The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
security and bugfixes.
Following feature was added to kernel-xen:
- A improved XEN blkfront module was added, which allows more I/O
bandwidth. (FATE#320200) It is called xen-blkfront in PV, and
xen-vbd-upstream in HVM mode.
The following security bugs were fixed:
- CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the
Linux kernel allowed local users to bypass intended AF_UNIX socket
permissions or cause a denial of service (panic) via crafted epoll_ctl
calls (bnc#955654).
- CVE-2015-7515: An out of bounds memory access in the aiptek USB driver
could be used by physical local attackers to crash the kernel
(bnc#956708).
- CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in
the Linux kernel did not properly use a semaphore, which allowed local
users to cause a denial of service (NULL pointer dereference and system
crash) or possibly have unspecified other impact via a crafted
application that leverages a race condition between keyctl_revoke and
keyctl_read calls (bnc#958951).
- CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local
users to gain privileges or cause a denial of service (BUG) via crafted
keyctl commands that negatively instantiate a key, related to
security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and
security/keys/user_defined.c (bnc#958463).
- CVE-2015-8543: The networking implementation in the Linux kernel did not
validate protocol identifiers for certain protocol families, which
allowed local users to cause a denial of service (NULL function pointer
dereference and system crash) or possibly gain privileges by leveraging
CLONE_NEWUSER support to execute a crafted SOCK_RAW application
(bnc#958886).
- CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers
could have lead to double fetch vulnerabilities, causing denial of
service
or arbitrary code execution (depending on the configuration)
(bsc#957988).
- CVE-2015-8551, CVE-2015-8552: xen/pciback: For
XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled
(bsc#957990).
- CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in
drivers/net/ppp/pptp.c in the Linux kernel did not verify an address
length, which allowed local users to obtain sensitive information from
kernel memory and bypass the KASLR protection mechanism via a crafted
application (bnc#959190).
- CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the
Linux kernel did not verify an address length, which allowed local users
to obtain sensitive information from kernel memory and bypass the KASLR
protection mechanism via a crafted application (bnc#959190 bnc#959399).
- CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not
properly manage the relationship between a lock and a socket, which
allowed local users to cause a denial of service (deadlock) via a
crafted sctp_accept call (bnc#961509).
- CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in
the Linux kernel allowed local users to cause a denial of service
(infinite loop) via a writev system call that triggers a zero length for
the first segment of an iov (bnc#963765).
- CVE-2015-8812: A use-after-free flaw was found in the CXGB3 kernel
driver when the network was considered to be congested. This could be
used by local attackers to cause machine crashes or potentially code
execution (bsc#966437).
- CVE-2016-0723: Race condition in the tty_ioctl function in
drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain
sensitive information from kernel memory or cause a denial of service
(use-after-free and system crash) by making a TIOCGETD ioctl call during
processing of a TIOCSETD ioctl call (bnc#961500).
- CVE-2016-2069: Race conditions in TLB syncing was fixed which could leak
to information leaks (bnc#963767).
- CVE-2016-2384: Removed a double free in the ALSA usb-audio driver in the
umidi object which could lead to crashes (bsc#966693).
- CVE-2016-2543: Added a missing NULL check at remove_events ioctl in ALSA
that could lead to crashes. (bsc#967972).
- CVE-2016-2544, CVE-2016-2545, CVE-2016-2546, CVE-2016-2547,
CVE-2016-2548, CVE-2016-2549: Various race conditions in ALSAs timer
handling were fixed. (bsc#967975, bsc#967974, bsc#967973, bsc#968011,
bsc#968012, bsc#968013).
The following non-security bugs were fixed:
- alsa: hda - Add one more node in the EAPD supporting candidate list
(bsc#963561).
- alsa: hda - Apply clock gate workaround to Skylake, too (bsc#966137).
- alsa: hda - Fix playback noise with 24/32 bit sample size on BXT
(bsc#966137).
- alsa: hda - disable dynamic clock gating on Broxton before reset
(bsc#966137).
- Add /etc/modprobe.d/50-xen.conf selecting Xen frontend driver
implementation (bsc#957986, bsc#956084, bsc#961658).
- Fix handling of re-write-before-commit for mmapped NFS pages
(bsc#964201).
- nfsv4: Recovery of recalled read delegations is broken (bsc#956514).
- nvme: default to 4k device page size (bsc#967042).
- pci: leave MEM and IO decoding disabled during 64-bit BAR sizing, too
(bsc#951815).
- Refresh patches.xen/xen3-08-x86-ldt-make-modify_ldt-synchronous.patch
(bsc#959705).
- Refresh patches.xen/xen-vscsi-large-requests (refine fix and also
address bsc#966094).
- sunrpc: restore fair scheduling to priority queues (bsc#955308).
- usb: ftdi_sio: fix race condition in TIOCMIWAIT, and abort of TIOCMIWAIT
when the device is removed (bnc#956375).
- usb: ftdi_sio: fix status line change handling for TIOCMIWAIT and
TIOCGICOUNT (bnc#956375).
- usb: ftdi_sio: fix tiocmget and tiocmset return values (bnc#956375).
- usb: ftdi_sio: fix tiocmget indentation (bnc#956375).
- usb: ftdi_sio: optimise chars_in_buffer (bnc#956375).
- usb: ftdi_sio: refactor modem-control status retrieval (bnc#956375).
- usb: ftdi_sio: remove unnecessary memset (bnc#956375).
- usb: ftdi_sio: use ftdi_get_modem_status in chars_in_buffer (bnc#956375).
- usb: ftdi_sio: use generic chars_in_buffer (bnc#956375).
- usb: pl2303: clean up line-status handling (bnc#959649).
- usb: pl2303: only wake up MSR queue on changes (bnc#959649).
- usb: pl2303: remove bogus delta_msr_wait wake up (bnc#959649).
- usb: serial: export usb_serial_generic_chars_in_buffer (bnc#956375).
- Update
patches.fixes/mm-exclude-reserved-pages-from-dirtyable-memory-fix.patch
(bnc#940017, bnc#949298, bnc#947128).
- xen: Update Xen config files (enable upstream block frontend).
- ec2: Update kabi files and start tracking ec2
- xen: consolidate and simplify struct xenbus_driver instantiation
(bsc#961658 fate#320200).
- blktap: also call blkif_disconnect() when frontend switched to closed
(bsc#952976).
- blktap: refine mm tracking (bsc#952976).
- block: Always check queue limits for cloned requests (bsc#933782).
- block: xen-blkfront: Fix possible NULL ptr dereference (bsc#961658
fate#320200).
- bnx2x: Add new device ids under the Qlogic vendor (bsc#964818).
- bnx2x: Alloc 4k fragment for each rx ring buffer element (bsc#953369).
- bnx2x: fix DMA API usage (bsc#953369).
- driver core: Add BUS_NOTIFY_REMOVED_DEVICE event (bnc#962965).
- driver: xen-blkfront: move talk_to_blkback to a more suitable place
(bsc#961658 fate#320200).
- drivers: xen-blkfront: only talk_to_blkback() when in
XenbusStateInitialising (bsc#961658 fate#320200).
- drm/i915: Change semantics of hw_contexts_disabled (bsc#963276).
- drm/i915: Evict CS TLBs between batches (bsc#758040).
- drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040).
- e1000e: Do not read ICR in Other interrupt (bsc#924919).
- e1000e: Do not write lsc to ics in msi-x mode (bsc#924919).
- e1000e: Fix msi-x interrupt automask (bsc#924919).
- e1000e: Remove unreachable code (bsc#924919).
- ext3: NULL dereference in ext3_evict_inode() (bsc#942082).
- ext3: fix data=journal fast mount/umount hang (bsc#942082).
- firmware: Create directories for external firmware (bsc#959312).
- firmware: Simplify directory creation (bsc#959312).
- ftdi_sio: private backport of TIOCMIWAIT (bnc#956375).
- iommu/vt-d: Do not change dma domain on dma-mask change (bsc#955925).
- jbd: Fix unreclaimed pages after truncate in data=journal mode
(bsc#961516).
- kabi/severities: Add exception for bnx2x_schedule_sp_rtnl() There is no
external, 3rd party modules use the symbol and the
bnx2x_schedule_sp_rtnl symbol is only used in the bnx2x driver.
(bsc#953369)
- kbuild: create directory for dir/file.o (bsc#959312).
- llist/xen-blkfront: implement safe version of llist_for_each_entry
(bsc#961658 fate#320200).
- lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392).
- mm-memcg-print-statistics-from-live-counters-fix (bnc#969307).
- nvme: Clear BIO_SEG_VALID flag in nvme_bio_split() (bsc#954992).
- pci: Update VPD size with correct length (bsc#958906).
- pl2303: fix TIOCMIWAIT (bnc#959649).
- pl2303: introduce private disconnect method (bnc#959649).
- qeth: initialize net_device with carrier off (bnc#958000, LTC#136514).
- s390/cio: collect format 1 channel-path description data (bnc#958000,
LTC#136434).
- s390/cio: ensure consistent measurement state (bnc#958000, LTC#136434).
- s390/cio: fix measurement characteristics memleak (bnc#958000,
LTC#136434).
- s390/cio: update measurement characteristics (bnc#958000, LTC#136434).
- s390/dasd: fix failfast for disconnected devices (bnc#958000,
LTC#135138).
- s390/sclp: Determine HSA size dynamically for zfcpdump (bnc#958000,
LTC#136143).
- s390/sclp: Move declarations for sclp_sdias into separate header file
(bnc#958000, LTC#136143).
- scsi_dh_rdac: always retry MODE SELECT on command lock violation
(bsc#956949).
- supported.conf: Add xen-blkfront.
- tg3: 5715 does not link up when autoneg off (bsc#904035).
- usb: serial: ftdi_sio: Add missing chars_in_buffer function (bnc#956375).
- vmxnet3: fix building without CONFIG_PCI_MSI (bsc#958912).
- vmxnet3: fix netpoll race condition (bsc#958912).
- xen, blkfront: factor out flush-related checks from do_blkif_request()
(bsc#961658 fate#320200).
- xen-blkfront: Handle discard requests (bsc#961658 fate#320200).
- xen-blkfront: If no barrier or flush is supported, use invalid operation
(bsc#961658 fate#320200).
- xen-blkfront: Introduce a 'max' module parameter to alter the amount of
indirect segments (bsc#961658 fate#320200).
- xen-blkfront: Silence pfn maybe-uninitialized warning (bsc#961658
fate#320200).
- xen-blkfront: allow building in our Xen environment (bsc#961658
fate#320200).
- xen-blkfront: check for null drvdata in blkback_changed
(XenbusStateClosing) (bsc#961658 fate#320200).
- xen-blkfront: do not add indirect pages to list when !feature_persistent
(bsc#961658 fate#320200).
- xen-blkfront: drop the use of llist_for_each_entry_safe (bsc#961658
fate#320200).
- xen-blkfront: fix a deadlock while handling discard response (bsc#961658
fate#320200).
- xen-blkfront: fix accounting of reqs when migrating (bsc#961658
fate#320200).
- xen-blkfront: free allocated page (bsc#961658 fate#320200).
- xen-blkfront: handle backend CLOSED without CLOSING (bsc#961658
fate#320200).
- xen-blkfront: handle bvecs with partial data (bsc#961658 fate#320200).
- xen-blkfront: improve aproximation of required grants per request
(bsc#961658 fate#320200).
- xen-blkfront: make blkif_io_lock spinlock per-device (bsc#961658
fate#320200).
- xen-blkfront: plug device number leak in xlblk_init() error path
(bsc#961658 fate#320200).
- xen-blkfront: pre-allocate pages for requests (bsc#961658 fate#320200).
- xen-blkfront: remove frame list from blk_shadow (bsc#961658 fate#320200).
- xen-blkfront: remove type check from blkfront_setup_discard (bsc#961658
fate#320200).
