ndrivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed\nattackers to cause a denial of service (memory consumption) by\ntriggering copy to udata failures (bnc#1157171).\n\nCVE-2019-19052: A memory leak in the gs_can_open() function in\ndrivers/net/can/usb/gs_usb.c in the Linux kernel allowed attackers to\ncause a denial of service (memory consumption) by triggering\nusb_submit_urb() failures (bnc#1157324).\n\nCVE-2019-19067: Four memory leaks in the acp_hw_init() function in\ndrivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel allowed\nattackers to cause a denial of service (memory consumption) by\ntriggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures\n(bsc#1157180).\n\nCVE-2019-19060: A memory leak in the adis_update_scan_mode() function\nin drivers/iio/imu/adis_buffer.c in the Linux kernel allowed attackers\nto cause a denial of service (memory consumption) (bnc#1157178).\n\nCVE-2019-19049: A memory leak in the unittest_data_add() function in\ndrivers/of/unittest.c in the Linux kernel allowed attackers to cause a\ndenial of service (memory consumption) by triggering\nof_fdt_unflatten_tree() failures (bsc#1157173).\n\nCVE-2019-19075: A memory leak in the ca8210_probe() function in\ndrivers/net/ieee802154/ca8210.c in the Linux kernel allowed attackers\nto cause a denial of service (memory consumption) by triggering\nca8210_get_platform_data() failures (bnc#1157162).\n\nCVE-2019-19058: A memory leak in the alloc_sgtable() function in\ndrivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel\nallowed attackers to cause a denial of service (memory consumption) by\ntriggering alloc_page() failures (bnc#1157145).\n\nCVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in\ndrivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel allowed\nattackers to cause a denial of service (memory consumption)\n(bnc#1157143).\n\nCVE-2019-19073: Fixed memory leaks in\ndrivers/net/wireless/ath/ath9k/htc_hst.c allowed attackers to cause a\ndenial of service (memory consumption) by triggering\nwait_for_completion_timeout() failures (bnc#1157070).\n\nCVE-2019-19083: Memory leaks in *clock_source_create() functions under\ndrivers/gpu/drm/amd/display/dc in the Linux kernel allowed attackers\nto cause a denial of service (memory consumption) (bnc#1157049).\n\nCVE-2019-19082: Memory leaks in *create_resource_pool() functions\nunder drivers/gpu/drm/amd/display/dc in the Linux kernel allowed\nattackers to cause a denial of service (memory consumption)\n(bnc#1157046).\n\nCVE-2019-15916: An issue was discovered in the Linux kernel There was\na memory leak in register_queue_kobjects() in net/core/net-sysfs.c,\nwhich will cause denial of service (bnc#1149448).\n\nCVE-2019-0154: Insufficient access control in subsystem for Intel (R)\nprocessor graphics in 6th, 7th, 8th and 9th Generation Intel(R)\nCore(TM) Processor Families; Intel(R) Pentium(R) Processor J, N,\nSilver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and\nG4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R)\nXeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may\nhave allowed an authenticated user to potentially enable denial of\nservice via local access (bnc#1135966).\n\nCVE-2019-0155: Insufficient access control in a subsystem for Intel\n(R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R)\nCore(TM) Processor Families; Intel(R) Pentium(R) Processor J, N,\nSilver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and\nG4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R)\nXeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor\nFamilies; Intel(R) Graphics Driver for Windows (DCH) or 26.20.100.6812\nand before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for\nIntel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84,\n4.14.154, 4.9.201, 4.4.201 may have allowed an authenticated user to\npotentially enable escalation of privilege via local access\n(bnc#1135967).\n\nCVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel\n5.2.14 did not check the alloc_workqueue return value, leading to a\nNULL pointer dereference (bnc#1150466).\n\nCVE-2019-18805: An issue was discovered in net/ipv4/sysctl_net_ipv4.c\nin the Linux kernel There was a net/ipv4/tcp_input.c signed integer\noverflow in tcp_ack_update_rtt() when userspace writes a very large\ninteger to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of\nservice or possibly unspecified other impact (bnc#1156187).\n\nCVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the\nAF_ISDN network module in the Linux kernel did not enforce\nCAP_NET_RAW, which means that unprivileged users can create a raw\nsocket (bnc#1152782).\n\nCVE-2019-16995: In the Linux kernel before 5.0.3, a memory leak exits\nin hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to\nadd a port, which may cause denial of service, aka CID-6caabe7f197d\n(bnc#1152685).\n\nCVE-2019-11135: TSX Asynchronous Abort condition on some CPUs\nutilizing speculative execution may have allowed an authenticated user\nto potentially enable information disclosure via a side channel with\nlocal access (bnc#1139073).\n\nCVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c in the Linux kernel\n5.2.14 did not check the alloc_workqueue return value, leading to a\nNULL pointer dereference (bnc#1150457).\n\nCVE-2018-12207: Improper invalidation for page table updates by a\nvirtual guest operating system for multiple Intel(R) Processors may\nhave allowed an authenticated user to potentially enable denial of\nservice of the host system via local access (bnc#1117665).\n\nCVE-2019-10220: Linux kernel CIFS implementation, version 4.9.0 is\nvulnerable to a relative paths injection in directory entry lists\n(bnc#1144903).\n\nCVE-2019-17666: rtl_p2p_noa_ie in\ndrivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a\ncertain upper-bound check, leading to a buffer overflow (bnc#1154372).\n\nCVE-2019-16232: drivers/net/wireless/marvell/libertas/if_sdio.c did\nnot check the alloc_workqueue return value, leading to a NULL pointer\ndereference (bnc#1150465).\n\nCVE-2019-16234: drivers/net/wireless/intel/iwlwifi/pcie/trans.c did\nnot check the alloc_workqueue return value, leading to a NULL pointer\ndereference (bnc#1150452).\n\nCVE-2019-17133: cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c\ndid not reject a long SSID IE, leading to a Buffer Overflow\n(bnc#1153158).\n\nCVE-2019-17056: llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC\nnetwork module in the Linux kernel did not enforce CAP_NET_RAW, which\nmeans that unprivileged users can create a raw socket, aka\nCID-3a359798b176 (bnc#1152788).\n\nCVE-2019-14821: An out-of-bounds access issue was found in the way\nLinux kernel", "modified": "2020-07-02T00:00:00", "id": "SUSE_SU-2020-0093-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132925", "published": "2020-01-15T00:00:00", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0093-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0093-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132925);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/17\");\n\n script_cve_id(\"CVE-2017-18595\", \"CVE-2018-12207\", \"CVE-2019-0154\", \"CVE-2019-0155\", \"CVE-2019-10220\", \"CVE-2019-11135\", \"CVE-2019-14821\", \"CVE-2019-14835\", \"CVE-2019-14895\", \"CVE-2019-14901\", \"CVE-2019-15030\", \"CVE-2019-15031\", \"CVE-2019-15213\", \"CVE-2019-15916\", \"CVE-2019-16231\", \"CVE-2019-16232\", \"CVE-2019-16233\", \"CVE-2019-16234\", \"CVE-2019-16746\", \"CVE-2019-16995\", \"CVE-2019-17055\", \"CVE-2019-17056\", \"CVE-2019-17133\", \"CVE-2019-17666\", \"CVE-2019-18660\", \"CVE-2019-18683\", \"CVE-2019-18805\", \"CVE-2019-18808\", \"CVE-2019-18809\", \"CVE-2019-19046\", \"CVE-2019-19049\", \"CVE-2019-19051\", \"CVE-2019-19052\", \"CVE-2019-19056\", \"CVE-2019-19057\", \"CVE-2019-19058\", \"CVE-2019-19060\", \"CVE-2019-19062\", \"CVE-2019-19063\", \"CVE-2019-19065\", \"CVE-2019-19066\", \"CVE-2019-19067\", \"CVE-2019-19068\", \"CVE-2019-19073\", \"CVE-2019-19074\", \"CVE-2019-19075\", \"CVE-2019-19077\", \"CVE-2019-19078\", \"CVE-2019-19080\", \"CVE-2019-19081\", \"CVE-2019-19082\", \"CVE-2019-19083\", \"CVE-2019-19227\", \"CVE-2019-19319\", \"CVE-2019-19332\", \"CVE-2019-19338\", \"CVE-2019-19447\", \"CVE-2019-19523\", \"CVE-2019-19524\", \"CVE-2019-19525\", \"CVE-2019-19526\", \"CVE-2019-19527\", \"CVE-2019-19528\", \"CVE-2019-19529\", \"CVE-2019-19530\", \"CVE-2019-19531\", \"CVE-2019-19532\", \"CVE-2019-19533\", \"CVE-2019-19534\", \"CVE-2019-19535\", \"CVE-2019-19536\", \"CVE-2019-19537\", \"CVE-2019-19543\", \"CVE-2019-19767\", \"CVE-2019-19966\", \"CVE-2019-20054\", \"CVE-2019-20095\", \"CVE-2019-20096\", \"CVE-2019-9456\", \"CVE-2019-9506\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0093-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-20095: mwifiex_tm_cmd in\ndrivers/net/wireless/marvell/mwifiex/cfg80211.c had some\nerror-handling cases that did not free allocated hostcmd memory. This\nwill cause a memory leak and denial of service (bnc#1159909).\n\nCVE-2019-20054: Fixed a a NULL pointer dereference in\ndrop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links\n(bnc#1159910).\n\nCVE-2019-20096: Fixed a memory leak in __feat_register_sp() in\nnet/dccp/feat.c, which may cause denial of service (bnc#1159908).\n\nCVE-2019-19966: Fixed a use-after-free in cpia2_exit() in\ndrivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service\n(bnc#1159841).\n\nCVE-2019-19447: Mounting a crafted ext4 filesystem image, performing\nsome operations, and unmounting can lead to a use-after-free in\next4_put_super in fs/ext4/super.c, related to dump_orphan_list in\nfs/ext4/super.c (bnc#1158819).\n\nCVE-2019-19319: A setxattr operation, after a mount of a crafted ext4\nimage, can cause a slab-out-of-bounds write access because of an\next4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large\nold_size value is used in a memset call (bnc#1158021).\n\nCVE-2019-19767: Fixed mishandling of ext4_expand_extra_isize, as\ndemonstrated by use-after-free errors in __ext4_expand_extra_isize and\next4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c\n(bnc#1159297).\n\nCVE-2019-18808: A memory leak in the ccp_run_sha_cmd() function in\ndrivers/crypto/ccp/ccp-ops.c allowed attackers to cause a denial of\nservice (memory consumption) (bnc#1156259).\n\nCVE-2019-16746: An issue was discovered in net/wireless/nl80211.c\nwhere the length of variable elements in a beacon head were not\nchecked, leading to a buffer overflow (bnc#1152107).\n\nCVE-2019-19066: A memory leak in the bfad_im_get_stats() function in\ndrivers/scsi/bfa/bfad_attr.c allowed attackers to cause a denial of\nservice (memory consumption) by triggering bfa_port_get_stats()\nfailures (bnc#1157303).\n\nCVE-2019-19051: There was a memory leak in the\ni2400m_op_rfkill_sw_toggle() function in\ndrivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel allowed\nattackers to cause a denial of service (memory consumption)\n(bnc#1159024).\n\nCVE-2019-19338: There was an incomplete fix for Transaction\nAsynchronous Abort (TAA) (bnc#1158954).\n\nCVE-2019-19332: There was an OOB memory write via\nkvm_dev_ioctl_get_cpuid (bnc#1158827).\n\nCVE-2019-19537: There was a race condition bug that can be caused by a\nmalicious USB device in the USB character device driver layer\n(bnc#1158904).\n\nCVE-2019-19535: There was an info-leak bug that can be caused by a\nmalicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c\ndriver (bnc#1158903).\n\nCVE-2019-19527: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/hid/usbhid/hiddev.c driver\n(bnc#1158900).\n\nCVE-2019-19526: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/nfc/pn533/usb.c driver\n(bnc#1158893).\n\nCVE-2019-19533: There was an info-leak bug that can be caused by a\nmalicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c\ndriver (bnc#1158834).\n\nCVE-2019-19532: There were multiple out-of-bounds write bugs that can\nbe caused by a malicious USB device in the Linux kernel HID drivers\n(bnc#1158824).\n\nCVE-2019-19523: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/misc/adutux.c driver, aka\nCID-44efc269db79 (bnc#1158381 1158823 1158834).\n\nCVE-2019-15213: There was a use-after-free caused by a malicious USB\ndevice in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver\n(bnc#1146544).\n\nCVE-2019-19531: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/misc/yurex.c driver\n(bnc#1158445).\n\nCVE-2019-19543: There was a use-after-free in serial_ir_init_module()\nin drivers/media/rc/serial_ir.c (bnc#1158427).\n\nCVE-2019-19525: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/net/ieee802154/atusb.c driver\n(bnc#1158417).\n\nCVE-2019-19530: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/class/cdc-acm.c driver\n(bnc#1158410).\n\nCVE-2019-19536: There was an info-leak bug that can be caused by a\nmalicious USB device in the\ndrivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394).\n\nCVE-2019-19524: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/input/ff-memless.c driver\n(bnc#1158413).\n\nCVE-2019-19528: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/misc/iowarrior.c driver\n(bnc#1158407).\n\nCVE-2019-19534: There was an info-leak bug that can be caused by a\nmalicious USB device in the\ndrivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398).\n\nCVE-2019-19529: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/net/can/usb/mcba_usb.c driver\n(bnc#1158381).\n\nCVE-2019-14901: A heap overflow flaw was found in the Linux kernel in\nMarvell WiFi chip driver. The vulnerability allowed a remote attacker\nto cause a system crash, resulting in a denial of service, or execute\narbitrary code. The highest threat with this vulnerability is with the\navailability of the system. If code execution occurs, the code will\nrun with the permissions of root. This will affect both\nconfidentiality and integrity of files on the system (bnc#1157042).\n\nCVE-2019-14895: A heap-based buffer overflow was discovered in the\nLinux kernel in Marvell WiFi chip driver. The flaw could occur when\nthe station attempts a connection negotiation during the handling of\nthe remote devices country settings. This could have allowed the\nremote device to cause a denial of service (system crash) or possibly\nexecute arbitrary code (bnc#1157158).\n\nCVE-2019-18660: The Linux kernel on powerpc allowed Information\nExposure because the Spectre-RSB mitigation is not in place for all\napplicable CPUs. This is related to arch/powerpc/kernel/entry_64.S and\narch/powerpc/kernel/security.c (bnc#1157038).\n\nCVE-2019-18683: An issue was discovered in\ndrivers/media/platform/vivid in the Linux kernel. It is exploitable\nfor privilege escalation on some Linux distributions where local users\nhave /dev/video0 access, but only if the driver happens to be loaded.\nThere are multiple race conditions during streaming stopping in this\ndriver (part of the V4L2 subsystem). These issues are caused by wrong\nmutex locking in vivid_stop_generating_vid_cap(),\nvivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the\ncorresponding kthreads. At least one of these race conditions leads to\na use-after-free (bnc#1155897).\n\nCVE-2019-18809: A memory leak in the af9005_identify_state() function\nin drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allowed\nattackers to cause a denial of service (memory consumption)\n(bnc#1156258).\n\nCVE-2019-19046: A memory leak in the __ipmi_bmc_register() function in\ndrivers/char/ipmi/ipmi_msghandler.c in the Linux kernel allowed\nattackers to cause a denial of service (memory consumption) by\ntriggering ida_simple_get() failure (bnc#1157304).\n\nCVE-2019-19078: A memory leak in the ath10k_usb_hif_tx_sg() function\nin drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel allowed\nattackers to cause a denial of service (memory consumption) by\ntriggering usb_submit_urb() failures (bnc#1157032).\n\nCVE-2019-19062: A memory leak in the crypto_report() function in\ncrypto/crypto_user_base.c in the Linux kernel allowed attackers to\ncause a denial of service (memory consumption) by triggering\ncrypto_report_alg() failures (bnc#1157333).\n\nCVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring()\nfunction in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux\nkernel allowed attackers to cause a denial of service (memory\nconsumption) by triggering mwifiex_map_pci_memory() failures\n(bnc#1157197).\n\nCVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf()\nfunction in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux\nkernel allowed attackers to cause a denial of service (memory\nconsumption) by triggering mwifiex_map_pci_memory() failures\n(bnc#1157197).\n\nCVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb()\nfunction in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in\nthe Linux kernel allowed attackers to cause a denial of service\n(memory consumption) by triggering usb_submit_urb() failures\n(bnc#1157307).\n\nCVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in\ndrivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel allowed\nattackers to cause a denial of service (memory consumption)\n(bnc#1157298).\n\nCVE-2019-19227: In the AppleTalk subsystem in the Linux kernel there\nwas a potential NULL pointer dereference because register_snap_client\nmay return NULL. This will lead to denial of service in\nnet/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by\nunregister_snap_client (bnc#1157678).\n\nCVE-2019-19081: A memory leak in the nfp_flower_spawn_vnic_reprs()\nfunction in drivers/net/ethernet/netronome/nfp/flower/main.c in the\nLinux kernel allowed attackers to cause a denial of service (memory\nconsumption) (bnc#1157045).\n\nCVE-2019-19080: Four memory leaks in the nfp_flower_spawn_phy_reprs()\nfunction in drivers/net/ethernet/netronome/nfp/flower/main.c in the\nLinux kernel allowed attackers to cause a denial of service (memory\nconsumption) (bnc#1157044).\n\nCVE-2019-19065: A memory leak in the sdma_init() function in\ndrivers/infiniband/hw/hfi1/sdma.c in the Linux kernel allowed\nattackers to cause a denial of service (memory consumption) by\ntriggering rhashtable_init() failures (bnc#1157191).\n\nCVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in\ndrivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed\nattackers to cause a denial of service (memory consumption) by\ntriggering copy to udata failures (bnc#1157171).\n\nCVE-2019-19052: A memory leak in the gs_can_open() function in\ndrivers/net/can/usb/gs_usb.c in the Linux kernel allowed attackers to\ncause a denial of service (memory consumption) by triggering\nusb_submit_urb() failures (bnc#1157324).