- xen-blkfront: restore the non-persistent data path (bsc#961658
fate#320200).
- xen-blkfront: revoke foreign access for grants not mapped by the backend
(bsc#961658 fate#320200).
- xen-blkfront: set blk_queue_max_hw_sectors correctly (bsc#961658
fate#320200).
- xen-blkfront: switch from llist to list (bsc#961658 fate#320200).
- xen-blkfront: use a different scatterlist for each request (bsc#961658
fate#320200).
- xen-block: implement indirect descriptors (bsc#961658 fate#320200).
- xen/blk[front|back]: Enhance discard support with secure erasing support
(bsc#961658 fate#320200).
- xen/blk[front|back]: Squash blkif_request_rw and blkif_request_discard
together (bsc#961658 fate#320200).
- xen/blkback: Persistent grant maps for xen blk drivers (bsc#961658
fate#320200).
- xen/blkback: persistent-grants fixes (bsc#961658 fate#320200).
- xen/blkfront: Fix crash if backend does not follow the right states
(bsc#961658 fate#320200).
- xen/blkfront: do not put bdev right after getting it (bsc#961658
fate#320200).
- xen/blkfront: improve protection against issuing unsupported REQ_FUA
(bsc#961658 fate#320200).
- xen/blkfront: remove redundant flush_op (bsc#961658 fate#320200).
- xen/panic/x86: Allow cpus to save registers even if they (bnc#940946).
- xen/panic/x86: Fix re-entrance problem due to panic on (bnc#937444).
- xen/pvhvm: If xen_platform_pci=0 is set do not blow up (v4) (bsc#961658
fate#320200).
- xen/x86/mm: Add barriers and document switch_mm()-vs-flush
synchronization (bnc#963767).
- xen: x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330).
- xen: x86: mm: only do a local tlb flush in ptep_set_access_flags()
(bsc#948330).
- xfs: Skip dirty pages in ->releasepage (bnc#912738, bnc#915183).
- zfcp: fix fc_host port_type with NPIV (bnc#958000, LTC#132479).
{"id": "SUSE-SU-2016:0911-1", "vendorId": null, "type": "suse", "bulletinFamily": "unix", "title": "Security update for the Linux Kernel (important)", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\n security and bugfixes.\n\n Following feature was added to kernel-xen:\n - A improved XEN blkfront module was added, which allows more I/O\n bandwidth. (FATE#320200) It is called xen-blkfront in PV, and\n xen-vbd-upstream in HVM mode.\n\n The following security bugs were fixed:\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the\n Linux kernel allowed local users to bypass intended AF_UNIX socket\n permissions or cause a denial of service (panic) via crafted epoll_ctl\n calls (bnc#955654).\n - CVE-2015-7515: An out of bounds memory access in the aiptek USB driver\n could be used by physical local attackers to crash the kernel\n (bnc#956708).\n - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in\n the Linux kernel did not properly use a semaphore, which allowed local\n users to cause a denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact via a crafted\n application that leverages a race condition between keyctl_revoke and\n keyctl_read calls (bnc#958951).\n - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local\n users to gain privileges or cause a denial of service (BUG) via crafted\n keyctl commands that negatively instantiate a key, related to\n security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and\n security/keys/user_defined.c (bnc#958463).\n - CVE-2015-8543: The networking implementation in the Linux kernel did not\n validate protocol identifiers for certain protocol families, which\n allowed local users to cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain privileges by leveraging\n CLONE_NEWUSER support to execute a crafted SOCK_RAW application\n (bnc#958886).\n - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers\n could have lead to double fetch vulnerabilities, causing denial of\n service\n or arbitrary code execution (depending on the configuration)\n (bsc#957988).\n - CVE-2015-8551, CVE-2015-8552: xen/pciback: For\n XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled\n (bsc#957990).\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in\n drivers/net/ppp/pptp.c in the Linux kernel did not verify an address\n length, which allowed local users to obtain sensitive information from\n kernel memory and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the\n Linux kernel did not verify an address length, which allowed local users\n to obtain sensitive information from kernel memory and bypass the KASLR\n protection mechanism via a crafted application (bnc#959190 bnc#959399).\n - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not\n properly manage the relationship between a lock and a socket, which\n allowed local users to cause a denial of service (deadlock) via a\n crafted sctp_accept call (bnc#961509).\n - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in\n the Linux kernel allowed local users to cause a denial of service\n (infinite loop) via a writev system call that triggers a zero length for\n the first segment of an iov (bnc#963765).\n - CVE-2015-8812: A use-after-free flaw was found in the CXGB3 kernel\n driver when the network was considered to be congested. This could be\n used by local attackers to cause machine crashes or potentially code\n execution (bsc#966437).\n - CVE-2016-0723: Race condition in the tty_ioctl function in\n drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain\n sensitive information from kernel memory or cause a denial of service\n (use-after-free and system crash) by making a TIOCGETD ioctl call during\n processing of a TIOCSETD ioctl call (bnc#961500).\n - CVE-2016-2069: Race conditions in TLB syncing was fixed which could leak\n to information leaks (bnc#963767).\n - CVE-2016-2384: Removed a double free in the ALSA usb-audio driver in the\n umidi object which could lead to crashes (bsc#966693).\n - CVE-2016-2543: Added a missing NULL check at remove_events ioctl in ALSA\n that could lead to crashes. (bsc#967972).\n - CVE-2016-2544, CVE-2016-2545, CVE-2016-2546, CVE-2016-2547,\n CVE-2016-2548, CVE-2016-2549: Various race conditions in ALSAs timer\n handling were fixed. (bsc#967975, bsc#967974, bsc#967973, bsc#968011,\n bsc#968012, bsc#968013).\n\n The following non-security bugs were fixed:\n - alsa: hda - Add one more node in the EAPD supporting candidate list\n (bsc#963561).\n - alsa: hda - Apply clock gate workaround to Skylake, too (bsc#966137).\n - alsa: hda - Fix playback noise with 24/32 bit sample size on BXT\n (bsc#966137).\n - alsa: hda - disable dynamic clock gating on Broxton before reset\n (bsc#966137).\n - Add /etc/modprobe.d/50-xen.conf selecting Xen frontend driver\n implementation (bsc#957986, bsc#956084, bsc#961658).\n - Fix handling of re-write-before-commit for mmapped NFS pages\n (bsc#964201).\n - nfsv4: Recovery of recalled read delegations is broken (bsc#956514).\n - nvme: default to 4k device page size (bsc#967042).\n - pci: leave MEM and IO decoding disabled during 64-bit BAR sizing, too\n (bsc#951815).\n - Refresh patches.xen/xen3-08-x86-ldt-make-modify_ldt-synchronous.patch\n (bsc#959705).\n - Refresh patches.xen/xen-vscsi-large-requests (refine fix and also\n address bsc#966094).\n - sunrpc: restore fair scheduling to priority queues (bsc#955308).\n - usb: ftdi_sio: fix race condition in TIOCMIWAIT, and abort of TIOCMIWAIT\n when the device is removed (bnc#956375).\n - usb: ftdi_sio: fix status line change handling for TIOCMIWAIT and\n TIOCGICOUNT (bnc#956375).\n - usb: ftdi_sio: fix tiocmget and tiocmset return values (bnc#956375).\n - usb: ftdi_sio: fix tiocmget indentation (bnc#956375).\n - usb: ftdi_sio: optimise chars_in_buffer (bnc#956375).\n - usb: ftdi_sio: refactor modem-control status retrieval (bnc#956375).\n - usb: ftdi_sio: remove unnecessary memset (bnc#956375).\n - usb: ftdi_sio: use ftdi_get_modem_status in chars_in_buffer (bnc#956375).\n - usb: ftdi_sio: use generic chars_in_buffer (bnc#956375).\n - usb: pl2303: clean up line-status handling (bnc#959649).\n - usb: pl2303: only wake up MSR queue on changes (bnc#959649).\n - usb: pl2303: remove bogus delta_msr_wait wake up (bnc#959649).\n - usb: serial: export usb_serial_generic_chars_in_buffer (bnc#956375).\n - Update\n patches.fixes/mm-exclude-reserved-pages-from-dirtyable-memory-fix.patch\n (bnc#940017, bnc#949298, bnc#947128).\n - xen: Update Xen config files (enable upstream block frontend).\n - ec2: Update kabi files and start tracking ec2\n - xen: consolidate and simplify struct xenbus_driver instantiation\n (bsc#961658 fate#320200).\n - blktap: also call blkif_disconnect() when frontend switched to closed\n (bsc#952976).\n - blktap: refine mm tracking (bsc#952976).\n - block: Always check queue limits for cloned requests (bsc#933782).\n - block: xen-blkfront: Fix possible NULL ptr dereference (bsc#961658\n fate#320200).\n - bnx2x: Add new device ids under the Qlogic vendor (bsc#964818).\n - bnx2x: Alloc 4k fragment for each rx ring buffer element (bsc#953369).\n - bnx2x: fix DMA API usage (bsc#953369).\n - driver core: Add BUS_NOTIFY_REMOVED_DEVICE event (bnc#962965).\n - driver: xen-blkfront: move talk_to_blkback to a more suitable place\n (bsc#961658 fate#320200).\n - drivers: xen-blkfront: only talk_to_blkback() when in\n XenbusStateInitialising (bsc#961658 fate#320200).\n - drm/i915: Change semantics of hw_contexts_disabled (bsc#963276).\n - drm/i915: Evict CS TLBs between batches (bsc#758040).\n - drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040).\n - e1000e: Do not read ICR in Other interrupt (bsc#924919).\n - e1000e: Do not write lsc to ics in msi-x mode (bsc#924919).\n - e1000e: Fix msi-x interrupt automask (bsc#924919).\n - e1000e: Remove unreachable code (bsc#924919).\n - ext3: NULL dereference in ext3_evict_inode() (bsc#942082).\n - ext3: fix data=journal fast mount/umount hang (bsc#942082).\n - firmware: Create directories for external firmware (bsc#959312).\n - firmware: Simplify directory creation (bsc#959312).\n - ftdi_sio: private backport of TIOCMIWAIT (bnc#956375).\n - iommu/vt-d: Do not change dma domain on dma-mask change (bsc#955925).\n - jbd: Fix unreclaimed pages after truncate in data=journal mode\n (bsc#961516).\n - kabi/severities: Add exception for bnx2x_schedule_sp_rtnl() There is no\n external, 3rd party modules use the symbol and the\n bnx2x_schedule_sp_rtnl symbol is only used in the bnx2x driver.\n (bsc#953369)\n - kbuild: create directory for dir/file.o (bsc#959312).\n - llist/xen-blkfront: implement safe version of llist_for_each_entry\n (bsc#961658 fate#320200).\n - lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392).\n - mm-memcg-print-statistics-from-live-counters-fix (bnc#969307).\n - nvme: Clear BIO_SEG_VALID flag in nvme_bio_split() (bsc#954992).\n - pci: Update VPD size with correct length (bsc#958906).\n - pl2303: fix TIOCMIWAIT (bnc#959649).\n - pl2303: introduce private disconnect method (bnc#959649).\n - qeth: initialize net_device with carrier off (bnc#958000, LTC#136514).\n - s390/cio: collect format 1 channel-path description data (bnc#958000,\n LTC#136434).\n - s390/cio: ensure consistent measurement state (bnc#958000, LTC#136434).