\n\nCVE-2019-19067: Four memory leaks in the acp_hw_init() function in\ndrivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel allowed\nattackers to cause a denial of service (memory consumption) by\ntriggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures\n(bsc#1157180).\n\nCVE-2019-19060: A memory leak in the adis_update_scan_mode() function\nin drivers/iio/imu/adis_buffer.c in the Linux kernel allowed attackers\nto cause a denial of service (memory consumption) (bnc#1157178).\n\nCVE-2019-19049: A memory leak in the unittest_data_add() function in\ndrivers/of/unittest.c in the Linux kernel allowed attackers to cause a\ndenial of service (memory consumption) by triggering\nof_fdt_unflatten_tree() failures (bsc#1157173).\n\nCVE-2019-19075: A memory leak in the ca8210_probe() function in\ndrivers/net/ieee802154/ca8210.c in the Linux kernel allowed attackers\nto cause a denial of service (memory consumption) by triggering\nca8210_get_platform_data() failures (bnc#1157162).\n\nCVE-2019-19058: A memory leak in the alloc_sgtable() function in\ndrivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel\nallowed attackers to cause a denial of service (memory consumption) by\ntriggering alloc_page() failures (bnc#1157145).\n\nCVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in\ndrivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel allowed\nattackers to cause a denial of service (memory consumption)\n(bnc#1157143).\n\nCVE-2019-19073: Fixed memory leaks in\ndrivers/net/wireless/ath/ath9k/htc_hst.c allowed attackers to cause a\ndenial of service (memory consumption) by triggering\nwait_for_completion_timeout() failures (bnc#1157070).\n\nCVE-2019-19083: Memory leaks in *clock_source_create() functions under\ndrivers/gpu/drm/amd/display/dc in the Linux kernel allowed attackers\nto cause a denial of service (memory consumption) (bnc#1157049).\n\nCVE-2019-19082: Memory leaks in *create_resource_pool() functions\nunder drivers/gpu/drm/amd/display/dc in the Linux kernel allowed\nattackers to cause a denial of service (memory consumption)\n(bnc#1157046).\n\nCVE-2019-15916: An issue was discovered in the Linux kernel There was\na memory leak in register_queue_kobjects() in net/core/net-sysfs.c,\nwhich will cause denial of service (bnc#1149448).\n\nCVE-2019-0154: Insufficient access control in subsystem for Intel (R)\nprocessor graphics in 6th, 7th, 8th and 9th Generation Intel(R)\nCore(TM) Processor Families; Intel(R) Pentium(R) Processor J, N,\nSilver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and\nG4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R)\nXeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may\nhave allowed an authenticated user to potentially enable denial of\nservice via local access (bnc#1135966).\n\nCVE-2019-0155: Insufficient access control in a subsystem for Intel\n(R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R)\nCore(TM) Processor Families; Intel(R) Pentium(R) Processor J, N,\nSilver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and\nG4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R)\nXeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor\nFamilies; Intel(R) Graphics Driver for Windows (DCH) or 26.20.100.6812\nand before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for\nIntel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84,\n4.14.154, 4.9.201, 4.4.201 may have allowed an authenticated user to\npotentially enable escalation of privilege via local access\n(bnc#1135967).\n\nCVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel\n5.2.14 did not check the alloc_workqueue return value, leading to a\nNULL pointer dereference (bnc#1150466).\n\nCVE-2019-18805: An issue was discovered in net/ipv4/sysctl_net_ipv4.c\nin the Linux kernel There was a net/ipv4/tcp_input.c signed integer\noverflow in tcp_ack_update_rtt() when userspace writes a very large\ninteger to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of\nservice or possibly unspecified other impact (bnc#1156187).\n\nCVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the\nAF_ISDN network module in the Linux kernel did not enforce\nCAP_NET_RAW, which means that unprivileged users can create a raw\nsocket (bnc#1152782).\n\nCVE-2019-16995: In the Linux kernel before 5.0.3, a memory leak exits\nin hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to\nadd a port, which may cause denial of service, aka CID-6caabe7f197d\n(bnc#1152685).\n\nCVE-2019-11135: TSX Asynchronous Abort condition on some CPUs\nutilizing speculative execution may have allowed an authenticated user\nto potentially enable information disclosure via a side channel with\nlocal access (bnc#1139073).\n\nCVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c in the Linux kernel\n5.2.14 did not check the alloc_workqueue return value, leading to a\nNULL pointer dereference (bnc#1150457).\n\nCVE-2018-12207: Improper invalidation for page table updates by a\nvirtual guest operating system for multiple Intel(R) Processors may\nhave allowed an authenticated user to potentially enable denial of\nservice of the host system via local access (bnc#1117665).\n\nCVE-2019-10220: Linux kernel CIFS implementation, version 4.9.0 is\nvulnerable to a relative paths injection in directory entry lists\n(bnc#1144903).\n\nCVE-2019-17666: rtl_p2p_noa_ie in\ndrivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a\ncertain upper-bound check, leading to a buffer overflow (bnc#1154372).\n\nCVE-2019-16232: drivers/net/wireless/marvell/libertas/if_sdio.c did\nnot check the alloc_workqueue return value, leading to a NULL pointer\ndereference (bnc#1150465).\n\nCVE-2019-16234: drivers/net/wireless/intel/iwlwifi/pcie/trans.c did\nnot check the alloc_workqueue return value, leading to a NULL pointer\ndereference (bnc#1150452).\n\nCVE-2019-17133: cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c\ndid not reject a long SSID IE, leading to a Buffer Overflow\n(bnc#1153158).\n\nCVE-2019-17056: llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC\nnetwork module in the Linux kernel did not enforce CAP_NET_RAW, which\nmeans that unprivileged users can create a raw socket, aka\nCID-3a359798b176 (bnc#1152788).\n\nCVE-2019-14821: An out-of-bounds access issue was found in the way\nLinux kernel's KVM hypervisor implements the Coalesced MMIO write\noperation (bnc#1151350).\n\nCVE-2017-18595: An issue was discovered in the Linux kernel A double\nfree may be caused by the function allocate_trace_buffer in the file\nkernel/trace/trace.c (bnc#1149555).\n\nCVE-2019-9506: The Bluetooth BR/EDR specification up to and including\nversion 5.1 permits sufficiently low encryption key length and did not\nprevent an attacker from influencing the key length negotiation. This\nallowed practical brute-force attacks (aka 'KNOB') that can decrypt\ntraffic and inject arbitrary ciphertext without the victim noticing\n(bnc#1146042).\n\nCVE-2019-14835: A buffer overflow flaw was found in the way Linux\nkernel's vhost functionality that translates virtqueue buffers to\nIOVs, logged the buffer descriptors during migration (bnc#1150112).\n\nCVE-2019-9456: Ther is an issue inside the USB monitor driver that can\nlead to a possible OOB write due to a missing bounds check\n(bnc#1150025).\n\nCVE-2019-15031: In the Linux kernel on the powerpc platform, a local\nuser can read vector registers of other users' processes via an\ninterrupt (bnc#1149713).\n\nCVE-2019-15030: In the Linux kernel on the powerpc platform, a local\nuser can read vector registers of other users' processes via a\nFacility Unavailable exception (bnc#1149713).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073513\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078248\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086323\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090631\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1093205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097586\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098291\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103989\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103991\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127611\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134983\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136261\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137865\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144449\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1148133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1148410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1148712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1148859\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1148868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149963\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150860\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151225\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152161\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152505\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152525\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152631\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152697\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152782\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154124\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154268\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154355\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154601\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154608\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154611\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154848\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155836\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155897\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155921\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156494\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157046\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157049\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157173\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157298\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157678\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158049\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158394\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158638\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158643\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158954\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=972655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18595/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12207/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-0154/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-0155/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-10220/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11135/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14821/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14835/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14895/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14901/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-15030/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-15031/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-15213/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-15916/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16231/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16232/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16233/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16234/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16746/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16995/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-17055/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-17056/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-17133/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-17666/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18660/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18683/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18805/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18808/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18809/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19046/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19049/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19051/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19052/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19056/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19057/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19058/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19060/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19062/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19063/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19065/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19066/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19067/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19068/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19073/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19074/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19075/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19077/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19078/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19080/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19081/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19082/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19083/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19227/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19319/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19332/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19338/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19447/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19523/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19524/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19525/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19526/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19527/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19528/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19529/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19530/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19531/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19532/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19533/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19534/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19535/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19536/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19537/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19767/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19966/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-20054/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-20095/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-20096/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9456/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9506/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200093-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?de30302d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-93=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-4.12.14-16.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.12.14-16.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.12.14-16.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.12.14-16.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.12.14-16.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.12.14-16.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.12.14-16.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-03T01:38:20", "bulletinFamily": "scanner", "description": "According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):** DISPUTED ** A memory\n leak in the __ipmi_bmc_register() function in\n drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption) by triggering\n ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE:\n third parties dispute the relevance of this because an\n attacker cannot realistically control this failure at\n probe time.(CVE-2019-19046)A memory leak in the\n bfad_im_get_stats() function in\n drivers/scsi/bfa/bfad_attr.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption) by triggering\n bfa_port_get_stats() failures, aka\n CID-0e62395da2bd.(CVE-2019-19066)A memory leak in the\n adis_update_scan_mode_burst() function in\n drivers/iio/imu/adis_buffer.c in the Linux kernel\n before 5.3.9 allows attackers to cause a denial of\n service (memory consumption), aka\n CID-9c0530e898f3.(CVE-2019-19061)In the Linux kernel\n before 5.3.12, there is a use-after-free bug that can\n be caused by a malicious USB device in the\n drivers/input/ff-memless.c driver, aka\n CID-fa3a5a1880c9.(CVE-2019-19524)The Linux kernel\n through 5.0.7, when CONFIG_IA32_AOUT is enabled and\n ia32_aout is loaded, allows local users to bypass ASLR\n on setuid a.out programs (if any exist) because\n install_exec_creds() is called too late in\n load_aout_binary() in fs/binfmt_aout.c, and thus the\n ptrace_may_access() check has a race condition when\n reading /proc/pid/stat. NOTE: the software maintainer\n disputes that this is a vulnerability because ASLR for\n a.out format executables has never been\n supported.(CVE-2019-11191)In the Linux kernel before\n 5.2.10, there is a use-after-free bug that can be\n caused by a malicious USB device in the\n drivers/hid/usbhid/hiddev.c driver, aka\n CID-9c09b214f30e.(CVE-2019-19527)In the Linux kernel\n before 5.3.9, there are multiple out-of-bounds write\n bugs that can be caused by a malicious USB device in\n the Linux kernel HID drivers, aka CID-d9d4b1e46d95.\n This affects drivers/hid/hid-axff.c,\n drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c,\n drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c,\n drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c,\n drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c,\n drivers/hid/hid-logitech-hidpp.c,\n drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c,\n drivers/hid/hid-tmff.c, and\n drivers/hid/hid-zpff.c.(CVE-2019-19532)The\n acpi_ps_complete_final_op() function in\n drivers/acpi/acpica/psobject.c in the Linux kernel\n through 4.12.9 does not flush the node and node_ext\n caches and causes a kernel stack dump, which allows\n local users to obtain sensitive information from kernel\n memory and bypass the KASLR protection mechanism (in\n the kernel through 4.9) via a crafted ACPI\n table.(CVE-2017-13694)The acpi_ds_create_operands()\n function in drivers/acpi/acpica/dsutils.c in the Linux\n kernel through 4.12.9 does not flush the operand cache\n and causes a kernel stack dump, which allows local\n users to obtain sensitive information from kernel\n memory and bypass the KASLR protection mechanism (in\n the kernel through 4.9) via a crafted ACPI\n table.(CVE-2017-13693)The Linux kernel before 5.4.1 on\n powerpc allows Information Exposure because the\n Spectre-RSB mitigation is not in place for all\n applicable CPUs, aka CID-39e72bf96f58. This is related\n to arch/powerpc/kernel/entry_64.S and\n arch/powerpc/kernel/security.c.(CVE-2019-18660)In the\n Linux kernel through 5.3.8, f->fmt.sdr.reserved is\n uninitialized in rcar_drif_g_fmt_sdr_cap in\n drivers/media/platform/rcar_drif.c, which could cause a\n memory disclosure problem.(CVE-2019-18786)An issue was\n discovered in drivers/media/platform/vivid in the Linux\n kernel through 5.3.8. It is exploitable for privilege\n escalation on some Linux distributions where local\n users have /dev/video0 access, but only if the driver\n happens to be loaded. There are multiple race\n conditions during streaming stopping in this driver\n (part of the V4L2 subsystem). These issues are caused\n by wrong mutex locking in\n vivid_stop_generating_vid_cap(),\n vivid_stop_generating_vid_out(),\n sdr_cap_stop_streaming(), and the corresponding\n kthreads. At least one of these race conditions leads\n to a use-after-free.(CVE-2019-18683)A memory leak in\n the cx23888_ir_probe() function in\n drivers/media/pci/cx23885/cx23888-ir.c in the Linux\n kernel through 5.3.11 allows attackers to cause a\n denial of service (memory consumption) by triggering\n kfifo_alloc() failures, aka\n CID-a7b2df76b42b.(CVE-2019-19054)A memory leak in the\n mlx5_fpga_conn_create_cq() function in drivers\n et/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux\n kernel before 5.3.11 allows attackers to cause a denial\n of service (memory consumption) by triggering\n mlx5_vector2eqn() failures, aka\n CID-c8c2a057fdc7.(CVE-2019-19045)A memory leak in the\n i2400m_op_rfkill_sw_toggle() function in drivers\n et/wimax/i2400m/op-rfkill.c in the Linux kernel before\n 5.3.11 allows attackers to cause a denial of service\n (memory consumption), aka\n CID-6f3ef5c25cc7.(CVE-2019-19051)A memory leak in the\n alloc_sgtable() function in drivers\n et/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption) by triggering alloc_page()\n failures, aka CID-b4b814fec1a5.(CVE-2019-19058)Multiple\n memory leaks in the iwl_pcie_ctxt_info_gen3_init()\n function in drivers\n et/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the\n Linux kernel through 5.3.11 allow attackers to cause a\n denial of service (memory consumption) by triggering\n iwl_pcie_init_fw_sec() or dma_alloc_coherent()\n failures, aka CID-0f4f199443fa.(CVE-2019-19059)A memory\n leak in the unittest_data_add() function in\n drivers/of/unittest.c in the Linux kernel before 5.3.10\n allows attackers to cause a denial of service (memory\n consumption) by triggering of_fdt_unflatten_tree()\n failures, aka CID-e13de8fe0d6a. NOTE: third parties\n dispute the relevance of this because unittest.c can\n only be reached during boot.(CVE-2019-19049)A memory\n leak in the spi_gpio_probe() function in\n drivers/spi/spi-gpio.c in the Linux kernel through\n 5.3.11 allows attackers to cause a denial of service\n (memory consumption) by triggering\n devm_add_action_or_reset() failures, aka\n CID-d3b0ffa1d75d. NOTE: third parties dispute the\n relevance of this because the system must have already\n been out of memory before the probe\n began.(CVE-2019-19070)A memory leak in the sdma_init()\n function in drivers/infiniband/hw/hfi1/sdma.c in the\n Linux kernel before 5.3.9 allows attackers to cause a\n denial of service (memory consumption) by triggering\n rhashtable_init() failures, aka\n CID-34b3be18a04e.(CVE-2019-19065)** DISPUTED ** Four\n memory leaks in the acp_hw_init() function in\n drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux\n kernel before 5.3.8 allow attackers to cause a denial\n of service (memory consumption) by triggering\n mfd_add_hotplug_devices() or pm_genpd_add_device()\n failures, aka CID-57be09c6e874. NOTE: third parties\n dispute the relevance of this because the attacker must\n already have privileges for module\n loading.(CVE-2019-19067)A memory leak in the\n rtl8xxxu_submit_int_urb() function in drivers\n et/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the\n Linux kernel through 5.3.11 allows attackers to cause a\n denial of service (memory consumption) by triggering\n usb_submit_urb() failures, aka\n CID-a2cdd07488e6.(CVE-2019-19068)A memory leak in the\n rsi_send_beacon() function in drivers\n et/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption) by triggering\n rsi_prepare_beacon() failures, aka\n CID-d563131ef23c.(CVE-2019-19071)A memory leak in the\n ca8210_probe() function in drivers\n et/ieee802154/ca8210.c in the Linux kernel before 5.3.8\n allows attackers to cause a denial of service (memory\n consumption) by triggering ca8210_get_platform_data()\n failures, aka CID-6402939ec86e.(CVE-2019-19075)A memory\n leak in the bnxt_re_create_srq() function in\n drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux\n kernel through 5.3.11 allows attackers to cause a\n denial of service (memory consumption) by triggering\n copy to udata failures, aka\n CID-4a9d46a9fe14.(CVE-2019-19077)A memory leak in the\n ath10k_usb_hif_tx_sg() function in drivers\n et/wireless/ath/ath10k/usb.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption) by triggering\n usb_submit_urb() failures, aka\n CID-b8d17e7d93d2.(CVE-2019-19078)A memory leak in the\n qrtr_tun_write_iter() function in net/qrtr/tun.c in the\n Linux kernel before 5.3 allows attackers to cause a\n denial of service (memory consumption), aka\n CID-a21b7f0cff19.(CVE-2019-19079)Four memory leaks in\n the nfp_flower_spawn_phy_reprs() function in drivers\n et/ethernet etronome fp/flower/main.c in the Linux\n kernel before 5.3.4 allow attackers to cause a denial\n of service (memory consumption), aka\n CID-8572cea1461a.(CVE-2019-19080)A memory leak in the\n nfp_flower_spawn_vnic_reprs() function in drivers\n et/ethernet etronome fp/flower/main.c in the Linux\n kernel before 5.3.4 allows attackers to cause a denial\n of service (memory consumption), aka\n CID-8ce39eb5a67a.(CVE-2019-19081)Memory leaks in\n *create_resource_pool() functions under\n drivers/gpu/drm/amd/display/dc in the Linux kernel\n through 5.3.11 allow attackers to cause a denial of\n service (memory consumption). This affects the\n dce120_create_resource_pool() function in\n drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c\n , the dce110_create_resource_pool() function in\n drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c\n , the dce100_create_resource_pool() function in\n drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c\n , the dcn10_create_resource_pool() function in\n drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c,\n and the dce112_create_resource_pool() function in\n drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c\n , aka CID-104c307147ad.(CVE-2019-19082)Memory leaks in\n *clock_source_create() functions under\n drivers/gpu/drm/amd/display/dc in the Linux kernel\n before 5.3.8 allow attackers to cause a denial of\n service (memory consumption). This affects the\n dce112_clock_source_create() function in\n drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c\n , the dce100_clock_source_create() function in\n drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c\n , the dcn10_clock_source_create() function in\n drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c,\n the dcn20_clock_source_create() function in\n drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c,\n the dce120_clock_source_create() function in\n drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c\n , the dce110_clock_source_create() function in\n drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c\n , and the dce80_clock_source_create() function in\n drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c,\n aka CID-055e547478a1.(CVE-2019-19083)In the Linux\n kernel before 5.2.9, there is an info-leak bug that can\n be caused by a malicious USB device in the drivers\n et/can/usb/peak_usb/pcan_usb_fd.c driver, aka\n CID-30a8beeb3042.(CVE-2019-19535)fs/btrfs/volumes.c in\n the Linux kernel before 5.1 allows a\n btrfs_verify_dev_extents NULL pointer dereference via a\n crafted btrfs image because fs_devices->devices is\n mishandled within find_device, aka\n CID-09ba3bc9dd15.(CVE-2019-18885)In the Linux kernel\n before 5.2.9, there is an info-leak bug that can be\n caused by a malicious USB device in the drivers\n et/can/usb/peak_usb/pcan_usb_pro.c driver, aka\n CID-ead16e53c2f0.(CVE-2019-19536)In the Linux kernel\n before 5.3.6, there is a use-after-free bug that can be\n caused by a malicious USB device in the drivers\n et/ieee802154/atusb.c driver, aka\n CID-7fd25e6fc035.(CVE-2019-19525)In the Linux kernel\n before 5.3.9, there is a use-after-free bug that can be\n caused by a malicious USB device in the drivers\n fc/pn533/usb.c driver, aka\n CID-6af3aa57a098.(CVE-2019-19526)In the Linux kernel\n before 5.3.11, there is a use-after-free bug that can\n be caused by a malicious USB device in the drivers\n et/can/usb/mcba_usb.c driver, aka\n CID-4d6636498c41.(CVE-2019-19529)A memory leak in the\n adis_update_scan_mode() function in\n drivers/iio/imu/adis_buffer.c in the Linux kernel\n before 5.3.9 allows attackers to cause a denial of\n service (memory consumption), aka\n CID-ab612b1daf41.(CVE-2019-19060)In the Linux kernel\n before 5.3.11, there is an info-leak bug that can be\n caused by a malicious USB device in the drivers\n et/can/usb/peak_usb/pcan_usb_core.c driver, aka\n CID-f7a1337f0d29.(CVE-2019-19534)A memory leak in the\n ccp_run_sha_cmd() function in\n drivers/crypto/ccp/ccp-ops.c in the Linux kernel\n through 5.3.9 allows attackers to cause a denial of\n service (memory consumption), aka\n CID-128c66429247.(CVE-2019-18808)drivers\n et/wireless/marvell/libertas/if_sdio.c in the Linux\n kernel 5.2.14 does not check the alloc_workqueue return\n value, leading to a NULL pointer\n dereference.(CVE-2019-16232)drivers et/fjes/fjes_main.c\n in the Linux kernel 5.2.14 does not check the\n alloc_workqueue return value, leading to a NULL pointer\n dereference.(CVE-2019-16231)** DISPUTED **\n drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux\n kernel 5.2.14 does not check the alloc_workqueue return\n value, leading to a NULL pointer dereference. NOTE: The\n security community disputes this issues as not being\n serious enough to be deserving a CVE\n id.(CVE-2019-16229)Linux kernel CIFS implementation,\n version 4.9.0 is vulnerable to a relative paths\n injection in directory entry\n lists.(CVE-2019-10220)Memory leaks in drivers\n et/wireless/ath/ath9k/htc_hst.c in the Linux kernel\n through 5.3.11 allow attackers to cause a denial of\n service (memory consumption) by triggering\n wait_for_completion_timeout() failures. This affects\n the htc_config_pipe_credits() function, the\n htc_setup_complete() function, and the\n htc_connect_service() function, aka\n CID-853acf7caf10.(CVE-2019-19073)Two memory leaks in\n the mwifiex_pcie_init_evt_ring() function in drivers\n et/wireless/marvell/mwifiex/pcie.c in the Linux kernel\n through 5.3.11 allow attackers to cause a denial of\n service (memory consumption) by triggering\n mwifiex_map_pci_memory() failures, aka\n CID-d10dcb615c8e.(CVE-2019-19057)A memory leak in the\n gs_can_open() function in drivers et/can/usb/gs_usb.c\n in the Linux kernel before 5.3.11 allows attackers to\n cause a denial of service (memory consumption) by\n triggering usb_submit_urb() failures, aka\n CID-fb5be6a7b486.(CVE-2019-19052)A memory leak in the\n mwifiex_pcie_alloc_cmdrsp_buf() function in drivers\n et/wireless/marvell/mwifiex/pcie.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption) by triggering\n mwifiex_map_pci_memory() failures, aka\n CID-db8fd2cde932.(CVE-2019-19056)A memory leak in the\n ath9k_wmi_cmd() function in drivers\n et/wireless/ath/ath9k/wmi.c in the Linux kernel through\n 5.3.11 allows attackers to cause a denial of service\n (memory consumption), aka\n CID-728c1e2a05e4.(CVE-2019-19074)Two memory leaks in\n the rtl_usb_probe() function in drivers\n et/wireless/realtek/rtlwifi/usb.c in the Linux kernel\n through 5.3.11 allow attackers to cause a denial of\n service (memory consumption), aka\n CID-3f9361695113.(CVE-2019-19063)An issue was\n discovered in the Linux kernel through 5.3.9. There is\n a use-after-free when aa_label_parse() fails in\n aa_audit_rule_init() in\n security/apparmor/audit.c.(CVE-2019-18814)A memory leak\n in the predicate_parse() function in\n kernel/trace/trace_events_filter.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption), aka\n CID-96c5c6e6a5b6.(CVE-2019-19072)In the Linux kernel\n before 5.3.7, there is a use-after-free bug that can be\n caused by a malicious USB device in the\n drivers/usb/misc/adutux.c driver, aka\n CID-44efc269db79.(CVE-2019-19523)In the Linux kernel\n before 5.3.7, there is a use-after-free bug that can be\n caused by a malicious USB device in the\n drivers/usb/misc/iowarrior.c driver, aka\n CID-edc4746f253d.(CVE-2019-19528)In the Linux kernel\n before 5.2.10, there is a use-after-free bug that can\n be caused by a malicious USB device in the\n drivers/usb/class/cdc-acm.c driver, aka\n CID-c52873e5a1ef.(CVE-2019-19530)In the Linux kernel\n before 5.3.4, there is an info-leak bug that can be\n caused by a malicious USB device in the\n drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka\n CID-a10feaf8c464.(CVE-2019-19533)In the Linux kernel\n before 5.2.10, there is a race condition bug that can\n be caused by a malicious USB device in the USB\n character device driver layer, aka CID-303911cfc5b9.\n This affects drivers/usb/core/file.c.(CVE-2019-19537)In\n the Linux kernel before 5.2.9, there is a\n use-after-free bug that can be caused by a malicious\n USB device in the drivers/usb/misc/yurex.c driver, aka\n CID-fc05481b2fca.(CVE-2019-19531)The Linux kernel\n through 5.3.13 has a start_offset+size Integer Overflow\n in cpia2_remap_buffer in\n drivers/media/usb/cpia2/cpia2_core.c because cpia2 has\n its own mmap implementation. This allows local users\n (with /dev/video0 access) to obtain read and write\n permissions on kernel physical pages, which can\n possibly result in a privilege\n escalation.(CVE-2019-18675)In the AppleTalk subsystem\n in the Linux kernel before 5.1, there is a potential\n NULL pointer dereference because register_snap_client\n may return NULL. This will lead to denial of service in\n net/appletalk/aarp.c and net/appletalk/ddp.c, as\n demonstrated by unregister_snap_client, aka\n CID-9804501fa122.(CVE-2019-19227)vcs_write in\n drivers/tty/vt/vc_screen.c in the Linux kernel through\n 5.3.13 does not prevent write access to vcsu devices,\n aka CID-0c9acb1af77a.(CVE-2019-19252)The Linux kernel\n before 5.4.2 mishandles ext4_expand_extra_isize, as\n demonstrated by use-after-free errors in\n __ext4_expand_extra_isize and ext4_xattr_set_entry,\n related to fs/ext4/inode.c and fs/ext4/super.c, aka\n CID-4ea99936a163.(CVE-2019-19767)A heap overflow flaw\n was found in the Linux kernel, all versions 3.x.x and\n 4.x.x before 4.18.0, in Marvell WiFi chip driver. The\n vulnerability allows a remote attacker to cause a\n system crash, resulting in a denial of service, or\n execute arbitrary code. The highest threat with this\n vulnerability is with the availability of the system.\n If code execution occurs, the code will run with the\n permissions of root. This will affect both\n confidentiality and integrity of files on the\n system.(CVE-2019-14901)An issue was discovered in the\n Linux kernel through 5.2.9. There is a NULL pointer\n dereference caused by a malicious USB device in the\n flexcop_usb_probe function in the\n drivers/media/usb/b2c2/flexcop-usb.c\n driver.(CVE-2019-15291)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-01-02T00:00:00", "id": "EULEROS_SA-2020-1012.NASL", "href": "https://www.tenable.com/plugins/nessus/132605", "published": "2020-01-02T00:00:00", "title": "EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1012)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132605);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/01\");\n\n script_cve_id(\n \"CVE-2017-13693\",\n \"CVE-2017-13694\",\n \"CVE-2019-10220\",\n \"CVE-2019-11191\",\n \"CVE-2019-14901\",\n \"CVE-2019-15291\",\n \"CVE-2019-16229\",\n \"CVE-2019-16231\",\n \"CVE-2019-16232\",\n \"CVE-2019-18660\",\n \"CVE-2019-18675\",\n \"CVE-2019-18683\",\n \"CVE-2019-18786\",\n \"CVE-2019-18808\",\n \"CVE-2019-18814\",\n \"CVE-2019-18885\",\n \"CVE-2019-19045\",\n \"CVE-2019-19046\",\n \"CVE-2019-19049\",\n \"CVE-2019-19051\",\n \"CVE-2019-19052\",\n \"CVE-2019-19054\",\n \"CVE-2019-19056\",\n \"CVE-2019-19057\",\n \"CVE-2019-19058\",\n \"CVE-2019-19059\",\n \"CVE-2019-19060\",\n \"CVE-2019-19061\",\n \"CVE-2019-19063\",\n \"CVE-2019-19065\",\n \"CVE-2019-19066\",\n \"CVE-2019-19067\",\n \"CVE-2019-19068\",\n \"CVE-2019-19070\",\n \"CVE-2019-19071\",\n \"CVE-2019-19072\",\n \"CVE-2019-19073\",\n \"CVE-2019-19074\",\n \"CVE-2019-19075\",\n \"CVE-2019-19077\",\n \"CVE-2019-19078\",\n \"CVE-2019-19079\",\n \"CVE-2019-19080\",\n \"CVE-2019-19081\",\n \"CVE-2019-19082\",\n \"CVE-2019-19083\",\n \"CVE-2019-19227\",\n \"CVE-2019-19252\",\n \"CVE-2019-19523\",\n \"CVE-2019-19524\",\n \"CVE-2019-19525\",\n \"CVE-2019-19526\",\n \"CVE-2019-19527\",\n \"CVE-2019-19528\",\n \"CVE-2019-19529\",\n \"CVE-2019-19530\",\n \"CVE-2019-19531\",\n \"CVE-2019-19532\",\n \"CVE-2019-19533\",\n \"CVE-2019-19534\",\n \"CVE-2019-19535\",\n \"CVE-2019-19536\",\n \"CVE-2019-19537\",\n \"CVE-2019-19767\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1012)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):** DISPUTED ** A memory\n leak in the __ipmi_bmc_register() function in\n drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption) by triggering\n ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE:\n third parties dispute the relevance of this because an\n attacker cannot realistically control this failure at\n probe time.