\n - s390/cio: fix measurement characteristics memleak (bnc#958000,\n LTC#136434).\n - s390/cio: update measurement characteristics (bnc#958000, LTC#136434).\n - s390/dasd: fix failfast for disconnected devices (bnc#958000,\n LTC#135138).\n - s390/sclp: Determine HSA size dynamically for zfcpdump (bnc#958000,\n LTC#136143).\n - s390/sclp: Move declarations for sclp_sdias into separate header file\n (bnc#958000, LTC#136143).\n - scsi_dh_rdac: always retry MODE SELECT on command lock violation\n (bsc#956949).\n - supported.conf: Add xen-blkfront.\n - tg3: 5715 does not link up when autoneg off (bsc#904035).\n - usb: serial: ftdi_sio: Add missing chars_in_buffer function (bnc#956375).\n - vmxnet3: fix building without CONFIG_PCI_MSI (bsc#958912).\n - vmxnet3: fix netpoll race condition (bsc#958912).\n - xen, blkfront: factor out flush-related checks from do_blkif_request()\n (bsc#961658 fate#320200).\n - xen-blkfront: Handle discard requests (bsc#961658 fate#320200).\n - xen-blkfront: If no barrier or flush is supported, use invalid operation\n (bsc#961658 fate#320200).\n - xen-blkfront: Introduce a 'max' module parameter to alter the amount of\n indirect segments (bsc#961658 fate#320200).\n - xen-blkfront: Silence pfn maybe-uninitialized warning (bsc#961658\n fate#320200).\n - xen-blkfront: allow building in our Xen environment (bsc#961658\n fate#320200).\n - xen-blkfront: check for null drvdata in blkback_changed\n (XenbusStateClosing) (bsc#961658 fate#320200).\n - xen-blkfront: do not add indirect pages to list when !feature_persistent\n (bsc#961658 fate#320200).\n - xen-blkfront: drop the use of llist_for_each_entry_safe (bsc#961658\n fate#320200).\n - xen-blkfront: fix a deadlock while handling discard response (bsc#961658\n fate#320200).\n - xen-blkfront: fix accounting of reqs when migrating (bsc#961658\n fate#320200).\n - xen-blkfront: free allocated page (bsc#961658 fate#320200).\n - xen-blkfront: handle backend CLOSED without CLOSING (bsc#961658\n fate#320200).\n - xen-blkfront: handle bvecs with partial data (bsc#961658 fate#320200).\n - xen-blkfront: improve aproximation of required grants per request\n (bsc#961658 fate#320200).\n - xen-blkfront: make blkif_io_lock spinlock per-device (bsc#961658\n fate#320200).\n - xen-blkfront: plug device number leak in xlblk_init() error path\n (bsc#961658 fate#320200).\n - xen-blkfront: pre-allocate pages for requests (bsc#961658 fate#320200).\n - xen-blkfront: remove frame list from blk_shadow (bsc#961658 fate#320200).\n - xen-blkfront: remove type check from blkfront_setup_discard (bsc#961658\n fate#320200).\n - xen-blkfront: restore the non-persistent data path (bsc#961658\n fate#320200).\n - xen-blkfront: revoke foreign access for grants not mapped by the backend\n (bsc#961658 fate#320200).\n - xen-blkfront: set blk_queue_max_hw_sectors correctly (bsc#961658\n fate#320200).\n - xen-blkfront: switch from llist to list (bsc#961658 fate#320200).\n - xen-blkfront: use a different scatterlist for each request (bsc#961658\n fate#320200).\n - xen-block: implement indirect descriptors (bsc#961658 fate#320200).\n - xen/blk[front|back]: Enhance discard support with secure erasing support\n (bsc#961658 fate#320200).\n - xen/blk[front|back]: Squash blkif_request_rw and blkif_request_discard\n together (bsc#961658 fate#320200).\n - xen/blkback: Persistent grant maps for xen blk drivers (bsc#961658\n fate#320200).\n - xen/blkback: persistent-grants fixes (bsc#961658 fate#320200).\n - xen/blkfront: Fix crash if backend does not follow the right states\n (bsc#961658 fate#320200).\n - xen/blkfront: do not put bdev right after getting it (bsc#961658\n fate#320200).\n - xen/blkfront: improve protection against issuing unsupported REQ_FUA\n (bsc#961658 fate#320200).\n - xen/blkfront: remove redundant flush_op (bsc#961658 fate#320200).\n - xen/panic/x86: Allow cpus to save registers even if they (bnc#940946).\n - xen/panic/x86: Fix re-entrance problem due to panic on (bnc#937444).\n - xen/pvhvm: If xen_platform_pci=0 is set do not blow up (v4) (bsc#961658\n fate#320200).\n - xen/x86/mm: Add barriers and document switch_mm()-vs-flush\n synchronization (bnc#963767).\n - xen: x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330).\n - xen: x86: mm: only do a local tlb flush in ptep_set_access_flags()\n (bsc#948330).\n - xfs: Skip dirty pages in ->releasepage (bnc#912738, bnc#915183).\n - zfcp: fix fc_host port_type with NPIV (bnc#958000, LTC#132479).\n\n", "published": "2016-03-30T15:08:18", "modified": "2016-03-30T15:08:18", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html", "reporter": "Suse", "references": ["https://bugzilla.suse.com/963561", "https://bugzilla.suse.com/933782", "https://bugzilla.suse.com/961500", "https://bugzilla.suse.com/955308", "https://bugzilla.suse.com/964818", "https://bugzilla.suse.com/967974", "https://bugzilla.suse.com/958951", "https://bugzilla.suse.com/962965", "https://bugzilla.suse.com/963276", "https://bugzilla.suse.com/937444", "https://bugzilla.suse.com/958906", "https://bugzilla.suse.com/967042", "https://bugzilla.suse.com/904035", "https://bugzilla.suse.com/955925", "https://bugzilla.suse.com/963765", "https://bugzilla.suse.com/958912", "https://bugzilla.suse.com/961658", "https://bugzilla.suse.com/940946", "https://bugzilla.suse.com/947128", "https://bugzilla.suse.com/942082", "https://bugzilla.suse.com/959190", "https://bugzilla.suse.com/966693", "https://bugzilla.suse.com/948330", "https://bugzilla.suse.com/924919", "https://bugzilla.suse.com/954992", "https://bugzilla.suse.com/951815", "https://bugzilla.suse.com/959705", "https://bugzilla.suse.com/966437", "https://bugzilla.suse.com/956708", "https://bugzilla.suse.com/961516", "https://bugzilla.suse.com/952976", "https://bugzilla.suse.com/967972", "https://bugzilla.suse.com/969307", "https://bugzilla.suse.com/953369", "https://bugzilla.suse.com/957988", "https://bugzilla.suse.com/966137", "https://bugzilla.suse.com/951392", "https://bugzilla.suse.com/959649", "https://bugzilla.suse.com/959399", "https://bugzilla.suse.com/966094", "https://bugzilla.suse.com/940017", "https://bugzilla.suse.com/967975", "https://bugzilla.suse.com/758040", "https://bugzilla.suse.com/957990", "https://bugzilla.suse.com/955837", "https://bugzilla.suse.com/964201", "https://bugzilla.suse.com/957986", "https://bugzilla.suse.com/956375", "https://bugzilla.suse.com/958463", "https://bugzilla.suse.com/912738", "https://bugzilla.suse.com/955654", "https://bugzilla.suse.com/956084", "https://bugzilla.suse.com/958000", "https://bugzilla.suse.com/956514", "https://bugzilla.suse.com/961509", "https://bugzilla.suse.com/956949", "https://bugzilla.suse.com/958886", "https://bugzilla.suse.com/949298", "https://bugzilla.suse.com/963767", "https://bugzilla.suse.com/968011", "https://bugzilla.suse.com/959312", "https://bugzilla.suse.com/915183", "https://bugzilla.suse.com/967973", "https://bugzilla.suse.com/968012", "https://bugzilla.suse.com/968013"], "cvelist": ["CVE-2016-2384", "CVE-2015-8551", "CVE-2016-2543", "CVE-2016-2069", "CVE-2015-7550", "CVE-2016-2548", "CVE-2016-0723", "CVE-2016-2547", "CVE-2015-8812", "CVE-2016-2544", "CVE-2015-8550", "CVE-2015-8543", "CVE-2015-7515", "CVE-2015-8539", "CVE-2016-2545", "CVE-2015-8767", "CVE-2016-2546", "CVE-2016-2549", "CVE-2015-8575", "CVE-2015-8552", "CVE-2013-7446", "CVE-2015-8569", "CVE-2015-8785"], "immutableFields": [], "lastseen": "2016-09-04T11:56:25", "viewCount": 24, "enchantments": {"score": {"value": 1.1, "vector": "NONE"}, "dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2016-648"]}, {"type": "android", "idList": ["ANDROID:CVE-2013-7446"]}, {"type": "androidsecurity", "idList": ["ANDROID:2016-07-01", "ANDROID:2016-08-01", "ANDROID:2016-09-01"]}, {"type": "centos", "idList": ["CESA-2016:0715", "CESA-2016:0855", "CESA-2016:1277", "CESA-2016:2574", "CESA-2017:0817", "CESA-2018:0151"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:15914764000DDC203CA1C6352FDFCDC2", "CFOUNDRY:3F54C95B87B9551DBB314C8164D88E3A", "CFOUNDRY:539F990C3DAAC021E491E8629DA539FE", "CFOUNDRY:C46794B7C75A19DD0154048481CA0E90", "CFOUNDRY:C4D044657909D168617F0C63F623467E"]}, {"type": "cve", "idList": ["CVE-2013-7446", "CVE-2015-7515", "CVE-2015-7550", "CVE-2015-8539", "CVE-2015-8543", "CVE-2015-8550", "CVE-2015-8551", "CVE-2015-8552", "CVE-2015-8569", "CVE-2015-8575", "CVE-2015-8767", "CVE-2015-8785", "CVE-2015-8812", "CVE-2016-0723", "CVE-2016-2069", "CVE-2016-2384", "CVE-2016-2438", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549"]}, {"type": "debian", "idList": ["DEBIAN:DLA-360-1:6C323", "DEBIAN:DLA-378-1:26763", "DEBIAN:DLA-412-1:99076", "DEBIAN:DLA-439-1:BED7A", "DEBIAN:DLA-479-1:373A9", "DEBIAN:DSA-3426-1:7C23A", "DEBIAN:DSA-3426-1:AC984", "DEBIAN:DSA-3426-2:305C5", "DEBIAN:DSA-3426-2:B6338", "DEBIAN:DSA-3434-1:98A31", "DEBIAN:DSA-3434-1:C4F9A", "DEBIAN:DSA-3448-1:04492", "DEBIAN:DSA-3448-1:C7742", "DEBIAN:DSA-3471-1:91F2D", "DEBIAN:DSA-3471-1:DE1BB", "DEBIAN:DSA-3503-1:23448", "DEBIAN:DSA-3503-1:9DDFA", "DEBIAN:DSA-3519-1:C85E2", "DEBIAN:DSA-3607-1:0BD6E", "DEBIAN:DSA-3607-1:29E1C"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-7446", "DEBIANCVE:CVE-2015-7515", "DEBIANCVE:CVE-2015-7550", "DEBIANCVE:CVE-2015-8539", "DEBIANCVE:CVE-2015-8543", "DEBIANCVE:CVE-2015-8550", "DEBIANCVE:CVE-2015-8551", "DEBIANCVE:CVE-2015-8552", "DEBIANCVE:CVE-2015-8569", "DEBIANCVE:CVE-2015-8575", "DEBIANCVE:CVE-2015-8767", "DEBIANCVE:CVE-2015-8785", "DEBIANCVE:CVE-2015-8812", "DEBIANCVE:CVE-2016-0723", "DEBIANCVE:CVE-2016-2069", "DEBIANCVE:CVE-2016-2384", "DEBIANCVE:CVE-2016-2543", "DEBIANCVE:CVE-2016-2544", "DEBIANCVE:CVE-2016-2545", "DEBIANCVE:CVE-2016-2546", "DEBIANCVE:CVE-2016-2547", "DEBIANCVE:CVE-2016-2548", "DEBIANCVE:CVE-2016-2549"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:015934939F5336F3396A9248CEA51EB4", "EXPLOITPACK:1EC12227A84F918BB0C8C659BE0F2284"]}, {"type": "f5", "idList": ["F5:K07560020", "F5:K11853211", "F5:K20022580", "F5:K24642829", "F5:K43650115", "F5:K44500413", "F5:K80758444", "SOL07560020", "SOL11853211", "SOL20022580", "SOL24642829", "SOL80758444"]}, {"type": "fedora", "idList": ["FEDORA:02EB96052912", "FEDORA:0D267606CFB3", "FEDORA:14809606180F", "FEDORA:453986087A76", "FEDORA:4C0D46087804", "FEDORA:67FB6618BD69", "FEDORA:9AEA46074A7D", "FEDORA:B694160877EC", "FEDORA:B9F6A606511F", "FEDORA:BAFAB6087824", "FEDORA:C7C84604E909", "FEDORA:E8A1B605F1FB"]}, {"type": "fortinet", "idList": ["FG-IR-16-013"]}, {"type": "gentoo", "idList": ["GLSA-201604-03"]}, {"type": "ibm", "idList": ["0D95BD029EF7D61B7C200E5DCF5114404F54883607A0E5A132C410EA37160E69", "2ABC4CD376C07922A3144CF8116D979F4BDDE16EED9AADA11262FBF58C851DBF", "658C6A388449448220E16F3A05A122A56F35F4A9A9370C4B63DC0779B971B6CE", "72A14F3E1A05E87987247C3A94DA37A971910E734C842EA2FD4E32CE8B24FCF5", "A0B51C5217767E75AB974BA93584FB1F969514BA8D7EE9EDD025C20F274C1D2F", "B7EDA2450D13E204B60C3A3E7379E6FCCD587CB32FEB5041ADDA6CB8E3C44FC3", "CD9B5BF488F3327F1A5D08B8A25E9EF90D7304376F44A16FB3F05E06566E80FF", "F092FBBD34304315E258962CA397F72D24D88CD673A181734FDCE39754098484"