(CVE-2019-19046)A memory leak in the\n bfad_im_get_stats() function in\n drivers/scsi/bfa/bfad_attr.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption) by triggering\n bfa_port_get_stats() failures, aka\n CID-0e62395da2bd.(CVE-2019-19066)A memory leak in the\n adis_update_scan_mode_burst() function in\n drivers/iio/imu/adis_buffer.c in the Linux kernel\n before 5.3.9 allows attackers to cause a denial of\n service (memory consumption), aka\n CID-9c0530e898f3.(CVE-2019-19061)In the Linux kernel\n before 5.3.12, there is a use-after-free bug that can\n be caused by a malicious USB device in the\n drivers/input/ff-memless.c driver, aka\n CID-fa3a5a1880c9.(CVE-2019-19524)The Linux kernel\n through 5.0.7, when CONFIG_IA32_AOUT is enabled and\n ia32_aout is loaded, allows local users to bypass ASLR\n on setuid a.out programs (if any exist) because\n install_exec_creds() is called too late in\n load_aout_binary() in fs/binfmt_aout.c, and thus the\n ptrace_may_access() check has a race condition when\n reading /proc/pid/stat. NOTE: the software maintainer\n disputes that this is a vulnerability because ASLR for\n a.out format executables has never been\n supported.(CVE-2019-11191)In the Linux kernel before\n 5.2.10, there is a use-after-free bug that can be\n caused by a malicious USB device in the\n drivers/hid/usbhid/hiddev.c driver, aka\n CID-9c09b214f30e.(CVE-2019-19527)In the Linux kernel\n before 5.3.9, there are multiple out-of-bounds write\n bugs that can be caused by a malicious USB device in\n the Linux kernel HID drivers, aka CID-d9d4b1e46d95.\n This affects drivers/hid/hid-axff.c,\n drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c,\n drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c,\n drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c,\n drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c,\n drivers/hid/hid-logitech-hidpp.c,\n drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c,\n drivers/hid/hid-tmff.c, and\n drivers/hid/hid-zpff.c.(CVE-2019-19532)The\n acpi_ps_complete_final_op() function in\n drivers/acpi/acpica/psobject.c in the Linux kernel\n through 4.12.9 does not flush the node and node_ext\n caches and causes a kernel stack dump, which allows\n local users to obtain sensitive information from kernel\n memory and bypass the KASLR protection mechanism (in\n the kernel through 4.9) via a crafted ACPI\n table.(CVE-2017-13694)The acpi_ds_create_operands()\n function in drivers/acpi/acpica/dsutils.c in the Linux\n kernel through 4.12.9 does not flush the operand cache\n and causes a kernel stack dump, which allows local\n users to obtain sensitive information from kernel\n memory and bypass the KASLR protection mechanism (in\n the kernel through 4.9) via a crafted ACPI\n table.(CVE-2017-13693)The Linux kernel before 5.4.1 on\n powerpc allows Information Exposure because the\n Spectre-RSB mitigation is not in place for all\n applicable CPUs, aka CID-39e72bf96f58. This is related\n to arch/powerpc/kernel/entry_64.S and\n arch/powerpc/kernel/security.c.(CVE-2019-18660)In the\n Linux kernel through 5.3.8, f->fmt.sdr.reserved is\n uninitialized in rcar_drif_g_fmt_sdr_cap in\n drivers/media/platform/rcar_drif.c, which could cause a\n memory disclosure problem.(CVE-2019-18786)An issue was\n discovered in drivers/media/platform/vivid in the Linux\n kernel through 5.3.8. It is exploitable for privilege\n escalation on some Linux distributions where local\n users have /dev/video0 access, but only if the driver\n happens to be loaded. There are multiple race\n conditions during streaming stopping in this driver\n (part of the V4L2 subsystem). These issues are caused\n by wrong mutex locking in\n vivid_stop_generating_vid_cap(),\n vivid_stop_generating_vid_out(),\n sdr_cap_stop_streaming(), and the corresponding\n kthreads. At least one of these race conditions leads\n to a use-after-free.(CVE-2019-18683)A memory leak in\n the cx23888_ir_probe() function in\n drivers/media/pci/cx23885/cx23888-ir.c in the Linux\n kernel through 5.3.11 allows attackers to cause a\n denial of service (memory consumption) by triggering\n kfifo_alloc() failures, aka\n CID-a7b2df76b42b.(CVE-2019-19054)A memory leak in the\n mlx5_fpga_conn_create_cq() function in drivers\n et/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux\n kernel before 5.3.11 allows attackers to cause a denial\n of service (memory consumption) by triggering\n mlx5_vector2eqn() failures, aka\n CID-c8c2a057fdc7.(CVE-2019-19045)A memory leak in the\n i2400m_op_rfkill_sw_toggle() function in drivers\n et/wimax/i2400m/op-rfkill.c in the Linux kernel before\n 5.3.11 allows attackers to cause a denial of service\n (memory consumption), aka\n CID-6f3ef5c25cc7.(CVE-2019-19051)A memory leak in the\n alloc_sgtable() function in drivers\n et/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption) by triggering alloc_page()\n failures, aka CID-b4b814fec1a5.(CVE-2019-19058)Multiple\n memory leaks in the iwl_pcie_ctxt_info_gen3_init()\n function in drivers\n et/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the\n Linux kernel through 5.3.11 allow attackers to cause a\n denial of service (memory consumption) by triggering\n iwl_pcie_init_fw_sec() or dma_alloc_coherent()\n failures, aka CID-0f4f199443fa.(CVE-2019-19059)A memory\n leak in the unittest_data_add() function in\n drivers/of/unittest.c in the Linux kernel before 5.3.10\n allows attackers to cause a denial of service (memory\n consumption) by triggering of_fdt_unflatten_tree()\n failures, aka CID-e13de8fe0d6a. NOTE: third parties\n dispute the relevance of this because unittest.c can\n only be reached during boot.(CVE-2019-19049)A memory\n leak in the spi_gpio_probe() function in\n drivers/spi/spi-gpio.c in the Linux kernel through\n 5.3.11 allows attackers to cause a denial of service\n (memory consumption) by triggering\n devm_add_action_or_reset() failures, aka\n CID-d3b0ffa1d75d. NOTE: third parties dispute the\n relevance of this because the system must have already\n been out of memory before the probe\n began.(CVE-2019-19070)A memory leak in the sdma_init()\n function in drivers/infiniband/hw/hfi1/sdma.c in the\n Linux kernel before 5.3.9 allows attackers to cause a\n denial of service (memory consumption) by triggering\n rhashtable_init() failures, aka\n CID-34b3be18a04e.(CVE-2019-19065)** DISPUTED ** Four\n memory leaks in the acp_hw_init() function in\n drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux\n kernel before 5.3.8 allow attackers to cause a denial\n of service (memory consumption) by triggering\n mfd_add_hotplug_devices() or pm_genpd_add_device()\n failures, aka CID-57be09c6e874. NOTE: third parties\n dispute the relevance of this because the attacker must\n already have privileges for module\n loading.(CVE-2019-19067)A memory leak in the\n rtl8xxxu_submit_int_urb() function in drivers\n et/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the\n Linux kernel through 5.3.11 allows attackers to cause a\n denial of service (memory consumption) by triggering\n usb_submit_urb() failures, aka\n CID-a2cdd07488e6.(CVE-2019-19068)A memory leak in the\n rsi_send_beacon() function in drivers\n et/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption) by triggering\n rsi_prepare_beacon() failures, aka\n CID-d563131ef23c.(CVE-2019-19071)A memory leak in the\n ca8210_probe() function in drivers\n et/ieee802154/ca8210.c in the Linux kernel before 5.3.8\n allows attackers to cause a denial of service (memory\n consumption) by triggering ca8210_get_platform_data()\n failures, aka CID-6402939ec86e.(CVE-2019-19075)A memory\n leak in the bnxt_re_create_srq() function in\n drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux\n kernel through 5.3.11 allows attackers to cause a\n denial of service (memory consumption) by triggering\n copy to udata failures, aka\n CID-4a9d46a9fe14.(CVE-2019-19077)A memory leak in the\n ath10k_usb_hif_tx_sg() function in drivers\n et/wireless/ath/ath10k/usb.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption) by triggering\n usb_submit_urb() failures, aka\n CID-b8d17e7d93d2.(CVE-2019-19078)A memory leak in the\n qrtr_tun_write_iter() function in net/qrtr/tun.c in the\n Linux kernel before 5.3 allows attackers to cause a\n denial of service (memory consumption), aka\n CID-a21b7f0cff19.(CVE-2019-19079)Four memory leaks in\n the nfp_flower_spawn_phy_reprs() function in drivers\n et/ethernet etronome fp/flower/main.c in the Linux\n kernel before 5.3.4 allow attackers to cause a denial\n of service (memory consumption), aka\n CID-8572cea1461a.(CVE-2019-19080)A memory leak in the\n nfp_flower_spawn_vnic_reprs() function in drivers\n et/ethernet etronome fp/flower/main.c in the Linux\n kernel before 5.3.4 allows attackers to cause a denial\n of service (memory consumption), aka\n CID-8ce39eb5a67a.(CVE-2019-19081)Memory leaks in\n *create_resource_pool() functions under\n drivers/gpu/drm/amd/display/dc in the Linux kernel\n through 5.3.11 allow attackers to cause a denial of\n service (memory consumption). This affects the\n dce120_create_resource_pool() function in\n drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c\n , the dce110_create_resource_pool() function in\n drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c\n , the dce100_create_resource_pool() function in\n drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c\n , the dcn10_create_resource_pool() function in\n drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c,\n and the dce112_create_resource_pool() function in\n drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c\n , aka CID-104c307147ad.(CVE-2019-19082)Memory leaks in\n *clock_source_create() functions under\n drivers/gpu/drm/amd/display/dc in the Linux kernel\n before 5.3.8 allow attackers to cause a denial of\n service (memory consumption). This affects the\n dce112_clock_source_create() function in\n drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c\n , the dce100_clock_source_create() function in\n drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c\n , the dcn10_clock_source_create() function in\n drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c,\n the dcn20_clock_source_create() function in\n drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c,\n the dce120_clock_source_create() function in\n drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c\n , the dce110_clock_source_create() function in\n drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c\n , and the dce80_clock_source_create() function in\n drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c,\n aka CID-055e547478a1.(CVE-2019-19083)In the Linux\n kernel before 5.2.9, there is an info-leak bug that can\n be caused by a malicious USB device in the drivers\n et/can/usb/peak_usb/pcan_usb_fd.c driver, aka\n CID-30a8beeb3042.(CVE-2019-19535)fs/btrfs/volumes.c in\n the Linux kernel before 5.1 allows a\n btrfs_verify_dev_extents NULL pointer dereference via a\n crafted btrfs image because fs_devices->devices is\n mishandled within find_device, aka\n CID-09ba3bc9dd15.(CVE-2019-18885)In the Linux kernel\n before 5.2.9, there is an info-leak bug that can be\n caused by a malicious USB device in the drivers\n et/can/usb/peak_usb/pcan_usb_pro.c driver, aka\n CID-ead16e53c2f0.(CVE-2019-19536)In the Linux kernel\n before 5.3.6, there is a use-after-free bug that can be\n caused by a malicious USB device in the drivers\n et/ieee802154/atusb.c driver, aka\n CID-7fd25e6fc035.(CVE-2019-19525)In the Linux kernel\n before 5.3.9, there is a use-after-free bug that can be\n caused by a malicious USB device in the drivers\n fc/pn533/usb.c driver, aka\n CID-6af3aa57a098.(CVE-2019-19526)In the Linux kernel\n before 5.3.11, there is a use-after-free bug that can\n be caused by a malicious USB device in the drivers\n et/can/usb/mcba_usb.c driver, aka\n CID-4d6636498c41.(CVE-2019-19529)A memory leak in the\n adis_update_scan_mode() function in\n drivers/iio/imu/adis_buffer.c in the Linux kernel\n before 5.3.9 allows attackers to cause a denial of\n service (memory consumption), aka\n CID-ab612b1daf41.(CVE-2019-19060)In the Linux kernel\n before 5.3.11, there is an info-leak bug that can be\n caused by a malicious USB device in the drivers\n et/can/usb/peak_usb/pcan_usb_core.c driver, aka\n CID-f7a1337f0d29.(CVE-2019-19534)A memory leak in the\n ccp_run_sha_cmd() function in\n drivers/crypto/ccp/ccp-ops.c in the Linux kernel\n through 5.3.9 allows attackers to cause a denial of\n service (memory consumption), aka\n CID-128c66429247.(CVE-2019-18808)drivers\n et/wireless/marvell/libertas/if_sdio.c in the Linux\n kernel 5.2.14 does not check the alloc_workqueue return\n value, leading to a NULL pointer\n dereference.(CVE-2019-16232)drivers et/fjes/fjes_main.c\n in the Linux kernel 5.2.14 does not check the\n alloc_workqueue return value, leading to a NULL pointer\n dereference.(CVE-2019-16231)** DISPUTED **\n drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux\n kernel 5.2.14 does not check the alloc_workqueue return\n value, leading to a NULL pointer dereference. NOTE: The\n security community disputes this issues as not being\n serious enough to be deserving a CVE\n id.(CVE-2019-16229)Linux kernel CIFS implementation,\n version 4.9.0 is vulnerable to a relative paths\n injection in directory entry\n lists.(CVE-2019-10220)Memory leaks in drivers\n et/wireless/ath/ath9k/htc_hst.c in the Linux kernel\n through 5.3.11 allow attackers to cause a denial of\n service (memory consumption) by triggering\n wait_for_completion_timeout() failures. This affects\n the htc_config_pipe_credits() function, the\n htc_setup_complete() function, and the\n htc_connect_service() function, aka\n CID-853acf7caf10.(CVE-2019-19073)Two memory leaks in\n the mwifiex_pcie_init_evt_ring() function in drivers\n et/wireless/marvell/mwifiex/pcie.c in the Linux kernel\n through 5.3.11 allow attackers to cause a denial of\n service (memory consumption) by triggering\n mwifiex_map_pci_memory() failures, aka\n CID-d10dcb615c8e.(CVE-2019-19057)A memory leak in the\n gs_can_open() function in drivers et/can/usb/gs_usb.c\n in the Linux kernel before 5.3.11 allows attackers to\n cause a denial of service (memory consumption) by\n triggering usb_submit_urb() failures, aka\n CID-fb5be6a7b486.(CVE-2019-19052)A memory leak in the\n mwifiex_pcie_alloc_cmdrsp_buf() function in drivers\n et/wireless/marvell/mwifiex/pcie.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption) by triggering\n mwifiex_map_pci_memory() failures, aka\n CID-db8fd2cde932.(CVE-2019-19056)A memory leak in the\n ath9k_wmi_cmd() function in drivers\n et/wireless/ath/ath9k/wmi.c in the Linux kernel through\n 5.3.11 allows attackers to cause a denial of service\n (memory consumption), aka\n CID-728c1e2a05e4.(CVE-2019-19074)Two memory leaks in\n the rtl_usb_probe() function in drivers\n et/wireless/realtek/rtlwifi/usb.c in the Linux kernel\n through 5.3.11 allow attackers to cause a denial of\n service (memory consumption), aka\n CID-3f9361695113.(CVE-2019-19063)An issue was\n discovered in the Linux kernel through 5.3.9. There is\n a use-after-free when aa_label_parse() fails in\n aa_audit_rule_init() in\n security/apparmor/audit.c.(CVE-2019-18814)A memory leak\n in the predicate_parse() function in\n kernel/trace/trace_events_filter.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption), aka\n CID-96c5c6e6a5b6.(CVE-2019-19072)In the Linux kernel\n before 5.3.7, there is a use-after-free bug that can be\n caused by a malicious USB device in the\n drivers/usb/misc/adutux.c driver, aka\n CID-44efc269db79.(CVE-2019-19523)In the Linux kernel\n before 5.3.7, there is a use-after-free bug that can be\n caused by a malicious USB device in the\n drivers/usb/misc/iowarrior.c driver, aka\n CID-edc4746f253d.(CVE-2019-19528)In the Linux kernel\n before 5.2.10, there is a use-after-free bug that can\n be caused by a malicious USB device in the\n drivers/usb/class/cdc-acm.c driver, aka\n CID-c52873e5a1ef.(CVE-2019-19530)In the Linux kernel\n before 5.3.4, there is an info-leak bug that can be\n caused by a malicious USB device in the\n drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka\n CID-a10feaf8c464.(CVE-2019-19533)In the Linux kernel\n before 5.2.10, there is a race condition bug that can\n be caused by a malicious USB device in the USB\n character device driver layer, aka CID-303911cfc5b9.\n This affects drivers/usb/core/file.c.(CVE-2019-19537)In\n the Linux kernel before 5.2.9, there is a\n use-after-free bug that can be caused by a malicious\n USB device in the drivers/usb/misc/yurex.c driver, aka\n CID-fc05481b2fca.(CVE-2019-19531)The Linux kernel\n through 5.3.13 has a start_offset+size Integer Overflow\n in cpia2_remap_buffer in\n drivers/media/usb/cpia2/cpia2_core.c because cpia2 has\n its own mmap implementation. This allows local users\n (with /dev/video0 access) to obtain read and write\n permissions on kernel physical pages, which can\n possibly result in a privilege\n escalation.(CVE-2019-18675)In the AppleTalk subsystem\n in the Linux kernel before 5.1, there is a potential\n NULL pointer dereference because register_snap_client\n may return NULL. This will lead to denial of service in\n net/appletalk/aarp.c and net/appletalk/ddp.c, as\n demonstrated by unregister_snap_client, aka\n CID-9804501fa122.(CVE-2019-19227)vcs_write in\n drivers/tty/vt/vc_screen.c in the Linux kernel through\n 5.3.13 does not prevent write access to vcsu devices,\n aka CID-0c9acb1af77a.(CVE-2019-19252)The Linux kernel\n before 5.4.2 mishandles ext4_expand_extra_isize, as\n demonstrated by use-after-free errors in\n __ext4_expand_extra_isize and ext4_xattr_set_entry,\n related to fs/ext4/inode.c and fs/ext4/super.c, aka\n CID-4ea99936a163.(CVE-2019-19767)A heap overflow flaw\n was found in the Linux kernel, all versions 3.x.x and\n 4.x.x before 4.18.0, in Marvell WiFi chip driver. The\n vulnerability allows a remote attacker to cause a\n system crash, resulting in a denial of service, or\n execute arbitrary code. The highest threat with this\n vulnerability is with the availability of the system.\n If code execution occurs, the code will run with the\n permissions of root. This will affect both\n confidentiality and integrity of files on the\n system.(CVE-2019-14901)An issue was discovered in the\n Linux kernel through 5.2.9. There is a NULL pointer\n dereference caused by a malicious USB device in the\n flexcop_usb_probe function in the\n drivers/media/usb/b2c2/flexcop-usb.c\n driver.(CVE-2019-15291)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1012\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f83f4799\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"bpftool-4.19.36-vhulk1907.1.0.h619.eulerosv2r8\",\n \"kernel-4.19.36-vhulk1907.1.0.h619.eulerosv2r8\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h619.eulerosv2r8\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h619.eulerosv2r8\",\n \"kernel-source-4.19.36-vhulk1907.1.0.h619.eulerosv2r8\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h619.eulerosv2r8\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h619.eulerosv2r8\",\n \"perf-4.19.36-vhulk1907.1.0.h619.eulerosv2r8\",\n \"python-perf-4.19.36-vhulk1907.1.0.h619.eulerosv2r8\",\n \"python3-perf-4.19.36-vhulk1907.1.0.h619.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-01T04:46:38", "bulletinFamily": "scanner", "description": "The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-16746: There was an issue in net/wireless/nl80211.c where the\nkernel did not check the length of variable elements in a beacon head,\nleading to a buffer overflow (bnc#1152107).\n\nCVE-2019-19066: Fixed memory leak in the bfad_im_get_stats() function\nin drivers/scsi/bfa/bfad_attr.c that allowed attackers to cause a\ndenial of service (memory consumption) by triggering\nbfa_port_get_stats() failures (bnc#1157303).\n\nCVE-2019-19051: Fixed memory leak in the i2400m_op_rfkill_sw_toggle()\nfunction in drivers/net/wimax/i2400m/op-rfkill.c that allowed\nattackers to cause a denial of service (memory consumption)\n(bnc#1159024).\n\nCVE-2019-19338: There was an incomplete fix for Transaction\nAsynchronous Abort (TAA) (bsc#1158954).\n\nCVE-2019-19332: There was an OOB memory write via\nkvm_dev_ioctl_get_cpuid (bsc#1158827).\n\nCVE-2019-19537: There was a race condition bug that could have been\ncaused by a malicious USB device in the USB character device driver\nlayer (bnc#1158904).\n\nCVE-2019-19535: There was an info-leak bug that could have been caused\nby a malicious USB device in the\ndrivers/net/can/usb/peak_usb/pcan_usb_fd.c driver (bnc#1158903).\n\nCVE-2019-19527: There was a use-after-free bug that could have been\ncaused by a malicious USB device in the drivers/hid/usbhid/hiddev.c\ndriver (bnc#1158900).\n\nCVE-2019-19526: There was a use-after-free bug that could have been\ncaused by a malicious USB device in the drivers/nfc/pn533/usb.c driver\n(bnc#1158893).\n\nCVE-2019-19533: There was an info-leak bug that could have been caused\nby a malicious USB device in the\ndrivers/media/usb/ttusb-dec/ttusb_dec.c driver (bnc#1158834).\n\nCVE-2019-19532: There were multiple out-of-bounds write bugs that\ncould have been caused by a malicious USB device in the Linux kernel\nHID drivers (bnc#1158824).\n\nCVE-2019-19523: There was a use-after-free bug that could have been\ncaused by a malicious USB device in the drivers/usb/misc/adutux.c\ndriver (bnc#1158823).\n\nCVE-2019-15213: An issue was discovered in the Linux kernel, there was\na use-after-free caused by a malicious USB device in the\ndrivers/media/usb/dvb-usb/dvb-usb-init.c driver (bnc#1146544).\n\nCVE-2019-19531: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/misc/yurex.c driver\n(bnc#1158445).\n\nCVE-2019-19543: There was a use-after-free in serial_ir_init_module()\nin drivers/media/rc/serial_ir.c (bnc#1158427).\n\nCVE-2019-19525: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/net/ieee802154/atusb.c driver\n(bnc#1158417).\n\nCVE-2019-19530: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/class/cdc-acm.c driver\n(bnc#1158410).\n\nCVE-2019-19536: There was an info-leak bug that can be caused by a\nmalicious USB device in the\ndrivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394).\n\nCVE-2019-19524: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/input/ff-memless.c driver\n(bnc#1158413).\n\nCVE-2019-19528: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/misc/iowarrior.c driver\n(bnc#1158407).\n\nCVE-2019-19534: There was an info-leak bug that can be caused by a\nmalicious USB device in the\ndrivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398).\n\nCVE-2019-19529: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/net/can/usb/mcba_usb.c driver\n(bnc#1158381).\n\nCVE-2019-14901: A heap overflow flaw was found in the Linux kernel in\nMarvell WiFi chip driver. The vulnerability allowed a remote attacker\nto cause a system crash, resulting in a denial of service, or execute\narbitrary code. The highest threat with this vulnerability is with the\navailability of the system. If code execution occurs, the code will\nrun with the permissions of root. This will affect both\nconfidentiality and integrity of files on the system (bnc#1157042).\n\nCVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in\ndrivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed\nattackers to cause a denial of service (memory consumption) by\ntriggering copy to udata failures (bnc#1157171).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-07-02T00:00:00", "id": "SUSE_SU-2019-3389-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132430", "published": "2019-12-30T00:00:00", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3389-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:3389-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132430);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-14901\", \"CVE-2019-15213\", \"CVE-2019-16746\", \"CVE-2019-19051\", \"CVE-2019-19066\", \"CVE-2019-19077\", \"CVE-2019-19332\", \"CVE-2019-19338\", \"CVE-2019-19523\", \"CVE-2019-19524\", \"CVE-2019-19525\", \"CVE-2019-19526\", \"CVE-2019-19527\", \"CVE-2019-19528\", \"CVE-2019-19529\", \"CVE-2019-19530\", \"CVE-2019-19531\", \"CVE-2019-19532\", \"CVE-2019-19533\", \"CVE-2019-19534\", \"CVE-2019-19535\", \"CVE-2019-19536\", \"CVE-2019-19537\", \"CVE-2019-19543\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3389-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-16746: There was an issue in net/wireless/nl80211.c where the\nkernel did not check the length of variable elements in a beacon head,\nleading to a buffer overflow (bnc#1152107).\n\nCVE-2019-19066: Fixed memory leak in the bfad_im_get_stats() function\nin drivers/scsi/bfa/bfad_attr.c that allowed attackers to cause a\ndenial of service (memory consumption) by triggering\nbfa_port_get_stats() failures (bnc#1157303).\n\nCVE-2019-19051: Fixed memory leak in the i2400m_op_rfkill_sw_toggle()\nfunction in drivers/net/wimax/i2400m/op-rfkill.c that allowed\nattackers to cause a denial of service (memory consumption)\n(bnc#1159024).\n\nCVE-2019-19338: There was an incomplete fix for Transaction\nAsynchronous Abort (TAA) (bsc#1158954).\n\nCVE-2019-19332: There was an OOB memory write via\nkvm_dev_ioctl_get_cpuid (bsc#1158827).\n\nCVE-2019-19537: There was a race condition bug that could have been\ncaused by a malicious USB device in the USB character device driver\nlayer (bnc#1158904).\n\nCVE-2019-19535: There was an info-leak bug that could have been caused\nby a malicious USB device in the\ndrivers/net/can/usb/peak_usb/pcan_usb_fd.c driver (bnc#1158903).\n\nCVE-2019-19527: There was a use-after-free bug that could have been\ncaused by a malicious USB device in the drivers/hid/usbhid/hiddev.c\ndriver (bnc#1158900).\n\nCVE-2019-19526: There was a use-after-free bug that could have been\ncaused by a malicious USB device in the drivers/nfc/pn533/usb.c driver\n(bnc#1158893).\n\nCVE-2019-19533: There was an info-leak bug that could have been caused\nby a malicious USB device in the\ndrivers/media/usb/ttusb-dec/ttusb_dec.c driver (bnc#1158834).\n\nCVE-2019-19532: There were multiple out-of-bounds write bugs that\ncould have been caused by a malicious USB device in the Linux kernel\nHID drivers (bnc#1158824).\n\nCVE-2019-19523: There was a use-after-free bug that could have been\ncaused by a malicious USB device in the drivers/usb/misc/adutux.c\ndriver (bnc#1158823).\n\nCVE-2019-15213: An issue was discovered in the Linux kernel, there was\na use-after-free caused by a malicious USB device in the\ndrivers/media/usb/dvb-usb/dvb-usb-init.c driver (bnc#1146544).\n\nCVE-2019-19531: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/misc/yurex.c driver\n(bnc#1158445).\n\nCVE-2019-19543: There was a use-after-free in serial_ir_init_module()\nin drivers/media/rc/serial_ir.c (bnc#1158427).\n\nCVE-2019-19525: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/net/ieee802154/atusb.c driver\n(bnc#1158417).\n\nCVE-2019-19530: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/class/cdc-acm.c driver\n(bnc#1158410).\n\nCVE-2019-19536: There was an info-leak bug that can be caused by a\nmalicious USB device in the\ndrivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394).\n\nCVE-2019-19524: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/input/ff-memless.c driver\n(bnc#1158413).\n\nCVE-2019-19528: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/usb/misc/iowarrior.c driver\n(bnc#1158407).\n\nCVE-2019-19534: There was an info-leak bug that can be caused by a\nmalicious USB device in the\ndrivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398).\n\nCVE-2019-19529: There was a use-after-free bug that can be caused by a\nmalicious USB device in the drivers/net/can/usb/mcba_usb.c driver\n(bnc#1158381).\n\nCVE-2019-14901: A heap overflow flaw was found in the Linux kernel in\nMarvell WiFi chip driver. The vulnerability allowed a remote attacker\nto cause a system crash, resulting in a denial of service, or execute\narbitrary code. The highest threat with this vulnerability is with the\navailability of the system. If code execution occurs, the code will\nrun with the permissions of root. This will affect both\nconfidentiality and integrity of files on the system (bnc#1157042).\n\nCVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in\ndrivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed\nattackers to cause a denial of service (memory consumption) by\ntriggering copy to udata failures (bnc#1157171).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078248\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152631\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154355\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155921\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158049\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158394\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158638\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158643\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158954\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14901/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-15213/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16746/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19051/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19066/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19077/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19332/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19338/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19523/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19524/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19525/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19526/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19527/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19528/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19529/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19530/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19531/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19532/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19533/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19534/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19535/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19536/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19537/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19543/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20193389-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?26911696\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP5:zypper in -t patch\nSUSE-SLE-WE-12-SP5-2019-3389=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5:zypper in -t\npatch SUSE-SLE-SDK-12-SP5-2019-3389=1\n\nSUSE Linux Enterprise Server 12-SP5:zypper in -t patch\nSUSE-SLE-SERVER-12-SP5-2019-3389=1\n\nSUSE Linux Enterprise Live Patching 12-SP5:zypper in -t patch\nSUSE-SLE-Live-Patching-12-SP5-2019-3389=1\n\nSUSE Linux Enterprise High Availability 12-SP5:zypper in -t patch\nSUSE-SLE-HA-12-SP5-2019-3389=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-122.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-122.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-4.12.14-122.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-4.12.14-122.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-debuginfo-4.12.14-122.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debuginfo-4.12.14-122.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debugsource-4.12.14-122.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-devel-4.12.14-122.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-syms-4.12.14-122.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-06-17T15:49:19", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-06-16T00:00:00", "published": "2020-06-16T00:00:00", "id": "OPENVAS:1361412562311220201674", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201674", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1674)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1674\");\n script_version(\"2020-06-16T05:49:04+0000\");\n script_cve_id(\"CVE-2014-3180\", \"CVE-2014-4508\", \"CVE-2014-4608\", \"CVE-2014-5206\", \"CVE-2014-5207\", \"CVE-2014-7970\", \"CVE-2016-3951\", \"CVE-2016-9756\", \"CVE-2017-12153\", \"CVE-2017-13080\", \"CVE-2017-13693\", \"CVE-2017-8068\", \"CVE-2018-1000204\", \"CVE-2018-13093\", \"CVE-2018-9383\", \"CVE-2018-9389\", \"CVE-2019-10220\", \"CVE-2019-14895\", \"CVE-2019-14896\", \"CVE-2019-14897\", \"CVE-2019-14898\", \"CVE-2019-14901\", \"CVE-2019-16230\", \"CVE-2019-18675\", \"CVE-2019-19054\", \"CVE-2019-19056\", \"CVE-2019-19057\", \"CVE-2019-19060\", \"CVE-2019-19062\", \"CVE-2019-19063\", \"CVE-2019-19066\", \"CVE-2019-19073\", \"CVE-2019-19074\", \"CVE-2019-19227\", \"CVE-2019-19319\", \"CVE-2019-19332\", \"CVE-2019-19523\", \"CVE-2019-19524\", \"CVE-2019-19527\", \"CVE-2019-19528\", \"CVE-2019-19530\", \"CVE-2019-19531\", \"CVE-2019-19532\", \"CVE-2019-19533\", \"CVE-2019-19534\", \"CVE-2019-19536\", \"CVE-2019-19537\", \"CVE-2019-19768\", \"CVE-2019-19922\", \"CVE-2019-19965\", \"CVE-2019-19966\", \"CVE-2019-20054\", \"CVE-2019-20096\", \"CVE-2019-20636\", \"CVE-2019-2215\", \"CVE-2019-5108\", \"CVE-2019-9458\", \"CVE-2020-10720\", \"CVE-2020-10942\", \"CVE-2020-11494\", \"CVE-2020-11565\", \"CVE-2020-11608\", \"CVE-2020-11609\", \"CVE-2020-11668\", \"CVE-2020-12464\", \"CVE-2020-12652\", \"CVE-2020-12653\", \"CVE-2020-12654\", \"CVE-2020-12655\", \"CVE-2020-12770\", \"CVE-2020-12826\", \"CVE-2020-13143\", \"CVE-2020-2732\", \"CVE-2020-8647\", \"CVE-2020-8648\", \"CVE-2020-8649\", \"CVE-2020-8992\", \"CVE-2020-9383\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-16 05:49:04 +0000 (Tue, 16 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-16 05:49:04 +0000 (Tue, 16 Jun 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1674)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1674\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1674\");\n script_xref(name:\"URL\", value:\"https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2020-1674 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/ net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.(CVE-2020-10942)\n\nIn the Linux kernel 5.0.21, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call.(CVE-2019-19319)\n\nIn kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable.(CVE-2014-3180)\n\nIn the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).(CVE-2019-19768)\n\nThere is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.(CVE-2020-8647)\n\nThere is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.(CVE-2020-8649)\n\ndrivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics card occurs during boot. It is not attacker controllable and OOM at that time is highly unlikely.(CVE-2019-16230)\n\nThere is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/ n_tty.c.(CVE-2020-8648)\n\nA flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.(CVE-2020-2732)\n\nAn issue was discovered in the Linux kernel through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.(CVE-2020-9383)\n\next4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.(CVE-2020-8992)\n\nWi-Fi ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.62.59.83.h230\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~327.62.59.83.h230\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~327.62.59.83.h230\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~327.62.59.83.h230\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~327.62.59.83.h230\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.62.59.83.h230\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.62.59.83.h230\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.62.59.83.h230\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.62.59.83.h230\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~327.62.59.83.h230\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~327.62.59.83.h230\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-17T17:00:33", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-04-16T00:00:00", "published": "2020-04-16T00:00:00", "id": "OPENVAS:1361412562311220201396", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201396", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1396)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1396\");\n script_version(\"2020-04-16T05:48:56+0000\");\n script_cve_id(\"CVE-2014-3180\", \"CVE-2014-9888\", \"CVE-2017-12134\", \"CVE-2017-13216\", \"CVE-2017-13693\", \"CVE-2017-7346\", \"CVE-2017-8068\", \"CVE-2017-8069\", \"CVE-2017-8070\", \"CVE-2018-12207\", \"CVE-2018-14633\", \"CVE-2019-0154\", \"CVE-2019-0155\", \"CVE-2019-10126\", \"CVE-2019-10220\", \"CVE-2019-11135\", \"CVE-2019-14895\", \"CVE-2019-14896\", \"CVE-2019-14897\", \"CVE-2019-14901\", \"CVE-2019-15291\", \"CVE-2019-16230\", \"CVE-2019-16231\", \"CVE-2019-16232\", \"CVE-2019-18675\", \"CVE-2019-18805\", \"CVE-2019-18806\", \"CVE-2019-19054\", \"CVE-2019-19056\", \"CVE-2019-19057\", \"CVE-2019-19060\", \"CVE-2019-19062\", \"CVE-2019-19063\", \"CVE-2019-19066\", \"CVE-2019-19073\", \"CVE-2019-19074\", \"CVE-2019-19227\", \"CVE-2019-19332\", \"CVE-2019-19523\", \"CVE-2019-19524\", \"CVE-2019-19527\", \"CVE-2019-19528\", \"CVE-2019-19530\", \"CVE-2019-19531\", \"CVE-2019-19532\", \"CVE-2019-19533\", \"CVE-2019-19534\", \"CVE-2019-19536\", \"CVE-2019-19537\", \"CVE-2019-19768\", \"CVE-2019-19922\", \"CVE-2019-19965\", \"CVE-2019-19966\", \"CVE-2019-20054\", \"CVE-2019-20096\", \"CVE-2019-2215\", \"CVE-2019-5108\", \"CVE-2020-2732\", \"CVE-2020-8647\", \"CVE-2020-8648\", \"CVE-2020-8649\", \"CVE-2020-8992\", \"CVE-2020-9383\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-16 05:48:56 +0000 (Thu, 16 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-16 05:48:56 +0000 (Thu, 16 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1396)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1396\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1396\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2020-1396 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics card occurs during boot. It is not attacker controllable and OOM at that time is highly unlikely.