]}, {"type": "kitploit", "idList": ["KITPLOIT:4462385753504235463"]}, {"type": "lenovo", "idList": ["LENOVO:PS500321-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2016-0005", "MGASA-2016-0014", "MGASA-2016-0015", "MGASA-2016-0098", "MGASA-2016-0225", "MGASA-2016-0232", "MGASA-2016-0233", "MGASA-2016-0281"]}, {"type": "nessus", "idList": ["ALA_ALAS-2016-648.NASL", "CENTOS_RHSA-2016-0715.NASL", "CENTOS_RHSA-2016-0855.NASL", "CENTOS_RHSA-2016-1277.NASL", "CENTOS_RHSA-2016-2574.NASL", "CENTOS_RHSA-2017-0817.NASL", "CENTOS_RHSA-2018-0151.NASL", "DEBIAN_DLA-360.NASL", "DEBIAN_DLA-378.NASL", "DEBIAN_DLA-412.NASL", "DEBIAN_DLA-439.NASL", "DEBIAN_DLA-479.NASL", "DEBIAN_DSA-3426-1.NASL", "DEBIAN_DSA-3426.NASL", "DEBIAN_DSA-3434.NASL", "DEBIAN_DSA-3448.NASL", "DEBIAN_DSA-3471.NASL", "DEBIAN_DSA-3503.NASL", "DEBIAN_DSA-3519.NASL", "DEBIAN_DSA-3607.NASL", "EULEROS_SA-2016-1020.NASL", "EULEROS_SA-2016-1024.NASL", "EULEROS_SA-2019-1471.NASL", "EULEROS_SA-2019-1477.NASL", "EULEROS_SA-2019-1478.NASL", "EULEROS_SA-2019-1482.NASL", "EULEROS_SA-2019-1488.NASL", "EULEROS_SA-2019-1489.NASL", "EULEROS_SA-2019-1491.NASL", "EULEROS_SA-2019-1492.NASL", "EULEROS_SA-2019-1508.NASL", "EULEROS_SA-2019-1513.NASL", "EULEROS_SA-2019-1516.NASL", "EULEROS_SA-2019-1517.NASL", "EULEROS_SA-2019-1518.NASL", "EULEROS_SA-2019-1519.NASL", "EULEROS_SA-2019-1520.NASL", "EULEROS_SA-2019-1521.NASL", "EULEROS_SA-2019-1524.NASL", "EULEROS_SA-2019-1525.NASL", "EULEROS_SA-2019-1527.NASL", "EULEROS_SA-2019-1536.NASL", "EULEROS_SA-2019-1537.NASL", "EULEROS_SA-2019-2353.NASL", "EULEROS_SA-2019-2599.NASL", "F5_BIGIP_SOL20022580.NASL", "FEDORA_2015-AC9A19888E.NASL", "FEDORA_2015-C1C2F5E168.NASL", "FEDORA_2015-C44BD3E0FA.NASL", "FEDORA_2015-C4ED00A68F.NASL", "FEDORA_2015-C59710B05D.NASL", "FEDORA_2015-D8253E2B1D.NASL", "FEDORA_2016-2F25D12C51.NASL", "FEDORA_2016-5D43766E33.NASL", "FEDORA_2016-6CE812A1E0.NASL", "FEDORA_2016-7E12AE5359.NASL", "FEDORA_2016-9FBE2C258B.NASL", "FEDORA_2016-E7162262B0.NASL", "GENTOO_GLSA-201604-03.NASL", "NEWSTART_CGSL_NS-SA-2019-0004_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0014_KERNEL.NASL", "OPENSUSE-2016-1015.NASL", "OPENSUSE-2016-1029.NASL", "OPENSUSE-2016-116.NASL", "OPENSUSE-2016-124.NASL", "OPENSUSE-2016-136.NASL", "OPENSUSE-2016-1410.NASL", "OPENSUSE-2016-256.NASL", "OPENSUSE-2016-34.NASL", "OPENSUSE-2016-35.NASL", "OPENSUSE-2016-36.NASL", "OPENSUSE-2016-445.NASL", "OPENSUSE-2016-518.NASL", "OPENSUSE-2016-753.NASL", "OPENSUSE-2016-862.NASL", "ORACLELINUX_ELSA-2016-0715.NASL", "ORACLELINUX_ELSA-2016-0855.NASL", "ORACLELINUX_ELSA-2016-1277.NASL", "ORACLELINUX_ELSA-2016-2574.NASL", "ORACLELINUX_ELSA-2016-3551.NASL", "ORACLELINUX_ELSA-2016-3552.NASL", "ORACLELINUX_ELSA-2016-3553.NASL", "ORACLELINUX_ELSA-2016-3554.NASL", "ORACLELINUX_ELSA-2016-3559.NASL", "ORACLELINUX_ELSA-2016-3565.NASL", "ORACLELINUX_ELSA-2016-3566.NASL", "ORACLELINUX_ELSA-2016-3567.NASL", "ORACLELINUX_ELSA-2016-3596.NASL", "ORACLELINUX_ELSA-2017-0817.NASL", "ORACLELINUX_ELSA-2017-3515.NASL", "ORACLELINUX_ELSA-2017-3516.NASL", "ORACLELINUX_ELSA-2017-3534.NASL", "ORACLELINUX_ELSA-2017-3567.NASL", "ORACLELINUX_ELSA-2018-0151.NASL", "ORACLELINUX_ELSA-2018-4134.NASL", "ORACLELINUX_ELSA-2018-4145.NASL", "ORACLELINUX_ELSA-2018-4164.NASL", "ORACLELINUX_ELSA-2018-4172.NASL", "ORACLEVM_OVMSA-2016-0046.NASL", "ORACLEVM_OVMSA-2016-0047.NASL", "ORACLEVM_OVMSA-2016-0052.NASL", "ORACLEVM_OVMSA-2016-0053.NASL", "ORACLEVM_OVMSA-2016-0060.NASL", "ORACLEVM_OVMSA-2016-0081.NASL", "ORACLEVM_OVMSA-2016-0089.NASL", "ORACLEVM_OVMSA-2016-0100.NASL", "ORACLEVM_OVMSA-2017-0040.NASL", "ORACLEVM_OVMSA-2017-0041.NASL", "ORACLEVM_OVMSA-2017-0057.NASL", "ORACLEVM_OVMSA-2017-0106.NASL", "ORACLEVM_OVMSA-2018-0231.NASL", "ORACLEVM_OVMSA-2018-0237.NASL", "ORACLEVM_OVMSA-2018-0248.NASL", "ORACLEVM_OVMSA-2020-0039.NASL", "REDHAT-RHSA-2016-0715.NASL", "REDHAT-RHSA-2016-0855.NASL", "REDHAT-RHSA-2016-1277.NASL", "REDHAT-RHSA-2016-1301.NASL", "REDHAT-RHSA-2016-1341.NASL", "REDHAT-RHSA-2016-2574.NASL", "REDHAT-RHSA-2016-2584.NASL", "REDHAT-RHSA-2017-0817.NASL", "REDHAT-RHSA-2018-0151.NASL", "REDHAT-RHSA-2018-0152.NASL", "REDHAT-RHSA-2018-0181.NASL", "SL_20160504_KERNEL_ON_SL6_X.NASL", "SL_20160510_KERNEL_ON_SL6_X.NASL", "SL_20160623_KERNEL_ON_SL7_X.NASL", "SL_20161103_KERNEL_ON_SL7_X.NASL", "SL_20170321_KERNEL_ON_SL6_X.NASL", "SL_20180125_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2016-0168-1.NASL", "SUSE_SU-2016-0585-1.NASL", "SUSE_SU-2016-0658-1.NASL", "SUSE_SU-2016-0785-1.NASL", "SUSE_SU-2016-0873-1.NASL", "SUSE_SU-2016-0911-1.NASL", "SUSE_SU-2016-0955-1.NASL", "SUSE_SU-2016-1019-1.NASL", "SUSE_SU-2016-1154-1.NASL", "SUSE_SU-2016-1203-1.NASL", "SUSE_SU-2016-1318-1.NASL", "SUSE_SU-2016-1745-1.NASL", "SUSE_SU-2016-1995-1.NASL", "SUSE_SU-2016-2001-1.NASL", "SUSE_SU-2016-2002-1.NASL", "SUSE_SU-2016-2005-1.NASL", "SUSE_SU-2016-2006-1.NASL", "SUSE_SU-2016-2010-1.NASL", "SUSE_SU-2016-2014-1.NASL", "SUSE_SU-2016-2074-1.NASL", "SUSE_SU-2016-2105-1.NASL", "UBUNTU_USN-2846-1.NASL", "UBUNTU_USN-2847-1.NASL", "UBUNTU_USN-2848-1.NASL", "UBUNTU_USN-2849-1.NASL", "UBUNTU_USN-2850-1.NASL", "UBUNTU_USN-2851-1.NASL", "UBUNTU_USN-2853-1.NASL", "UBUNTU_USN-2854-1.NASL", "UBUNTU_USN-2886-1.NASL", "UBUNTU_USN-2887-1.NASL", "UBUNTU_USN-2887-2.NASL", "UBUNTU_USN-2888-1.NASL", "UBUNTU_USN-2889-1.NASL", "UBUNTU_USN-2889-2.NASL", "UBUNTU_USN-2890-1.NASL", "UBUNTU_USN-2890-2.NASL", "UBUNTU_USN-2890-3.NASL", "UBUNTU_USN-2891-1.NASL", "UBUNTU_USN-2907-1.NASL", "UBUNTU_USN-2907-2.NASL", "UBUNTU_USN-2908-1.NASL", "UBUNTU_USN-2908-2.NASL", "UBUNTU_USN-2908-3.NASL", "UBUNTU_USN-2908-4.NASL", "UBUNTU_USN-2908-5.NASL", "UBUNTU_USN-2909-1.NASL", "UBUNTU_USN-2909-2.NASL", "UBUNTU_USN-2910-1.NASL", "UBUNTU_USN-2910-2.NASL", "UBUNTU_USN-2911-1.NASL", "UBUNTU_USN-2928-1.NASL", "UBUNTU_USN-2929-1.NASL", "UBUNTU_USN-2929-2.NASL", "UBUNTU_USN-2930-1.NASL", "UBUNTU_USN-2930-2.NASL", "UBUNTU_USN-2930-3.NASL", "UBUNTU_USN-2931-1.NASL", "UBUNTU_USN-2932-1.NASL", "UBUNTU_USN-2946-1.NASL", "UBUNTU_USN-2946-2.NASL", "UBUNTU_USN-2947-1.NASL", "UBUNTU_USN-2947-2.NASL", "UBUNTU_USN-2947-3.NASL", "UBUNTU_USN-2948-1.NASL", "UBUNTU_USN-2948-2.NASL", "UBUNTU_USN-2949-1.NASL", "UBUNTU_USN-2967-1.NASL", "UBUNTU_USN-2968-1.NASL", "UBUNTU_USN-2968-2.NASL", "UBUNTU_USN-2969-1.NASL", "UBUNTU_USN-2970-1.NASL", "UBUNTU_USN-2971-1.NASL", "UBUNTU_USN-2971-2.NASL", "UBUNTU_USN-2971-3.NASL", "UBUNTU_USN-2989-1.NASL", "UBUNTU_USN-2998-1.NASL", "UBUNTU_USN-3083-1.NASL", "UBUNTU_USN-3083-2.NASL", "UBUNTU_USN-3798-1.NASL", "VIRTUOZZO_VZA-2017-001.NASL", "VIRTUOZZO_VZA-2017-025.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120638", "OPENVAS:1361412562310121460", "OPENVAS:1361412562310122925", "OPENVAS:1361412562310122926", "OPENVAS:1361412562310122927", "OPENVAS:1361412562310122928", "OPENVAS:1361412562310122929", "OPENVAS:1361412562310131174", "OPENVAS:1361412562310131175", "OPENVAS:1361412562310131182", "OPENVAS:1361412562310131256", "OPENVAS:1361412562310703426", "OPENVAS:1361412562310703434", "OPENVAS:1361412562310703448", "OPENVAS:1361412562310703471", "OPENVAS:1361412562310703503", "OPENVAS:1361412562310703519", "OPENVAS:1361412562310703607", "OPENVAS:1361412562310807102", "OPENVAS:1361412562310807219", "OPENVAS:1361412562310807225", "OPENVAS:1361412562310807312", "OPENVAS:1361412562310807437", "OPENVAS:1361412562310807465", "OPENVAS:1361412562310842621", "OPENVAS:1361412562310842622", "OPENVAS:1361412562310842623", "OPENVAS:1361412562310842624", "OPENVAS:1361412562310842625", "OPENVAS:1361412562310842627", "OPENVAS:1361412562310842628", "OPENVAS:1361412562310842629", "OPENVAS:1361412562310842631", "OPENVAS:1361412562310842632", "OPENVAS:1361412562310842633", "OPENVAS:1361412562310842649", "OPENVAS:1361412562310842650", "OPENVAS:1361412562310842651", "OPENVAS:1361412562310842653", "OPENVAS:1361412562310842654", "OPENVAS:1361412562310842655", "OPENVAS:1361412562310842656", "OPENVAS:1361412562310842657", "OPENVAS:1361412562310842658", "OPENVAS:1361412562310842666", "OPENVAS:1361412562310842667", "OPENVAS:1361412562310842668", "OPENVAS:1361412562310842669", "OPENVAS:1361412562310842686", "OPENVAS:1361412562310842687", "OPENVAS:1361412562310842688", "OPENVAS:1361412562310842689", "OPENVAS:1361412562310842690", "OPENVAS:1361412562310842691", "OPENVAS:1361412562310842692", "OPENVAS:1361412562310842693", "OPENVAS:1361412562310842698", "OPENVAS:1361412562310842707", "OPENVAS:1361412562310842708", "OPENVAS:1361412562310842709", "OPENVAS:1361412562310842710", "OPENVAS:1361412562310842711", "OPENVAS:1361412562310842712", "OPENVAS:1361412562310842713", "OPENVAS:1361412562310842735", "OPENVAS:1361412562310842736", "OPENVAS:1361412562310842737", "OPENVAS:1361412562310842738", "OPENVAS:1361412562310842739", "OPENVAS:1361412562310842741", "OPENVAS:1361412562310842742", "OPENVAS:1361412562310842743", "OPENVAS:1361412562310842744", "OPENVAS:1361412562310842779", "OPENVAS:1361412562310842797", "OPENVAS:1361412562310842887", "OPENVAS:1361412562310842889", "OPENVAS:1361412562310843665", "OPENVAS:1361412562310851154", "OPENVAS:1361412562310851157", "OPENVAS:1361412562310851159", "OPENVAS:1361412562310851176", "OPENVAS:1361412562310851179", "OPENVAS:1361412562310851188", "OPENVAS:1361412562310851197", "OPENVAS:1361412562310851215", "OPENVAS:1361412562310851242", "OPENVAS:1361412562310851273", "OPENVAS:1361412562310851315", "OPENVAS:1361412562310851349", "OPENVAS:1361412562310851386", "OPENVAS:1361412562310851388", "OPENVAS:1361412562310851444", "OPENVAS:1361412562310871606", "OPENVAS:1361412562310871611", "OPENVAS:1361412562310871633", "OPENVAS:1361412562310871708", "OPENVAS:1361412562310871783", "OPENVAS:1361412562310882482", "OPENVAS:1361412562310882511", "OPENVAS:1361412562310882836", "OPENVAS:1361412562311220161020", "OPENVAS:1361412562311220161024", "OPENVAS:1361412562311220191471", "OPENVAS:1361412562311220191477", "OPENVAS:1361412562311220191478", "OPENVAS:1361412562311220191482", "OPENVAS:1361412562311220191488", "OPENVAS:1361412562311220191489", "OPENVAS:1361412562311220191491", "OPENVAS:1361412562311220191492", "OPENVAS:1361412562311220191508", "OPENVAS:1361412562311220191513", "OPENVAS:1361412562311220191516", "OPENVAS:1361412562311220191517", "OPENVAS:1361412562311220191518", "OPENVAS:1361412562311220191519", "OPENVAS:1361412562311220191520", "OPENVAS:1361412562311220191521", "OPENVAS:1361412562311220191524", "OPENVAS:1361412562311220191525", "OPENVAS:1361412562311220191527", "OPENVAS:1361412562311220191536", "OPENVAS:1361412562311220191537", "OPENVAS:1361412562311220192353", "OPENVAS:1361412562311220192599", "OPENVAS:703426", "OPENVAS:703434", "OPENVAS:703448", "OPENVAS:703471", "OPENVAS:703503", "OPENVAS:703519", "OPENVAS:703607", "OPENVAS:807312"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-0715", "ELSA-2016-0855", "ELSA-2016-1277", "ELSA-2016-2574", "ELSA-2016-3551", "ELSA-2016-3552", "ELSA-2016-3553", "ELSA-2016-3554", "ELSA-2016-3559", "ELSA-2016-3565", "ELSA-2016-3566", "ELSA-2016-3567", "ELSA-2016-3596", "ELSA-2017-0817", "ELSA-2017-3515", "ELSA-2017-3516", "ELSA-2017-3534", "ELSA-2017-