(CVE-2019-16230)\n\nIn the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).(CVE-2019-19768)\n\nA flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.(CVE-2020-2732)\n\nThere is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.(CVE-2020-8647)\n\nThere is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.(CVE-2020-8648)\n\nThere is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.(CVE-2020-8649)\n\next4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.(CVE-2020-8992)\n\nAn issue was discovered in the Linux kernel through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.(CVE-2020-9383)\n\nIn kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable.(CVE-2014-3180)\n\nA heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.(CVE-2019-14896)\n\nA stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system c ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.44.5.10.h254\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~514.44.5.10.h254\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~514.44.5.10.h254\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.44.5.10.h254\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.44.5.10.h254\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.44.5.10.h254\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.44.5.10.h254\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.44.5.10.h254\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.44.5.10.h254\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-04T16:55:33", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2020-03-03T00:00:00", "published": "2020-03-03T00:00:00", "id": "OPENVAS:1361412562310892114", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892114", "title": "Debian LTS: Security Advisory for linux-4.9 (DLA-2114-1)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892114\");\n script_version(\"2020-03-03T04:00:55+0000\");\n script_cve_id(\"CVE-2018-13093\", \"CVE-2018-13094\", \"CVE-2018-20976\", \"CVE-2018-21008\", \"CVE-2019-0136\", \"CVE-2019-10220\", \"CVE-2019-14615\", \"CVE-2019-14814\", \"CVE-2019-14815\", \"CVE-2019-14816\", \"CVE-2019-14895\", \"CVE-2019-14896\", \"CVE-2019-14897\", \"CVE-2019-14901\", \"CVE-2019-15098\", \"CVE-2019-15217\", \"CVE-2019-15291\", \"CVE-2019-15505\", \"CVE-2019-15917\", \"CVE-2019-16746\", \"CVE-2019-17052\", \"CVE-2019-17053\", \"CVE-2019-17054\", \"CVE-2019-17055\", \"CVE-2019-17056\", \"CVE-2019-17075\", \"CVE-2019-17133\", \"CVE-2019-17666\", \"CVE-2019-18282\", \"CVE-2019-18683\", \"CVE-2019-18809\", \"CVE-2019-19037\", \"CVE-2019-19051\", \"CVE-2019-19052\", \"CVE-2019-19056\", \"CVE-2019-19057\", \"CVE-2019-19062\", \"CVE-2019-19066\", \"CVE-2019-19068\", \"CVE-2019-19227\", \"CVE-2019-19332\", \"CVE-2019-19447\", \"CVE-2019-19523\", \"CVE-2019-19524\", \"CVE-2019-19525\", \"CVE-2019-19527\", \"CVE-2019-19530\", \"CVE-2019-19531\", \"CVE-2019-19532\", \"CVE-2019-19533\", \"CVE-2019-19534\", \"CVE-2019-19535\", \"CVE-2019-19536\", \"CVE-2019-19537\", \"CVE-2019-19767\", \"CVE-2019-19947\", \"CVE-2019-19965\", \"CVE-2019-20096\", \"CVE-2019-2215\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-03-03 04:00:55 +0000 (Tue, 03 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-03 04:00:55 +0000 (Tue, 03 Mar 2020)\");\n script_name(\"Debian LTS: Security Advisory for linux-4.9 (DLA-2114-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2114-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/869511\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/945023\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-4.9'\n package(s) announced via the DLA-2114-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2018-13093, CVE-2018-13094\n\nWen Xu from SSLab at Gatech reported several NULL pointer\ndereference flaws that may be triggered when mounting and\noperating a crafted XFS volume. An attacker able to mount\narbitrary XFS volumes could use this to cause a denial of service\n(crash).\n\nCVE-2018-20976\n\nIt was discovered that the XFS file-system implementation did not\ncorrectly handle some mount failure conditions, which could lead\nto a use-after-free. The security impact of this is unclear.\n\nCVE-2018-21008\n\nIt was discovered that the rsi wifi driver did not correctly\nhandle some failure conditions, which could lead to a use-after-\nfree. The security impact of this is unclear.\n\nCVE-2019-0136\n\nIt was discovered that the wifi soft-MAC implementation (mac80211)\ndid not properly authenticate Tunneled Direct Link Setup (TDLS)\nmessages. A nearby attacker could use this for denial of service\n(loss of wifi connectivity).\n\nCVE-2019-2215\n\nThe syzkaller tool discovered a use-after-free vulnerability in\nthe Android binder driver. A local user on a system with this\ndriver enabled could use this to cause a denial of service (memory\ncorruption or crash) or possibly for privilege escalation.\nHowever, this driver is not enabled on Debian packaged kernels.\n\nCVE-2019-10220\n\nVarious developers and researchers found that if a crafted file-\nsystem or malicious file server presented a directory with\nfilenames including a '/' character, this could confuse and\npossibly defeat security checks in applications that read the\ndirectory.\n\nThe kernel will now return an error when reading such a directory,\nrather than passing the invalid filenames on to user-space.\n\nCVE-2019-14615\n\nIt was discovered that Intel 9th and 10th generation GPUs did not\nclear user-visible state during a context switch, which resulted\nin information leaks between GPU tasks. This has been mitigated\nin the i915 driver.\n\nThe affected chips (gen9 and gen10) are listed at\n<\n\nCVE-2019-14814, CVE-2019-14815, CVE-2019-14816\n\nMultiple bugs were discovered in the mwifiex wifi driver, which\ncould lead to heap buffer overflows. A local user permitted to\nconfigure a device handled by this driver could probably use this\nfor privilege escalation.\n\nCVE-2019-14895, CVE-2019-14901\n\nADLab of Venustech discovered potential heap buffer overflows in\nthe mwifiex wifi driver. On systems using this driver, a\nmalicious Wireless Access Point or adhoc/P2P peer could use these\nto cause a denial of service (memory corruption or crash) or\npossibly for remote code ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'linux-4.9' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n4.9.210-1~deb8u1. This update additionally fixes Debian bugs\n#869511 and 945023, and includes many more bug fixes from stable\nupdates 4.9.190-4.9.210 inclusive.\n\nWe recommend that you upgrade your linux-4.9 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.9-arm\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-doc-4.9\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.11-686\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.11-686-pae\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.11-all\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.11-all-amd64\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.11-all-armel\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.11-all-armhf\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.11-all-i386\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.11-amd64\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.11-armmp\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.11-armmp-lpae\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.11-common\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.11-common-rt\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.11-marvell\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.11-rt-686-pae\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.11-rt-amd64\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.12-686\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.12-686-pae\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.12-all\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.12-all-amd64\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.12-all-armel\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.12-all-armhf\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.12-all-i386\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.12-amd64\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.12-armmp\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.12-armmp-lpae\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.12-common\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.12-common-rt\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.12-marvell\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.12-rt-686-pae\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.12-rt-amd64\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.11-686\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.11-686-pae\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.11-686-pae-dbg\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.11-amd64\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.11-amd64-dbg\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.11-armmp\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.11-armmp-lpae\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.11-marvell\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.11-rt-686-pae\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.11-rt-686-pae-dbg\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.11-rt-amd64\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.11-rt-amd64-dbg\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.12-686\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.12-686-pae\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.12-686-pae-dbg\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.12-amd64\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.12-amd64-dbg\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.12-armmp\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.12-armmp-lpae\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.12-marvell\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.12-rt-686-pae\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.12-rt-686-pae-dbg\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.12-rt-amd64\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.12-rt-amd64-dbg\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-kbuild-4.9\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-manual-4.9\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-perf-4.9\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-source-4.9\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-0.bpo.11\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-0.bpo.12\", ver:\"4.9.210-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-30T16:54:48", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-03-26T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220201012", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201012", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1012)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1012\");\n script_version(\"2020-03-26T11:51:34+0000\");\n script_cve_id(\"CVE-2017-13693\", \"CVE-2017-13694\", \"CVE-2019-10220\", \"CVE-2019-11191\", \"CVE-2019-14901\", \"CVE-2019-15291\", \"CVE-2019-16229\", \"CVE-2019-16231\", \"CVE-2019-16232\", \"CVE-2019-18660\", \"CVE-2019-18675\", \"CVE-2019-18683\", \"CVE-2019-18786\", \"CVE-2019-18808\", \"CVE-2019-18814\", \"CVE-2019-18885\", \"CVE-2019-19045\", \"CVE-2019-19046\", \"CVE-2019-19049\", \"CVE-2019-19051\", \"CVE-2019-19052\", \"CVE-2019-19054\", \"CVE-2019-19056\", \"CVE-2019-19057\", \"CVE-2019-19058\", \"CVE-2019-19059\", \"CVE-2019-19060\", \"CVE-2019-19061\", \"CVE-2019-19063\", \"CVE-2019-19065\", \"CVE-2019-19066\", \"CVE-2019-19067\", \"CVE-2019-19068\", \"CVE-2019-19070\", \"CVE-2019-19071\", \"CVE-2019-19072\", \"CVE-2019-19073\", \"CVE-2019-19074\", \"CVE-2019-19075\", \"CVE-2019-19077\", \"CVE-2019-19078\", \"CVE-2019-19079\", \"CVE-2019-19080\", \"CVE-2019-19081\", \"CVE-2019-19082\", \"CVE-2019-19083\", \"CVE-2019-19227\", \"CVE-2019-19252\", \"CVE-2019-19523\", \"CVE-2019-19524\", \"CVE-2019-19525\", \"CVE-2019-19526\", \"CVE-2019-19527\", \"CVE-2019-19528\", \"CVE-2019-19529\", \"CVE-2019-19530\", \"CVE-2019-19531\", \"CVE-2019-19532\", \"CVE-2019-19533\", \"CVE-2019-19534\", \"CVE-2019-19535\", \"CVE-2019-19536\", \"CVE-2019-19537\", \"CVE-2019-19767\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-03-26 11:51:34 +0000 (Thu, 26 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:15:30 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1012)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1012\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1012\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2020-1012 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time.(CVE-2019-19046)\n\nA memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd.(CVE-2019-19066)\n\nA memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3.(CVE-2019-19061)\n\nIn the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.(CVE-2019-19524)\n\nThe Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported.(CVE-2019-11191)\n\nIn the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.(CVE-2019-19527)\n\nIn the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c.(CVE-2019-19532)\n\nThe acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bpftool\", rpm:\"bpftool~4.19.36~vhulk1907.1.0.h619.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.36~vhulk1907.1.0.h619.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.36~vhulk1907.1.0.h619.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.36~vhulk1907.1.0.h619.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.19.36~vhulk1907.1.0.h619.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.36~vhulk1907.1.0.h619.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.36~vhulk1907.1.0.h619.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.36~vhulk1907.1.0.h619.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.36~vhulk1907.1.0.h619.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-perf\", rpm:\"python3-perf~4.19.36~vhulk1907.1.0.h619.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:40:59", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192693", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192693", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-2693)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2693\");\n script_version(\"2020-01-23T14:23:06+0000\");\n script_cve_id(\"CVE-2015-1350\", \"CVE-2017-12134\", \"CVE-2018-1129\", \"CVE-2018-9465\", \"CVE-2019-10220\", \"CVE-2019-15291\", \"CVE-2019-17351\", \"CVE-2019-18675\", \"CVE-2019-18885\", \"CVE-2019-19051\", \"CVE-2019-19056\", \"CVE-2019-19057\", \"CVE-2019-19058\", \"CVE-2019-19063\", \"CVE-2019-19065\", \"CVE-2019-19067\", \"CVE-2019-19073\", \"CVE-2019-19074\", \"CVE-2019-19523\", \"CVE-2019-19524\", \"CVE-2019-19527\", \"CVE-2019-19528\", \"CVE-2019-19530\", \"CVE-2019-19531\", \"CVE-2019-19532\", \"CVE-2019-19533\", \"CVE-2019-19537\", \"CVE-2019-2215\", \"CVE-2019-9456\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 14:23:06 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:14:14 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-2693)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2693\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2693\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-2693 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.(CVE-2019-10220)\n\nA memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7.(CVE-2019-19051)\n\nA memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures, aka CID-34b3be18a04e.(CVE-2019-19065)\n\n** DISPUTED ** Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka CID-57be09c6e874. NOTE: third parties dispute the relevance of this because the attacker must already have privileges for module loading.(CVE-2019-19067)\n\nAn issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7.(CVE-2019-17351)\n\nThe xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.(CVE-2017-12134)\n\nIn the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79.(CVE-2019-19523)\n\nIn the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d.(CVE-2019-19528)\n\nIn the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef.(CVE-2019-19530)\n\nIn the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464.(CVE-2019-19533)\n\nIn the Linux kernel before 5.2.10, there is a race condition bug that can be caused ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.1.5.h359.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.1.5.h359.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.1.5.h359.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.1.5.h359.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.1.5.h359.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~862.14.1.5.h359.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~862.14.1.5.h359.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-11T15:55:34", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2020-06-09T00:00:00", "published": "2020-01-19T00:00:00", "id": "OPENVAS:1361412562310892068", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892068", "title": "Debian LTS: Security Advisory for linux (DLA-2068-1)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892068\");\n script_version(\"2020-06-09T14:44:58+0000\");\n script_cve_id(\"CVE-2019-10220\", \"CVE-2019-14895\", \"CVE-2019-14896\", \"CVE-2019-14897\", \"CVE-2019-14901\", \"CVE-2019-15098\", \"CVE-2019-15217\", \"CVE-2019-15291\", \"CVE-2019-15505\", \"CVE-2019-16746\", \"CVE-2019-17052\", \"CVE-2019-17053\", \"CVE-2019-17054\", \"CVE-2019-17055\", \"CVE-2019-17056\", \"CVE-2019-17133\", \"CVE-2019-17666\", \"CVE-2019-19051\", \"CVE-2019-19052\", \"CVE-2019-19056\", \"CVE-2019-19057\", \"CVE-2019-19062\", \"CVE-2019-19066\", \"CVE-2019-19227\", \"CVE-2019-19332\", \"CVE-2019-19523\", \"CVE-2019-19524\", \"CVE-2019-19527\", \"CVE-2019-19530\", \"CVE-2019-19531\", \"CVE-2019-19532\", \"CVE-2019-19533\", \"CVE-2019-19534\", \"CVE-2019-19536\", \"CVE-2019-19537\", \"CVE-2019-19767\", \"CVE-2019-19922\", \"CVE-2019-19947\", \"CVE-2019-19965\", \"CVE-2019-19966\", \"CVE-2019-2215\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 14:44:58 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-19 04:00:44 +0000 (Sun, 19 Jan 2020)\");\n script_name(\"Debian LTS: Security Advisory for linux (DLA-2068-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2068-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the DLA-2068-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service, or information\nleak.\n\nCVE-2019-2215\n\nThe syzkaller tool discovered a use-after-free vulnerability in\nthe Android binder driver. A local user on a system with this\ndriver enabled could use this to cause a denial of service (memory\ncorruption or crash) or possibly for privilege escalation.\nHowever, this driver is not enabled on Debian packaged kernels.\n\nCVE-2019-10220\n\nVarious developers and researchers found that if a crafted file-\nsystem or malicious file server presented a directory with\nfilenames including a '/' character, this could confuse and\npossibly defeat security checks in applications that read the\ndirectory.\n\nThe kernel will now return an error when reading such a directory,\nrather than passing the invalid filenames on to user-space.\n\nCVE-2019-14895, CVE-2019-14901\n\nADLab of Venustech discovered potential heap buffer overflows in\nthe mwifiex wifi driver. On systems using this driver, a\nmalicious Wireless Access Point or adhoc/P2P peer could use these\nto cause a denial of service (memory corruption or crash) or\npossibly for remote code execution.\n\nCVE-2019-14896, CVE-2019-14897\n\nADLab of Venustech discovered potential heap and stack buffer\noverflows in the libertas wifi driver. On systems using this\ndriver, a malicious Wireless Access Point or adhoc/P2P peer could\nuse these to cause a denial of service (memory corruption or\ncrash) or possibly for remote code execution.\n\nCVE-2019-15098\n\nHui Peng and Mathias Payer reported that the ath6kl wifi driver\ndid not properly validate USB descriptors, which could lead to a\nnull pointer dereference. An attacker able to add USB devices\ncould use this to cause a denial of service (BUG/oops).\n\nCVE-2019-15217\n\nThe syzkaller tool discovered that the zr364xx mdia driver did not\ncorrectly handle devices without a product name string, which\ncould lead to a null pointer dereference. An attacker able to add\nUSB devices could use this to cause a denial of service\n(BUG/oops).\n\nCVE-2019-15291\n\nThe syzkaller tool discovered that the b2c2-flexcop-usb media\ndriver did not properly validate USB descriptors, which could lead\nto a null pointer dereference. An attacker able to add USB\ndevices could use this to cause a denial of service (BUG/oops).\n\nCVE-2019-15505\n\nThe syzkaller tool discovered that the technisat-usb2 media driver\ndid not properly validate incoming IR packets, which could lead to\na heap buffer over-read. An attacker able to add USB devices\ncould use this to cause a denial of service (BUG/oops) or to read\nsensitive information from kernel memory.\n\n ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'linux' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n3.16.81-1.\n\nWe recommend that you upgrade your linux packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.9-x86\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-10-586\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-10-686-pae\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-10-all\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-10-all-amd64\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-10-all-armel\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-10-all-armhf\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-10-all-i386\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-10-amd64\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-10-armmp\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-10-armmp-lpae\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-10-common\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-10-ixp4xx\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-10-kirkwood\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-10-orion5x\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-10-versatile\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-10-586\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-10-686-pae\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-10-686-pae-dbg\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-10-amd64\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-10-amd64-dbg\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-10-armmp\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-10-armmp-lpae\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-10-ixp4xx\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-10-kirkwood\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-10-orion5x\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-10-versatile\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.16.0-10\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-10-amd64\", ver:\"3.16.81-1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T16:29:48", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2020-01-09T00:00:00", "id": "OPENVAS:1361412562310852971", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852971", "title": "openSUSE: Security Advisory for the Linux Kernel (openSUSE-SU-2019:2675-1)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852971\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-14895\", \"CVE-2019-14901\", \"CVE-2019-15213\", \"CVE-2019-15916\",\n \"CVE-2019-18660\", \"CVE-2019-18683\", \"CVE-2019-18809\", \"CVE-2019-19046\",\n \"CVE-2019-19049\", \"CVE-2019-19052\", \"CVE-2019-19056\", \"CVE-2019-19057\",\n \"CVE-2019-19058\", \"CVE-2019-19060\", \"CVE-2019-19062\", \"CVE-2019-19063\",\n \"CVE-2019-19065\", \"CVE-2019-19067\", \"CVE-2019-19068\", \"CVE-2019-19073\",\n \"CVE-2019-19074\", \"CVE-2019-19075\", \"CVE-2019-19077\", \"CVE-2019-19078\",\n \"CVE-2019-19080\", \"CVE-2019-19081\", \"CVE-2019-19082\", \"CVE-2019-19083\",\n \"CVE-2019-19227\", \"CVE-2019-19524\", \"CVE-2019-19525\", \"CVE-2019-19528\",\n \"CVE-2019-19529\", \"CVE-2019-19530\", \"CVE-2019-19531\", \"CVE-2019-19534\",\n \"CVE-2019-19536\", \"CVE-2019-19543\", \"CVE-2019-15211\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 09:50:05 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"openSUSE: Security Advisory for the Linux Kernel (openSUSE-SU-2019:2675-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:2675-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Linux Kernel'\n package(s) announced via the openSUSE-SU-2019:2675-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 15.1 kernel was updated to receive various security and\n bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2019-15211: There was a use-after-free caused by a malicious USB\n device in drivers/media/v4l2-core/v4l2-dev.c (bnc#1146519).\n\n - CVE-2019-15213: There was a use-after-free caused by a malicious USB\n device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver\n (bnc#1146544).\n\n - CVE-2019-19531: There was a use-after-free bug that can be caused by a\n malicious USB device in the drivers/usb/misc/yurex.c driver, aka\n CID-fc05481b2fca (bnc#1158427 1158445).\n\n - CVE-2019-19543: There is a use-after-free in serial_ir_init_module() in\n drivers/media/rc/serial_ir.c (bnc#1158427).\n\n - CVE-2019-19525: There is a use-after-free bug that can be caused by a\n malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka\n CID-7fd25e6fc035 (bnc#1158417).\n\n - CVE-2019-19530: There is a use-after-free bug that can be caused by a\n malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka\n CID-c52873e5a1ef (bnc#1158410).\n\n - CVE-2019-19536: There is an info-leak bug that can be caused by a\n malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c\n driver, aka CID-ead16e53c2f0 (bnc#1158394).\n\n - CVE-2019-19524: There is a use-after-free bug that can be caused by a\n malicious USB device in the drivers/input/ff-memless.c driver, aka\n CID-fa3a5a1880c9 (bnc#1158413).\n\n - CVE-2019-19528: There is a use-after-free bug that can be caused by a\n malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka\n CID-edc4746f253d (bnc#1158407).\n\n - CVE-2019-19534: There is an info-leak bug that can be caused by a\n malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c\n driver, aka CID-f7a1337f0d29 (bnc#1158398).\n\n - CVE-2019-19529: There is a use-after-free bug that can be caused by a\n malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka\n CID-4d6636498c41 (bnc#1158381).\n\n - CVE-2019-14901: A heap overflow flaw was found in the Marvell WiFi chip\n driver. The vulnerability allowed a remote attacker to cause a system\n crash, resulting in a denial of service, or execute arbitrary code. The\n highest threat with this vulnerability is with the availability of the\n system. If code execution occurs, the code will run with the permissions\n of root. This will affect both confidentiality and integrity of files on\n the system (bnc#1157042).\n\n - CVE-2019-14895: A heap-based buffer overflow was discovered in the\n Marvell WiFi chip driver. The flaw could occur when the station attempts\n a connection n ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'the' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel-debuginfo\", rpm:\"kernel-default-devel-debuginfo~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall\", rpm:\"kernel-kvmsmall~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-base\", rpm:\"kernel-kvmsmall-base~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-base-debuginfo\", rpm:\"kernel-kvmsmall-base-debuginfo~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-debuginfo\", rpm:\"kernel-kvmsmall-debuginfo~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-debugsource\", rpm:\"kernel-kvmsmall-debugsource~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-devel\", rpm:\"kernel-kvmsmall-devel~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-devel-debuginfo\", rpm:\"kernel-kvmsmall-devel-debuginfo~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base-debuginfo\", rpm:\"kernel-vanilla-base-debuginfo~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel-debuginfo\", rpm:\"kernel-vanilla-devel-debuginfo~4.12.14~lp151.28.36.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-07-14T12:53:52", "bulletinFamily": "unix", "description": "Package : linux-4.9\nVersion : 4.9.210-1~deb8u1\nCVE ID : CVE-2018-13093 CVE-2018-13094 CVE-2018-20976 CVE-2018-21008\n CVE-2019-0136 CVE-2019-2215 CVE-2019-10220 CVE-2019-14615\n CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14895\n CVE-2019-14896 CVE-2019-14897 CVE-2019-14901 CVE-2019-15098\n CVE-2019-15217 CVE-2019-15291 CVE-2019-15505 CVE-2019-15917\n CVE-2019-16746 CVE-2019-17052 CVE-2019-17053 CVE-2019-17054\n CVE-2019-17055 CVE-2019-17056 CVE-2019-17075 CVE-2019-17133\n CVE-2019-17666 CVE-2019-18282 CVE-2019-18683 CVE-2019-18809\n CVE-2019-19037 CVE-2019-19051 CVE-2019-19052 CVE-2019-19056\n CVE-2019-19057 CVE-2019-19062 CVE-2019-19066 CVE-2019-19068\n CVE-2019-19227 CVE-2019-19332 CVE-2019-19447 CVE-2019-19523\n CVE-2019-19524 CVE-2019-19525 CVE-2019-19527 CVE-2019-19530\n CVE-2019-19531 CVE-2019-19532 CVE-2019-19533 CVE-2019-19534\n CVE-2019-19535 CVE-2019-19536 CVE-2019-19537 CVE-2019-19767\n CVE-2019-19947 CVE-2019-19965 CVE-2019-20096\nDebian Bug : 869511 945023\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2018-13093, CVE-2018-13094\n\n Wen Xu from SSLab at Gatech reported several NULL pointer\n dereference flaws that may be triggered when mounting and\n operating a crafted XFS volume. An attacker able to mount\n arbitrary XFS volumes could use this to cause a denial of service\n (crash).\n\nCVE-2018-20976\n\n It was discovered that the XFS file-system implementation did not\n correctly handle some mount failure conditions, which could lead\n to a use-after-free. The security impact of this is unclear.\n\nCVE-2018-21008\n\n It was discovered that the rsi wifi driver did not correctly\n handle some failure conditions, which could lead to a use-after-\n free. The security impact of this is unclear.\n\nCVE-2019-0136\n\n It was discovered that the wifi soft-MAC implementation (mac80211)\n did not properly authenticate Tunneled Direct Link Setup (TDLS)\n messages. A nearby attacker could use this for denial of service\n (loss of wifi connectivity).\n\nCVE-2019-2215\n\n The syzkaller tool discovered a use-after-free vulnerability in\n the Android binder driver. A local user on a system with this\n driver enabled could use this to cause a denial of service (memory\n corruption or crash) or possibly for privilege escalation.\n However, this driver is not enabled on Debian packaged kernels.\n\nCVE-2019-10220\n\n Various developers and researchers found that if a crafted file-\n system or malicious file server presented a directory with\n filenames including a '/' character, this could confuse and\n possibly defeat security checks in applications that read the\n directory.\n\n The kernel will now return an error when reading such a directory,\n rather than passing the invalid filenames on to user-space.\n\nCVE-2019-14615\n\n It was discovered that Intel 9th and 10th generation GPUs did not\n clear user-visible state during a context switch, which resulted\n in information leaks between GPU tasks. This has been mitigated\n in the i915 driver.\n\n The affected chips (gen9 and gen10) are listed at\n <https://en.wikipedia.org/wiki/List_of_Intel_graphics_processing_units#Gen9>.\n\nCVE-2019-14814, CVE-2019-14815, CVE-2019-14816\n\n Multiple bugs were discovered in the mwifiex wifi driver, which\n could lead to heap buffer overflows. A local user permitted to\n configure a device handled by this driver could probably use this\n for privilege escalation.\n\nCVE-2019-14895, CVE-2019-14901\n\n ADLab of Venustech discovered potential heap buffer overflows in\n the mwifiex wifi driver. On systems using this driver, a\n malicious Wireless Access Point or adhoc/P2P peer could use these\n to cause a denial of service (memory corruption or crash) or\n possibly for remote code execution.\n\nCVE-2019-14896, CVE-2019-14897\n\n ADLab of Venustech discovered potential heap and stack buffer\n overflows in the libertas wifi driver. On systems using this\n driver, a malicious Wireless Access Point or adhoc/P2P peer could\n use these to cause a denial of service (memory corruption or\n crash) or possibly for remote code execution.\n\nCVE-2019-15098\n\n Hui Peng and Mathias Payer reported that the ath6kl wifi driver\n did not properly validate USB descriptors, which could lead to a\n null pointer derefernce. An attacker able to add USB devices\n could use this to cause a denial of service (BUG/oops).\n\nCVE-2019-15217\n\n The syzkaller tool discovered that the zr364xx mdia driver did not\n correctly handle devices without a product name string, which\n could lead to a null pointer dereference. An attacker able to add\n USB devices could use this to cause a denial of service\n (BUG/oops).\n\nCVE-2019-15291\n\n The syzkaller tool discovered that the b2c2-flexcop-usb media\n driver did not properly validate USB descriptors, which could lead\n to a null pointer dereference. An attacker able to add USB\n devices could use this to cause a denial of service (BUG/oops).\n\nCVE-2019-15505\n\n The syzkaller tool discovered that the technisat-usb2 media driver\n did not properly validate incoming IR packets, which could lead to\n a heap buffer over-read. An attacker able to add USB devices\n could use this to cause a denial of service (BUG/oops) or to read\n sensitive information from kernel memory.\n\nCVE-2019-15917\n\n The syzkaller tool found a race condition in code supporting\n UART-attached Bluetooth adapters, which could lead to a use-\n after-free. A local user with access to a pty device or other\n suitable tty device could use this to cause a denial of service\n (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-16746\n\n It was discovered that the wifi stack did not validate the content\n of beacon heads provided by user-space for use on a wifi interface\n in Access Point mode, which could lead to a heap buffer overflow.\n A local user permitted to configure a wifi interface could use\n this to cause a denial of service (memory corruption or crash) or\n possibly for privilege escalation.\n\nCVE-2019-17052, CVE-2019-17053, CVE-2019-17054, CVE-2019-17055, \nCVE-2019-17056\n\n Ori Nimron reported that various network protocol implementations\n - AX.25, IEEE 802.15.4, Appletalk, ISDN, and NFC - allowed all\n users to create raw sockets. A local user could use this to send\n arbitrary packets on networks using those protocols.\n\nCVE-2019-17075\n\n It was found that the cxgb4 Infiniband driver requested DMA\n (Direct Memory Access) to a stack-allocated buffer, which is not\n supported and on some systems can result in memory corruption of\n the stack. A local user might be able to use this for denial of\n service (memory corruption or crash) or possibly for privilege\n escalation.\n\nCVE-2019-17133\n\n Nicholas Waisman reported that the wifi stack did not valdiate\n received SSID information before copying it, which could lead to a\n buffer overflow if it is not validated by the driver or firmware.\n A malicious Wireless Access Point might be able to use this to\n cause a denial of service (memory corruption or crash) or for\n remote code execution.