3567", "ELSA-2018-0151", "ELSA-2018-4134", "ELSA-2018-4145", "ELSA-2018-4164", "ELSA-2018-4172"]}, {"type": "osv", "idList": ["OSV:DLA-360-1", "OSV:DLA-378-1", "OSV:DLA-412-1", "OSV:DLA-439-1", "OSV:DLA-479-1", "OSV:DSA-3426-1", "OSV:DSA-3426-2", "OSV:DSA-3434-1", "OSV:DSA-3448-1", "OSV:DSA-3471-1", "OSV:DSA-3503-1", "OSV:DSA-3519-1", "OSV:DSA-3607-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:136137", "PACKETSTORM:142488"]}, {"type": "redhat", "idList": ["RHSA-2016:0715", "RHSA-2016:0855", "RHSA-2016:1277", "RHSA-2016:1301", "RHSA-2016:1341", "RHSA-2016:2574", "RHSA-2016:2584", "RHSA-2017:0817", "RHSA-2018:0151", "RHSA-2018:0152", "RHSA-2018:0181"]}, {"type": "seebug", "idList": ["SSV:92755"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:0123-1", "OPENSUSE-SU-2016:0124-1", "OPENSUSE-SU-2016:0126-1", "OPENSUSE-SU-2016:0280-1", "OPENSUSE-SU-2016:0301-1", "OPENSUSE-SU-2016:0318-1", "OPENSUSE-SU-2016:0537-1", "OPENSUSE-SU-2016:1008-1", "OPENSUSE-SU-2016:1641-1", "OPENSUSE-SU-2016:2144-1", "OPENSUSE-SU-2016:2184-1", "OPENSUSE-SU-2016:2649-1", "OPENSUSE-SU-2016:3021-1", "SUSE-SU-2016:0168-1", "SUSE-SU-2016:0335-1", "SUSE-SU-2016:0336-1", "SUSE-SU-2016:0337-1", "SUSE-SU-2016:0339-1", "SUSE-SU-2016:0380-1", "SUSE-SU-2016:0381-1", "SUSE-SU-2016:0383-1", "SUSE-SU-2016:0384-1", "SUSE-SU-2016:0386-1", "SUSE-SU-2016:0387-1", "SUSE-SU-2016:0434-1", "SUSE-SU-2016:0585-1", "SUSE-SU-2016:0658-1", "SUSE-SU-2016:0745-1", "SUSE-SU-2016:0746-1", "SUSE-SU-2016:0747-1", "SUSE-SU-2016:0749-1", "SUSE-SU-2016:0750-1", "SUSE-SU-2016:0751-1", "SUSE-SU-2016:0752-1", "SUSE-SU-2016:0753-1", "SUSE-SU-2016:0754-1", "SUSE-SU-2016:0755-1", "SUSE-SU-2016:0756-1", "SUSE-SU-2016:0757-1", "SUSE-SU-2016:0785-1", "SUSE-SU-2016:0873-1", "SUSE-SU-2016:0955-1", "SUSE-SU-2016:1019-1", "SUSE-SU-2016:1031-1", "SUSE-SU-2016:1032-1", "SUSE-SU-2016:1033-1", "SUSE-SU-2016:1034-1", "SUSE-SU-2016:1035-1", "SUSE-SU-2016:1037-1", "SUSE-SU-2016:1038-1", "SUSE-SU-2016:1039-1", "SUSE-SU-2016:1040-1", "SUSE-SU-2016:1041-1", "SUSE-SU-2016:1045-1", "SUSE-SU-2016:1046-1", "SUSE-SU-2016:1102-1", "SUSE-SU-2016:1154-1", "SUSE-SU-2016:1203-1", "SUSE-SU-2016:1318-1", "SUSE-SU-2016:1707-1", "SUSE-SU-2016:1745-1", "SUSE-SU-2016:1764-1", "SUSE-SU-2016:1937-1", "SUSE-SU-2016:1961-1", "SUSE-SU-2016:1994-1", "SUSE-SU-2016:1995-1", "SUSE-SU-2016:2000-1", "SUSE-SU-2016:2001-1", "SUSE-SU-2016:2002-1", "SUSE-SU-2016:2003-1", "SUSE-SU-2016:2005-1", "SUSE-SU-2016:2006-1", "SUSE-SU-2016:2007-1", "SUSE-SU-2016:2009-1", "SUSE-SU-2016:2010-1", "SUSE-SU-2016:2011-1", "SUSE-SU-2016:2014-1", "SUSE-SU-2016:2074-1", "SUSE-SU-2016:2105-1", "SUSE-SU-2016:3304-1"]}, {"type": "ubuntu", "idList": ["USN-2846-1", "USN-2847-1", "USN-2848-1", "USN-2849-1", "USN-2850-1", "USN-2851-1", "USN-2853-1", "USN-2854-1", "USN-2886-1", "USN-2886-2", "USN-2887-1", "USN-2887-2", "USN-2888-1", "USN-2889-1", "USN-2889-2", "USN-2890-1", "USN-2890-2", "USN-2890-3", "USN-2891-1", "USN-2907-1", "USN-2907-2", "USN-2908-1", "USN-2908-2", "USN-2908-3", "USN-2908-4", "USN-2908-5", "USN-2909-1", "USN-2909-2", "USN-2910-1", "USN-2910-2", "USN-2911-1", "USN-2911-2", "USN-2928-1", "USN-2928-2", "USN-2929-1", "USN-2929-2", "USN-2930-1", "USN-2930-2", "USN-2930-3", "USN-2931-1", "USN-2932-1", "USN-2946-1", "USN-2946-2", "USN-2947-1", "USN-2947-2", "USN-2947-3", "USN-2948-1", "USN-2948-2", "USN-2949-1", "USN-2967-1", "USN-2967-2", "USN-2968-1", "USN-2968-2", "USN-2969-1", "USN-2970-1", "USN-2971-1", "USN-2971-2", "USN-2971-3", "USN-2989-1", "USN-2998-1", "USN-3083-1", "USN-3083-2", "USN-3798-1", "USN-3798-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-7446", "UB:CVE-2015-7515", "UB:CVE-2015-7550", "UB:CVE-2015-8539", "UB:CVE-2015-8543", "UB:CVE-2015-8550", "UB:CVE-2015-8551", "UB:CVE-2015-8552", "UB:CVE-2015-8569", "UB:CVE-2015-8575", "UB:CVE-2015-8767", "UB:CVE-2015-8785", "UB:CVE-2015-8812", "UB:CVE-2016-0723", "UB:CVE-2016-2069", "UB:CVE-2016-2384", "UB:CVE-2016-2543", "UB:CVE-2016-2544", "UB:CVE-2016-2545", "UB:CVE-2016-2546", "UB:CVE-2016-2547", "UB:CVE-2016-2548", "UB:CVE-2016-2549"]}, {"type": "virtuozzo", "idList": ["VZA-2017-001", "VZA-2017-024", "VZA-2017-025"]}, {"type": "xen", "idList": ["XSA-155", "XSA-157"]}, {"type": "zdt", "idList": ["1337DAY-ID-25865", "1337DAY-ID-27765"]}]}, "backreferences": {"references": [{"type": "android", "idList": ["ANDROID:CVE-2013-7446"]}, {"type": "androidsecurity", "idList": ["ANDROID:2016-08-01"]}, {"type": "centos", "idList": ["CESA-2016:0715", "CESA-2016:1277", "CESA-2018:0151"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:539F990C3DAAC021E491E8629DA539FE"]}, {"type": "cve", "idList": ["CVE-2013-7446", "CVE-2015-7550", "CVE-2015-8539", "CVE-2015-8543", "CVE-2015-8569", "CVE-2015-8575", "CVE-2015-8767", "CVE-2015-8785", "CVE-2016-0723"]}, {"type": "debian", "idList": ["DEBIAN:DLA-439-1:BED7A", "DEBIAN:DSA-3426-1:AC984"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-7446", "DEBIANCVE:CVE-2015-7515", "DEBIANCVE:CVE-2015-7550", "DEBIANCVE:CVE-2015-8539", "DEBIANCVE:CVE-2015-8543", "DEBIANCVE:CVE-2015-8550", "DEBIANCVE:CVE-2015-8551", "DEBIANCVE:CVE-2015-8552", "DEBIANCVE:CVE-2015-8569", "DEBIANCVE:CVE-2015-8575", "DEBIANCVE:CVE-2015-8767", "DEBIANCVE:CVE-2015-8785", "DEBIANCVE:CVE-2015-8812", "DEBIANCVE:CVE-2016-0723", "DEBIANCVE:CVE-2016-2069", "DEBIANCVE:CVE-2016-2384", "DEBIANCVE:CVE-2016-2543", "DEBIANCVE:CVE-2016-2544", "DEBIANCVE:CVE-2016-2545", "DEBIANCVE:CVE-2016-2546", "DEBIANCVE:CVE-2016-2547", "DEBIANCVE:CVE-2016-2548", "DEBIANCVE:CVE-2016-2549"]}, {"type": "exploitdb", "idList": ["EDB-ID:39544"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:1EC12227A84F918BB0C8C659BE0F2284"]}, {"type": "f5", "idList": ["F5:K07560020", "SOL07560020"]}, {"type": "fedora", "idList": ["FEDORA:67FB6618BD69", "FEDORA:C7C84604E909"]}, {"type": "fortinet", "idList": ["FG-IR-16-013"]}, {"type": "gentoo", "idList": ["GLSA-201604-03"]}, {"type": "ibm", "idList": ["658C6A388449448220E16F3A05A122A56F35F4A9A9370C4B63DC0779B971B6CE"]}, {"type": "kitploit", "idList": ["KITPLOIT:4462385753504235463"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2015-8543/"]}, {"type": "nessus", "idList": ["ALA_ALAS-2016-648.NASL", "DEBIAN_DLA-412.NASL", "EULEROS_SA-2019-2353.NASL", "FEDORA_2016-2F25D12C51.NASL", "FEDORA_2016-7E12AE5359.NASL", "FEDORA_2016-9FBE2C258B.NASL", "FEDORA_2016-E7162262B0.NASL", "NEWSTART_CGSL_NS-SA-2019-0014_KERNEL.NASL", "OPENSUSE-2016-116.NASL", "OPENSUSE-2016-1410.NASL", "OPENSUSE-2016-256.NASL", "ORACLELINUX_ELSA-2016-3551.NASL", "ORACLEVM_OVMSA-2016-0053.NASL", "ORACLEVM_OVMSA-2017-0040.NASL", "ORACLEVM_OVMSA-2018-0231.NASL", "ORACLEVM_OVMSA-2018-0248.NASL", "SUSE_SU-2016-2001-1.NASL", "UBUNTU_USN-2848-1.NASL", "UBUNTU_USN-2888-1.NASL", "UBUNTU_USN-2908-1.NASL", "UBUNTU_USN-2908-2.NASL", "UBUNTU_USN-2908-3.NASL", "UBUNTU_USN-2908-4.NASL", "UBUNTU_USN-2908-5.NASL", "UBUNTU_USN-2909-1.NASL", "UBUNTU_USN-2909-2.NASL", "UBUNTU_USN-2911-1.NASL", "UBUNTU_USN-2928-1.NASL", "UBUNTU_USN-2930-1.NASL", "UBUNTU_USN-2930-2.NASL", "UBUNTU_USN-2930-3.NASL", "UBUNTU_USN-2931-1.NASL", "VIRTUOZZO_VZA-2017-001.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310131182", "OPENVAS:1361412562310703607", "OPENVAS:1361412562310842623", "OPENVAS:1361412562310842649", "OPENVAS:1361412562310842656", "OPENVAS:1361412562310842657", "OPENVAS:1361412562310842736", "OPENVAS:1361412562310851154", "OPENVAS:1361412562310851159", "OPENVAS:1361412562311220191491", "OPENVAS:703426"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-1277", "ELSA-2018-4164"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:142488"]}, {"type": "redhat", "idList": ["RHSA-2016:0855", "RHSA-2016:2584"]}, {"type": "seebug", "idList": ["SSV:92755"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:0301-1", "SUSE-SU-2016:1031-1"]}, {"type": "ubuntu", "idList": ["USN-2846-1", "USN-2847-1", "USN-2848-1", "USN-2849-1", "USN-2850-1", "USN-2851-1", "USN-2853-1", "USN-2854-1", "USN-2907-2", "USN-2908-5", "USN-2929-1", "USN-2929-2", "USN-2930-1", "USN-2930-2", "USN-2930-3", "USN-2932-1", "USN-2947-1", "USN-2947-2", "USN-2947-3", "USN-2948-1", "USN-2948-2", "USN-2967-1", "USN-2967-2", "USN-2968-1", "USN-2968-2", "USN-2970-1", "USN-2971-1", "USN-2971-2", "USN-2971-3"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-8543", "UB:CVE-2016-0723", "UB:CVE-2016-2544"]}, {"type": "virtuozzo", "idList": ["VZA-2017-025"]}, {"type": "xen", "idList": ["XSA-157"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2016-2384", "epss": "0.006100000", "percentile": "0.753840000", "modified": "2023-03-15"}, {"cve": "CVE-2015-8551", "epss": "0.000620000", "percentile": "0.245740000", "modified": "2023-03-15"}, {"cve": "CVE-2016-2543", "epss": "0.001090000", "percentile": "0.423560000", "modified": "2023-03-15"}, {"cve": "CVE-2016-2069", "epss": "0.001430000", "percentile": "0.484510000", "modified": "2023-03-15"}, {"cve": "CVE-2015-7550", "epss": "0.000440000", "percentile": "0.082290000", "modified": "2023-03-15"}, {"cve": "CVE-2016-2548", "epss": "0.001260000", "percentile": "0.455370000", "modified": "2023-03-15"}, {"cve": "CVE-2016-0723", "epss": "0.001110000", "percentile": "0.426690000", "modified": "2023-03-15"}, {"cve": "CVE-2016-2547", "epss": "0.001260000", "percentile": "0.455370000", "modified": "2023-03-15"}, {"cve": "CVE-2015-8812", "epss": "0.040070000", "percentile": "0.906800000", "modified": "2023-03-15"}, {"cve": "CVE-2016-2544", "epss": "0.001260000", "percentile": "0.455370000", "modified": "2023-03-15"}, {"cve": "CVE-2015-8550", "epss": "0.000670000", "percentile": "0.274400000", "modified": "2023-03-15"}, {"cve": "CVE-2015-8543", "epss": "0.000440000", "percentile": "0.082290000", "modified": "2023-03-15"}, {"cve": "CVE-2015-7515", "epss": "0.004520000", "percentile": "0.712310000", "modified": "2023-03-15"}, {"cve": "CVE-2015-8539", "epss": "0.000440000", "percentile": "0.082290000", "modified": "2023-03-15"}, {"cve": "CVE-2016-2545", "epss": "0.001260000", "percentile": "0.455370000", "modified": "2023-03-15"}, {"cve": "CVE-2015-8767", "epss": "0.001240000", "percentile": "0.451270000", "modified": "2023-03-15"}, {"cve": "CVE-2016-2546", "epss": "0.001260000", "percentile": "0.455370000", "modified": "2023-03-15"}, {"cve": "CVE-2016-2549", "epss": "0.001260000", "percentile": "0.455370000", "modified": "2023-03-15"}, {"cve": "CVE-2015-8575", "epss": "0.001090000", "percentile": "0.423310000", "modified": "2023-03-15"}, {"cve": "CVE-2015-8552", "epss": "0.000760000", "percentile": "0.305380000", "modified": "2023-03-15"}, {"cve": "CVE-2013-7446", "epss": "0.000460000", "percentile": "0.140030000", "modified": "2023-03-15"}, {"cve": "CVE-2015-8569", "epss": "0.000440000", "percentile": "0.102620000", "modified": "2023-03-15"}, {"cve": "CVE-2015-8785", "epss": "0.001100000", "percentile": "0.425440000", "modified": "2023-03-15"}], "vulnersScore": 1.1}, "_state": {"dependencies": 1678909274, "score": 1683812971, "epss": 1678917342}, "_internal": {"score_hash": "dd3f70f5b1faabdad8c72bff2269f0ba"}, "affectedPackage": [{"arch": "ppc64", "packageFilename": "kernel-trace-devel-3.0.101-71.1.ppc64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace-devel", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "ppc64", "packageFilename": "kernel-source-3.0.101-71.1.ppc64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-source", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "i586", "packageFilename": "kernel-xen-debuginfo-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-xen-debuginfo", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "ppc64", "packageFilename": "kernel-default-3.0.101-71.1.ppc64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "ia64", "packageFilename": "kernel-syms-3.0.101-71.1.ia64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-syms", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "x86_64", "packageFilename": "kernel-default-debuginfo-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-debuginfo", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "x86_64", "packageFilename": "kernel-default-debugsource-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-debugsource", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "i586", "packageFilename": "kernel-pae-devel-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-pae-devel", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Desktop"}, {"arch": "x86_64", "packageFilename": "kernel-trace-extra-3.0.101-71.1.x86_64.rpm", "OSVersion": "11", "operator": "lt", "packageName": "kernel-trace-extra", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server EXTRA"}, {"arch": "s390x", "packageFilename": "kernel-default-3.0.101-71.1.s390x.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "i586", "packageFilename": "kernel-xen-extra-3.0.101-71.1.i586.rpm", "OSVersion": "11", "operator": "lt", "packageName": "kernel-xen-extra", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server EXTRA"}, {"arch": "ia64", "packageFilename": "kernel-default-3.0.101-71.1.ia64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "i586", "packageFilename": "kernel-default-devel-debuginfo-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-devel-debuginfo", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "x86_64", "packageFilename": "kernel-xen-debuginfo-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-xen-debuginfo", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "s390x", "packageFilename": "kernel-syms-3.0.101-71.1.s390x.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-syms", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "ia64", "packageFilename": "kernel-trace-devel-3.0.101-71.1.ia64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace-devel", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "x86_64", "packageFilename": "kernel-ec2-devel-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-ec2-devel", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "x86_64", "packageFilename": "kernel-trace-debugsource-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace-debugsource", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "i586", "packageFilename": "kernel-xen-debugsource-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-xen-debugsource", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "i586", "packageFilename": "kernel-xen-devel-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-xen-devel", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Desktop"}, {"arch": "s390x", "packageFilename": "kernel-default-debuginfo-3.0.101-71.1.s390x.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-debuginfo", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "ia64", "packageFilename": "kernel-trace-devel-debuginfo-3.0.101-71.1.ia64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace-devel-debuginfo", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "i586", "packageFilename": "kernel-ec2-base-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-ec2-base", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "i586", "packageFilename": "kernel-default-base-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-base", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "x86_64", "packageFilename": "kernel-default-devel-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-devel", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "i586", "packageFilename": "kernel-default-base-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-base", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Desktop"}, {"arch": "s390x", "packageFilename": "kernel-trace-debugsource-3.0.101-71.1.s390x.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace-debugsource", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "s390x", "packageFilename": "kernel-trace-devel-debuginfo-3.0.101-71.1.s390x.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace-devel-debuginfo", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "i586", "packageFilename": "kernel-pae-extra-3.0.101-71.1.i586.rpm", "OSVersion": "11", "operator": "lt", "packageName": "kernel-pae-extra", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server EXTRA"}, {"arch": "x86_64", "packageFilename": "kernel-xen-extra-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-xen-extra", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Desktop"}, {"arch": "x86_64", "packageFilename": "kernel-xen-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-xen", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "i586", "packageFilename": "kernel-pae-extra-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-pae-extra", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Desktop"}, {"arch": "i586", "packageFilename": "kernel-trace-base-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace-base", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "x86_64", "packageFilename": "kernel-source-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-source", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "x86_64", "packageFilename": "kernel-ec2-debuginfo-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-ec2-debuginfo", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "i586", "packageFilename": "kernel-pae-debuginfo-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-pae-debuginfo", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "i586", "packageFilename": "kernel-ec2-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-ec2", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "i586", "packageFilename": "kernel-pae-devel-debuginfo-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-pae-devel-debuginfo", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "i586", "packageFilename": "kernel-source-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-source", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "ppc64", "packageFilename": "kernel-trace-base-3.0.101-71.1.ppc64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace-base", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "i586", "packageFilename": "kernel-ec2-debugsource-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-ec2-debugsource", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "i586", "packageFilename": "kernel-pae-base-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-pae-base", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Desktop"}, {"arch": "ia64", "packageFilename": "kernel-source-3.0.101-71.1.ia64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-source", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "ia64", "packageFilename": "kernel-default-debuginfo-3.0.101-71.1.ia64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-debuginfo", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "ppc64", "packageFilename": "kernel-ppc64-extra-3.0.101-71.1.ppc64.rpm", "OSVersion": "11", "operator": "lt", "packageName": "kernel-ppc64-extra", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server EXTRA"}, {"arch": "i586", "packageFilename": "kernel-xen-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-xen", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Desktop"}, {"arch": "x86_64", "packageFilename": "kernel-xen-devel-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-xen-devel", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "s390x", "packageFilename": "kernel-default-debugsource-3.0.101-71.1.s390x.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-debugsource", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "i586", "packageFilename": "kernel-pae-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-pae", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Desktop"}, {"arch": "noarch", "packageFilename": "kernel-docs-3.0.101-71.2.noarch.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-docs", "packageVersion": "3.0.101-71.2", "OS": "SUSE Linux Enterprise Software Development Kit"}, {"arch": "x86_64", "packageFilename": "kernel-xen-base-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-xen-base", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "x86_64", "packageFilename": "kernel-default-extra-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-extra", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Desktop"}, {"arch": "ppc64", "packageFilename": "kernel-default-extra-3.0.101-71.1.ppc64.rpm", "OSVersion": "11", "operator": "lt", "packageName": "kernel-default-extra", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server EXTRA"}, {"arch": "s390x", "packageFilename": "kernel-trace-base-3.0.101-71.1.s390x.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace-base", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "ppc64", "packageFilename": "kernel-ppc64-base-3.0.101-71.1.ppc64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-ppc64-base", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "ppc64", "packageFilename": "kernel-ppc64-debugsource-3.0.101-71.1.ppc64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-ppc64-debugsource", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "i586", "packageFilename": "kernel-syms-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-syms", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Desktop"}, {"arch": "ppc64", "packageFilename": "kernel-default-base-3.0.101-71.1.ppc64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-base", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "x86_64", "packageFilename": "kernel-default-extra-3.0.101-71.1.x86_64.rpm", "OSVersion": "11", "operator": "lt", "packageName": "kernel-default-extra", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server EXTRA"}, {"arch": "i586", "packageFilename": "kernel-pae-debugsource-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-pae-debugsource", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "s390x", "packageFilename": "kernel-trace-devel-3.0.101-71.1.s390x.