\n\nCVE-2019-17666\n\n Nicholas Waisman reported that the rtlwifi wifi drivers did not\n properly validate received P2P information, leading to a buffer\n overflow. A malicious P2P peer could use this to cause a denial\n of service (memory corruption or crash) or for remote code\n execution.\n\nCVE-2019-18282\n\n Jonathan Berger, Amit Klein, and Benny Pinkas discovered that the\n generation of UDP/IPv6 flow labels used a weak hash function,\n "jhash". This could enable tracking individual computers as they\n communicate with different remote servers and from different\n networks. The "siphash" function is now used instead.\n\nCVE-2019-18683\n\n Multiple race conditions were discovered in the vivid media\n driver, used for testing Video4Linux2 (V4L2) applications,\n These race conditions could result in a use-after-free. On a\n system where this driver is loaded, a user with permission\n to access media devices could use this to cause a denial\n of service (memory corruption or crash) or possibly for\n privilege escalation.\n\nCVE-2019-18809\n\n Navid Emamdoost discovered a potential memory leak in the af9005\n media driver if the device fails to respond to a command. The\n security impact of this is unclear.\n\nCVE-2019-19037\n\n It was discovered that the ext4 filesystem driver did not\n correctly handle directories with holes (unallocated regions) in\n them. An attacker able to mount arbitrary ext4 volumes could use\n this to cause a denial of service (crash).\n\nCVE-2019-19051\n\n Navid Emamdoost discovered a potential memory leak in the i2400m\n wimax driver if the software rfkill operation fails. The security\n impact of this is unclear.\n\nCVE-2019-19052\n\n Navid Emamdoost discovered a potential memory leak in the gs_usb\n CAN driver if the open (interface-up) operation fails. The\n security impact of this is unclear.\n\nCVE-2019-19056, CVE-2019-19057\n\n Navid Emamdoost discovered potential memory leaks in the mwifiex\n wifi driver if the probe operation fails. The security impact of\n this is unclear.\n\nCVE-2019-19062\n\n Navid Emamdoost discovered a potential memory leak in the AF_ALG\n subsystem if the CRYPTO_MSG_GETALG operation fails. A local user\n could possibly use this to cause a denial of service (memory\n exhaustion).\n\nCVE-2019-19066\n\n Navid Emamdoost discovered a potential memory leak in the bfa SCSI\n driver if the get_fc_host_stats operation fails. The security\n impact of this is unclear.\n\nCVE-2019-19068\n\n Navid Emamdoost discovered a potential memory leak in the rtl8xxxu\n wifi driver, in case it fails to submit an interrupt buffer to the\n device. The security impact of this is unclear.\n\nCVE-2019-19227\n\n Dan Carpenter reported missing error checks in the Appletalk\n protocol implementation that could lead to a null pointer\n dereference. The security impact of this is unclear.\n\nCVE-2019-19332\n\n The syzkaller tool discovered a missing bounds check in the KVM\n implementation for x86, which could lead to a heap buffer overflow.\n A local user permitted to use KVM could use this to cause a denial\n of service (memory corruption or crash) or possibly for privilege\n escalation.\n\nCVE-2019-19447\n\n It was discovered that the ext4 filesystem driver did not safely\n handle unlinking of an inode that, due to filesystem corruption,\n already has a link count of 0. An attacker able to mount\n arbitrary ext4 volumes could use this to cause a denial of service\n (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-19523\n\n The syzkaller tool discovered a use-after-free bug in the adutux\n USB driver. An attacker able to add and remove USB devices could\n use this to cause a denial of service (memory corruption or crash)\n or possibly for privilege escalation.\n\nCVE-2019-19524\n\n The syzkaller tool discovered a race condition in the ff-memless\n library used by input drivers. An attacker able to add and remove\n USB devices could use this to cause a denial of service (memory\n corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-19525\n\n The syzkaller tool discovered a use-after-free bug in the atusb\n driver for IEEE 802.15.4 networking. An attacker able to add and\n remove USB devices could possibly use this to cause a denial of\n service (memory corruption or crash) or for privilege escalation.\n\nCVE-2019-19527\n\n The syzkaller tool discovered that the hiddev driver did not\n correctly handle races between a task opening the device and\n disconnection of the underlying hardware. A local user permitted\n to access hiddev devices, and able to add and remove USB devices,\n could use this to cause a denial of service (memory corruption or\n crash) or possibly for privilege escalation.\n\nCVE-2019-19530\n\n The syzkaller tool discovered a potential use-after-free in the\n cdc-acm network driver. An attacker able to add USB devices could\n use this to cause a denial of service (memory corruption or crash)\n or possibly for privilege escalation.\n\nCVE-2019-19531\n\n The syzkaller tool discovered a use-after-free bug in the yurex\n USB driver. An attacker able to add and remove USB devices could\n use this to cause a denial of service (memory corruption or crash)\n or possibly for privilege escalation.\n\nCVE-2019-19532\n\n The syzkaller tool discovered a potential heap buffer overflow in\n the hid-gaff input driver, which was also found to exist in many\n other input drivers. An attacker able to add USB devices could\n use this to cause a denial of service (memory corruption or crash)\n or possibly for privilege escalation.\n\nCVE-2019-19533\n\n The syzkaller tool discovered that the ttusb-dec media driver was\n missing initialisation of a structure, which could leak sensitive\n information from kernel memory.\n\nCVE-2019-19534, CVE-2019-19535, CVE-2019-19536\n\n The syzkaller tool discovered that the peak_usb CAN driver was\n missing initialisation of some structures, which could leak\n sensitive information from kernel memory.\n\nCVE-2019-19537\n\n The syzkaller tool discovered race conditions in the USB stack,\n involving character device registration. An attacker able to add\n USB devices could use this to cause a denial of service (memory\n corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-19767\n\n The syzkaller tool discovered that crafted ext4 volumes could\n trigger a buffer overflow in the ext4 filesystem driver. An\n attacker able to mount such a volume could use this to cause a\n denial of service (memory corruption or crash) or possibly for\n privilege escalation.\n\nCVE-2019-19947\n\n It was discovered that the kvaser_usb CAN driver was missing\n initialisation of some structures, which could leak sensitive\n information from kernel memory.\n\nCVE-2019-19965\n\n Gao Chuan reported a race condition in the libsas library used by\n SCSI host drivers, which could lead to a null pointer dereference.\n An attacker able to add and remove SCSI devices could use this to\n cause a denial of service (BUG/oops).\n\nCVE-2019-20096\n\n The Hulk Robot tool discovered a potential memory leak in the DCCP\n protocol implementation. This may be exploitable by local users,\n or by remote attackers if the system uses DCCP, to cause a denial\n of service (out of memory).\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n4.9.210-1~deb8u1. This update additionally fixes Debian bugs\n#869511 and 945023; and includes many more bug fixes from stable\nupdates 4.9.190-4.9.210 inclusive.\n\nWe recommend that you upgrade your linux-4.9 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams\n", "modified": "2020-03-02T18:15:18", "published": "2020-03-02T18:15:18", "id": "DEBIAN:DLA-2114-1:93D37", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202003/msg00001.html", "title": "[SECURITY] [DLA 2114-1] linux-4.9 security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-14T12:48:11", "bulletinFamily": "unix", "description": "Package : linux\nVersion : 3.16.81-1\nCVE ID : CVE-2019-2215 CVE-2019-10220 CVE-2019-14895 CVE-2019-14896\n CVE-2019-14897 CVE-2019-14901 CVE-2019-15098 CVE-2019-15217\n CVE-2019-15291 CVE-2019-15505 CVE-2019-16746 CVE-2019-17052\n CVE-2019-17053 CVE-2019-17054 CVE-2019-17055 CVE-2019-17056\n CVE-2019-17133 CVE-2019-17666 CVE-2019-19051 CVE-2019-19052\n CVE-2019-19056 CVE-2019-19057 CVE-2019-19062 CVE-2019-19066\n CVE-2019-19227 CVE-2019-19332 CVE-2019-19523 CVE-2019-19524\n CVE-2019-19527 CVE-2019-19530 CVE-2019-19531 CVE-2019-19532\n CVE-2019-19533 CVE-2019-19534 CVE-2019-19536 CVE-2019-19537\n CVE-2019-19767 CVE-2019-19922 CVE-2019-19947 CVE-2019-19965\n CVE-2019-19966\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service, or information\nleak.\n\nCVE-2019-2215\n\n The syzkaller tool discovered a use-after-free vulnerability in\n the Android binder driver. A local user on a system with this\n driver enabled could use this to cause a denial of service (memory\n corruption or crash) or possibly for privilege escalation.\n However, this driver is not enabled on Debian packaged kernels.\n\nCVE-2019-10220\n\n Various developers and researchers found that if a crafted file-\n system or malicious file server presented a directory with\n filenames including a '/' character, this could confuse and\n possibly defeat security checks in applications that read the\n directory.\n\n The kernel will now return an error when reading such a directory,\n rather than passing the invalid filenames on to user-space.\n\nCVE-2019-14895, CVE-2019-14901\n\n ADLab of Venustech discovered potential heap buffer overflows in\n the mwifiex wifi driver. On systems using this driver, a\n malicious Wireless Access Point or adhoc/P2P peer could use these\n to cause a denial of service (memory corruption or crash) or\n possibly for remote code execution.\n\nCVE-2019-14896, CVE-2019-14897\n\n ADLab of Venustech discovered potential heap and stack buffer\n overflows in the libertas wifi driver. On systems using this\n driver, a malicious Wireless Access Point or adhoc/P2P peer could\n use these to cause a denial of service (memory corruption or\n crash) or possibly for remote code execution.\n\nCVE-2019-15098\n\n Hui Peng and Mathias Payer reported that the ath6kl wifi driver\n did not properly validate USB descriptors, which could lead to a\n null pointer derefernce. An attacker able to add USB devices\n could use this to cause a denial of service (BUG/oops).\n\nCVE-2019-15217\n\n The syzkaller tool discovered that the zr364xx mdia driver did not\n correctly handle devices without a product name string, which\n could lead to a null pointer dereference. An attacker able to add\n USB devices could use this to cause a denial of service\n (BUG/oops).\n\nCVE-2019-15291\n\n The syzkaller tool discovered that the b2c2-flexcop-usb media\n driver did not properly validate USB descriptors, which could lead\n to a null pointer dereference. An attacker able to add USB\n devices could use this to cause a denial of service (BUG/oops).\n\nCVE-2019-15505\n\n The syzkaller tool discovered that the technisat-usb2 media driver\n did not properly validate incoming IR packets, which could lead to\n a heap buffer over-read. An attacker able to add USB devices\n could use this to cause a denial of service (BUG/oops) or to read\n sensitive information from kernel memory.\n\nCVE-2019-16746\n\n It was discovered that the wifi stack did not validate the content\n of beacon heads provided by user-space for use on a wifi interface\n in Access Point mode, which could lead to a heap buffer overflow.\n A local user permitted to configure a wifi interface could use\n this to cause a denial of service (memory corruption or crash) or\n possibly for privilege escalation.\n\nCVE-2019-17052, CVE-2019-17053, CVE-2019-17054, CVE-2019-17055, \nCVE-2019-17056\n\n Ori Nimron reported that various network protocol implementations\n - AX.25, IEEE 802.15.4, Appletalk, ISDN, and NFC - allowed all\n users to create raw sockets. A local user could use this to send\n arbitrary packets on networks using those protocols.\n\nCVE-2019-17133\n\n Nicholas Waisman reported that the wifi stack did not valdiate\n received SSID information before copying it, which could lead to a\n buffer overflow if it is not validated by the driver or firmware.\n A malicious Wireless Access Point might be able to use this to\n cause a denial of service (memory corruption or crash) or for\n remote code execution.\n\nCVE-2019-17666\n\n Nicholas Waisman reported that the rtlwifi wifi drivers did not\n properly validate received P2P information, leading to a buffer\n overflow. A malicious P2P peer could use this to cause a denial\n of service (memory corruption or crash) or for remote code\n execution.\n\nCVE-2019-19051\n\n Navid Emamdoost discovered a potential memory leak in the i2400m\n wimax driver if the software rfkill operation fails. The security\n impact of this is unclear.\n\nCVE-2019-19052\n\n Navid Emamdoost discovered a potential memory leak in the gs_usb\n CAN driver if the open (interface-up) operation fails. The\n security impact of this is unclear.\n\nCVE-2019-19056, CVE-2019-19057\n\n Navid Emamdoost discovered potential memory leaks in the mwifiex\n wifi driver if the probe operation fails. The security impact of\n this is unclear.\n\nCVE-2019-19062\n\n Navid Emamdoost discovered a potential memory leak in the AF_ALG\n subsystem if the CRYPTO_MSG_GETALG operation fails. A local user\n could possibly use this to cause a denial of service (memory\n exhaustion).\n\nCVE-2019-19066\n\n Navid Emamdoost discovered a potential memory leak in the bfa SCSI\n driver if the get_fc_host_stats operation fails. The security\n impact of this is unclear.\n\nCVE-2019-19227\n\n Dan Carpenter reported missing error checks in the Appletalk\n protocol implementation that could lead to a null pointer\n dereference. The security impact of this is unclear.\n\nCVE-2019-19332\n\n The syzkaller tool discovered a missing bounds check in the KVM\n implementation for x86, which could lead to a heap buffer overflow.\n A local user permitted to use KVM could use this to cause a denial\n of service (memory corruption or crash) or possibly for privilege\n escalation.\n\nCVE-2019-19523\n\n The syzkaller tool discovered a use-after-free bug in the adutux\n USB driver. An attacker able to add and remove USB devices could\n use this to cause a denial of service (memory corruption or crash)\n or possibly for privilege escalation.\n\nCVE-2019-19524\n\n The syzkaller tool discovered a race condition in the ff-memless\n library used by input drivers. An attacker able to add and remove\n USB devices could use this to cause a denial of service (memory\n corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-19527\n\n The syzkaller tool discovered that the hiddev driver did not\n correctly handle races between a task opening the device and\n disconnection of the underlying hardware. A local user permitted\n to access hiddev devices, and able to add and remove USB devices,\n could use this to cause a denial of service (memory corruption or\n crash) or possibly for privilege escalation.\n\nCVE-2019-19530\n\n The syzkaller tool discovered a potential use-after-free in the\n cdc-acm network driver. An attacker able to add USB devices could\n use this to cause a denial of service (memory corruption or crash)\n or possibly for privilege escalation.\n\nCVE-2019-19531\n\n The syzkaller tool discovered a use-after-free bug in the yurex\n USB driver. An attacker able to add and remove USB devices could\n use this to cause a denial of service (memory corruption or crash)\n or possibly for privilege escalation.\n\nCVE-2019-19532\n\n The syzkaller tool discovered a potential heap buffer overflow in\n the hid-gaff input driver, which was also found to exist in many\n other input drivers. An attacker able to add USB devices could\n use this to cause a denial of service (memory corruption or crash)\n or possibly for privilege escalation.\n\nCVE-2019-19533\n\n The syzkaller tool discovered that the ttusb-dec media driver was\n missing initialisation of a structure, which could leak sensitive\n information from kernel memory.\n\nCVE-2019-19534, CVE-2019-19536\n\n The syzkaller tool discovered that the peak_usb CAN driver was\n missing initialisation of some structures, which could leak\n sensitive information from kernel memory.\n\nCVE-2019-19537\n\n The syzkaller tool discovered race conditions in the USB stack,\n involving character device registration. An attacker able to add\n USB devices could use this to cause a denial of service (memory\n corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-19767\n\n The syzkaller tool discovered that crafted ext4 volumes could\n trigger a buffer overflow in the ext4 filesystem driver. An\n attacker able to mount such a volume could use this to cause a\n denial of service (memory corruption or crash) or possibly for\n privilege escalation.\n\nCVE-2019-19922\n\n It was discovered that a change in Linux 3.16.61, "sched/fair: Fix\n bandwidth timer clock drift condition", could lead to tasks being\n throttled before using their full quota of CPU time. A local\n user could use this bug to slow down other users' tasks. This\n change has been reverted.\n\nCVE-2019-19947\n\n It was discovered that the kvaser_usb CAN driver was missing\n initialisation of some structures, which could leak sensitive\n information from kernel memory.\n\nCVE-2019-19965\n\n Gao Chuan reported a race condition in the libsas library used by\n SCSI host drivers, which could lead to a null pointer dereference.\n An attacker able to add and remove SCSI devices could use this to\n cause a denial of service (BUG/oops).\n\nCVE-2019-19966\n\n The syzkaller tool discovered a missing error check in the cpia2\n media driver, which could lead to a use-after-free. An attacker\n able to add USB devices could use this to cause a denial of\n service (memory corruption or crash) or possibly for privilege\n escalation.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n3.16.81-1.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams\n", "modified": "2020-01-18T04:38:43", "published": "2020-01-18T04:38:43", "id": "DEBIAN:DLA-2068-1:83234", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202001/msg00013.html", "title": "[SECURITY] [DLA 2068-1] linux security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2020-02-21T13:06:26", "bulletinFamily": "NVD", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "modified": "2020-02-20T15:55:00", "id": "CVE-2014-2595", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "published": "2020-02-12T01:15:00", "title": "CVE-2014-2595", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