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace-devel", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "i586", "packageFilename": "kernel-pae-base-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-pae-base", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "x86_64", "packageFilename": "kernel-default-base-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-base", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Desktop"}, {"arch": "i586", "packageFilename": "kernel-syms-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-syms", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "i586", "packageFilename": "kernel-pae-devel-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-pae-devel", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "x86_64", "packageFilename": "kernel-trace-base-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace-base", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "s390x", "packageFilename": "kernel-trace-3.0.101-71.1.s390x.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "s390x", "packageFilename": "kernel-default-devel-debuginfo-3.0.101-71.1.s390x.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-devel-debuginfo", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "i586", "packageFilename": "kernel-xen-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-xen", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "i586", "packageFilename": "kernel-default-devel-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-devel", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "x86_64", "packageFilename": "kernel-trace-devel-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace-devel", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Desktop"}, {"arch": "ppc64", "packageFilename": "kernel-trace-debuginfo-3.0.101-71.1.ppc64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace-debuginfo", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "ia64", "packageFilename": "kernel-default-base-3.0.101-71.1.ia64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-base", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "x86_64", "packageFilename": "kernel-default-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Desktop"}, {"arch": "ia64", "packageFilename": "kernel-default-devel-3.0.101-71.1.ia64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-devel", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "x86_64", "packageFilename": "kernel-ec2-debugsource-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-ec2-debugsource", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "x86_64", "packageFilename": "kernel-ec2-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-ec2", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "ppc64", "packageFilename": "kernel-trace-debugsource-3.0.101-71.1.ppc64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace-debugsource", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "x86_64", "packageFilename": "kernel-xen-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-xen", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Desktop"}, {"arch": "s390x", "packageFilename": "kernel-default-devel-3.0.101-71.1.s390x.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-devel", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "i586", "packageFilename": "kernel-ec2-devel-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-ec2-devel", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "ia64", "packageFilename": "kernel-default-debugsource-3.0.101-71.1.ia64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-debugsource", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "i586", "packageFilename": "kernel-trace-debuginfo-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace-debuginfo", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "ppc64", "packageFilename": "kernel-ppc64-devel-3.0.101-71.1.ppc64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-ppc64-devel", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "i586", "packageFilename": "kernel-xen-base-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-xen-base", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Desktop"}, {"arch": "s390x", "packageFilename": "kernel-source-3.0.101-71.1.s390x.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-source", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "ia64", "packageFilename": "kernel-trace-3.0.101-71.1.ia64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "i586", "packageFilename": "kernel-default-debuginfo-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-debuginfo", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "i586", "packageFilename": "kernel-default-devel-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-devel", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Desktop"}, {"arch": "ia64", "packageFilename": "kernel-default-devel-debuginfo-3.0.101-71.1.ia64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-devel-debuginfo", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "x86_64", "packageFilename": "kernel-xen-base-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-xen-base", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Desktop"}, {"arch": "s390x", "packageFilename": "kernel-default-base-3.0.101-71.1.s390x.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-base", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "i586", "packageFilename": "kernel-default-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Desktop"}, {"arch": "x86_64", "packageFilename": "kernel-source-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-source", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Desktop"}, {"arch": "i586", "packageFilename": "kernel-default-debugsource-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-debugsource", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "x86_64", "packageFilename": "kernel-default-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "ia64", "packageFilename": "kernel-trace-debuginfo-3.0.101-71.1.ia64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace-debuginfo", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "x86_64", "packageFilename": "kernel-xen-debugsource-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-xen-debugsource", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "x86_64", "packageFilename": "kernel-trace-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "ia64", "packageFilename": "kernel-trace-debugsource-3.0.101-71.1.ia64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace-debugsource", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "ppc64", "packageFilename": "kernel-ppc64-debuginfo-3.0.101-71.1.ppc64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-ppc64-debuginfo", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "x86_64", "packageFilename": "kernel-xen-devel-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-xen-devel", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Desktop"}, {"arch": "x86_64", "packageFilename": "kernel-trace-debuginfo-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace-debuginfo", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "s390x", "packageFilename": "kernel-trace-debuginfo-3.0.101-71.1.s390x.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace-debuginfo", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "i586", "packageFilename": "kernel-trace-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "x86_64", "packageFilename": "kernel-xen-extra-3.0.101-71.1.x86_64.rpm", "OSVersion": "11", "operator": "lt", "packageName": "kernel-xen-extra", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server EXTRA"}, {"arch": "x86_64", "packageFilename": "kernel-syms-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-syms", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "s390x", "packageFilename": "kernel-default-extra-3.0.101-71.1.s390x.rpm", "OSVersion": "11", "operator": "lt", "packageName": "kernel-default-extra", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server EXTRA"}, {"arch": "x86_64", "packageFilename": "kernel-syms-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-syms", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Desktop"}, {"arch": "i586", "packageFilename": "kernel-xen-devel-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-xen-devel", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "i586", "packageFilename": "kernel-trace-devel-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace-devel", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Desktop"}, {"arch": "ppc64", "packageFilename": "kernel-ppc64-3.0.101-71.1.ppc64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-ppc64", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "s390x", "packageFilename": "kernel-default-man-3.0.101-71.1.s390x.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-man", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "i586", "packageFilename": "kernel-xen-base-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-xen-base", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "x86_64", "packageFilename": "kernel-default-devel-debuginfo-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-devel-debuginfo", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "x86_64", "packageFilename": "kernel-trace-devel-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace-devel", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "x86_64", "packageFilename": "kernel-xen-devel-debuginfo-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-xen-devel-debuginfo", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "i586", "packageFilename": "kernel-ec2-debuginfo-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-ec2-debuginfo", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "x86_64", "packageFilename": "kernel-default-devel-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-devel", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Desktop"}, {"arch": "x86_64", "packageFilename": "kernel-default-base-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-base", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "i586", "packageFilename": "kernel-default-extra-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-extra", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Desktop"}, {"arch": "ppc64", "packageFilename": "kernel-default-devel-3.0.101-71.1.ppc64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-devel", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "i586", "packageFilename": "kernel-trace-debugsource-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace-debugsource", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "i586", "packageFilename": "kernel-xen-devel-debuginfo-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-xen-devel-debuginfo", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "ppc64", "packageFilename": "kernel-trace-3.0.101-71.1.ppc64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "ppc64", "packageFilename": "kernel-syms-3.0.101-71.1.ppc64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-syms", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "i586", "packageFilename": "kernel-default-extra-3.0.101-71.1.i586.rpm", "OSVersion": "11", "operator": "lt", "packageName": "kernel-default-extra", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server EXTRA"}, {"arch": "i586", "packageFilename": "kernel-source-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-source", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Desktop"}, {"arch": "i586", "packageFilename": "kernel-trace-devel-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace-devel", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "x86_64", "packageFilename": "kernel-trace-devel-debuginfo-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace-devel-debuginfo", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "i586", "packageFilename": "kernel-trace-devel-debuginfo-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace-devel-debuginfo", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "i586", "packageFilename": "kernel-xen-extra-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-xen-extra", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Desktop"}, {"arch": "i586", "packageFilename": "kernel-default-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "ia64", "packageFilename": "kernel-default-extra-3.0.101-71.1.ia64.rpm", "OSVersion": "11", "operator": "lt", "packageName": "kernel-default-extra", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server EXTRA"}, {"arch": "i586", "packageFilename": "kernel-pae-3.0.101-71.1.i586.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-pae", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "x86_64", "packageFilename": "kernel-ec2-base-3.0.101-71.1.x86_64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-ec2-base", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}, {"arch": "ppc64", "packageFilename": "kernel-default-debugsource-3.0.101-71.1.ppc64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-debugsource", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "ppc64", "packageFilename": "kernel-default-debuginfo-3.0.101-71.1.ppc64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-default-debuginfo", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Debuginfo"}, {"arch": "ia64", "packageFilename": "kernel-trace-base-3.0.101-71.1.ia64.rpm", "OSVersion": "11.4", "operator": "lt", "packageName": "kernel-trace-base", "packageVersion": "3.0.101-71.1", "OS": "SUSE Linux Enterprise Server"}]}
{"suse": [{"lastseen": "2016-09-04T11:35:13", "description": "The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various\n security and bugfixes.\n\n Following feature was added to kernel-xen:\n - A improved XEN blkfront module was added, which allows more I/O\n bandwidth. (FATE#320200) It is called xen-blkfront in PV, and\n xen-vbd-upstream in HVM mode.\n\n The following security bugs were fixed:\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the\n Linux kernel allowed local users to bypass intended AF_UNIX socket\n permissions or cause a denial of service (panic) via crafted epoll_ctl\n calls (bnc#955654).\n - CVE-2015-7515: An out of bounds memory access in the aiptek USB driver\n could be used by physical local attackers to crash the kernel\n (bnc#956708).\n - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in\n the Linux kernel did not properly use a semaphore, which allowed local\n users to cause a denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact via a crafted\n application that leverages a race condition between keyctl_revoke and\n keyctl_read calls (bnc#958951).\n - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local\n users to gain privileges or cause a denial of service (BUG) via crafted\n keyctl commands that negatively instantiate a key, related to\n security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and\n security/keys/user_defined.c (bnc#958463).\n - CVE-2015-8543: The networking implementation in the Linux kernel did not\n validate protocol identifiers for certain protocol families, which\n allowed local users to cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain privileges by leveraging\n CLONE_NEWUSER support to execute a crafted SOCK_RAW application\n (bnc#958886).\n - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers\n could have lead to double fetch vulnerabilities, causing denial of\n service\n or arbitrary code execution (depending on the configuration)\n (bsc#957988).\n - CVE-2015-8551, CVE-2015-8552: xen/pciback: For\n XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled\n (bsc#957990).\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in\n drivers/net/ppp/pptp.c in the Linux kernel did not verify an address\n length, which allowed local users to obtain sensitive information from\n kernel memory and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the\n Linux kernel did not verify an address length, which allowed local users\n to obtain sensitive information from kernel memory and bypass the KASLR\n protection mechanism via a crafted application (bnc#959190 bnc#959399).\n - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not\n properly manage the relationship between a lock and a socket, which\n allowed local users to cause a denial of service (deadlock) via a\n crafted sctp_accept call (bnc#961509).\n - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in\n the Linux kernel allowed local users to cause a denial of service\n (infinite loop) via a writev system call that triggers a zero length for\n the first segment of an iov (bnc#963765).\n - CVE-2015-8812: A use-after-free flaw was found in the CXGB3 kernel\n driver when the network was considered to be congested. This could be\n used by local attackers to cause machine crashes or potentially code\n execution (bsc#966437).\n - CVE-2016-0723: Race condition in the tty_ioctl function in\n drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain\n sensitive information from kernel memory or cause a denial of service\n (use-after-free and system crash) by making a TIOCGETD ioctl call during\n processing of a TIOCSETD ioctl call (bnc#961500).\n - CVE-2016-2069: Race conditions in TLB syncing was fixed which could leak\n to information leaks (bnc#963767).\n - CVE-2016-2384: Removed a double free in the ALSA usb-audio driver in the\n umidi object which could lead to crashes (bsc#966693).\n - CVE-2016-2543: Added a missing NULL check at remove_events ioctl in ALSA\n that could lead to crashes. (bsc#967972).\n - CVE-2016-2544, CVE-2016-2545, CVE-2016-2546, CVE-2016-2547,\n CVE-2016-2548, CVE-2016-2549: Various race conditions in ALSAs timer\n handling were fixed. (bsc#967975, bsc#967974, bsc#967973, bsc#968011,\n bsc#968012, bsc#968013).\n\n The following non-security bugs were fixed:\n - Add /etc/modprobe.d/50-xen.conf selecting Xen frontend driver\n implementation (bsc#957986, bsc#956084, bsc#961658).\n - alsa: hda - Add one more node in the EAPD supporting candidate list\n (bsc#963561).\n - alsa: hda - Apply clock gate workaround to Skylake, too (bsc#966137).\n - alsa: hda - disable dynamic clock gating on Broxton before reset\n (bsc#966137).\n - alsa: hda - Fix playback noise with 24/32 bit sample size on BXT\n (bsc#966137).\n - blktap: also call blkif_disconnect() when frontend switched to closed\n (bsc#952976).\n - blktap: refine mm tracking (bsc#952976).\n - block: Always check queue limits for cloned requests (bsc#933782).\n - block: xen-blkfront: Fix possible NULL ptr dereference (bsc#961658\n fate#320200).\n - bnx2x: Add new device ids under the Qlogic vendor (bsc#964818).\n - bnx2x: Alloc 4k fragment for each rx ring buffer element (bsc#953369).\n - bnx2x: fix DMA API usage (bsc#953369).\n - driver core: Add BUS_NOTIFY_REMOVED_DEVICE event (bnc#962965).\n - drivers: xen-blkfront: only talk_to_blkback() when in\n XenbusStateInitialising (bsc#961658 fate#320200).\n - driver: xen-blkfront: move talk_to_blkback to a more suitable place\n (bsc#961658 fate#320200).\n - drm/i915: Change semantics of hw_contexts_disabled (bsc#963276).\n - drm/i915: Evict CS TLBs between batches (bsc#758040).\n - drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040).\n - e1000e: Do not read ICR in Other interrupt (bsc#924919).\n - e1000e: Do not write lsc to ics in msi-x mode (bsc#924919).\n - e1000e: Fix msi-x interrupt automask (bsc#924919).\n - e1000e: Remove unreachable code (bsc#924919).\n - ec2: Update kabi files and start tracking ec2\n - ext3: fix data=journal fast mount/umount hang (bsc#942082).\n - ext3: NULL dereference in ext3_evict_inode() (bsc#942082).\n - firmware: Create directories for external firmware (bsc#959312).\n - firmware: Simplify directory creation (bsc#959312).\n - Fix handling of re-write-before-commit for mmapped NFS pages\n (bsc#964201).\n - ftdi_sio: private backport of TIOCMIWAIT (bnc#956375).\n - iommu/vt-d: Do not change dma domain on dma-mask change (bsc#955925).\n - jbd: Fix unreclaimed pages after truncate in data=journal mode\n (bsc#961516).\n - kabi/severities: Add exception for bnx2x_schedule_sp_rtnl() There is no\n external, 3rd party modules use the symbol and the\n bnx2x_schedule_sp_rtnl symbol is only used in the bnx2x driver.\n (bsc#953369)\n - kbuild: create directory for dir/file.o (bsc#959312).\n - llist/xen-blkfront: implement safe version of llist_for_each_entry\n (bsc#961658 fate#320200).\n - lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392).\n - memcg: do not hang on OOM when killed by userspace OOM access to memory\n reserves (bnc#969571).\n - mm-memcg-print-statistics-from-live-counters-fix (bnc#969307).\n - nfsv4: Recovery of recalled read delegations is broken (bsc#956514).\n - nvme: Clear BIO_SEG_VALID flag in nvme_bio_split() (bsc#954992).\n - nvme: default to 4k device page size (bsc#967042).\n - pci: leave MEM and IO decoding disabled during 64-bit BAR sizing, too\n (bsc#951815).\n - pci: Update VPD size with correct length (bsc#958906).\n - pl2303: fix TIOCMIWAIT (bnc#959649).\n - pl2303: introduce private disconnect method (bnc#959649).\n - qeth: initialize net_device with carrier off (bnc#958000, LTC#136514).\n - Refresh patches.xen/xen3-08-x86-ldt-make-modify_ldt-synchronous.patch\n (bsc#959705).\n - Refresh patches.xen/xen-vscsi-large-requests (refine fix and also\n address bsc#966094).\n - rt: v3.0-rt relevant @stable-rt patches from v3.2-rt rt111 update\n - s390/cio: collect format 1 channel-path description data (bnc#958000,\n LTC#136434).\n - s390/cio: ensure consistent measurement state (bnc#958000, LTC#136434).\n - s390/cio: fix measurement characteristics memleak (bnc#958000,\n LTC#136434).\n - s390/cio: update measurement characteristics (bnc#958000, LTC#136434).\n - s390/dasd: fix failfast for disconnected devices (bnc#958000,\n LTC#135138).\n - s390/sclp: Determine HSA size dynamically for zfcpdump (bnc#958000,\n LTC#136143).\n - s390/sclp: Move declarations for sclp_sdias into separate header file\n (bnc#958000, LTC#136143).\n - scsi_dh_rdac: always retry MODE SELECT on command lock violation\n (bsc#956949).\n - sunrpc: restore fair scheduling to priority queues (bsc#955308).\n - supported.conf: Add xen-blkfront.\n - tg3: 5715 does not link up when autoneg off (bsc#904035).\n - Update\n patches.fixes/mm-exclude-reserved-pages-from-dirtyable-memory-fix.patch\n (bnc#940017, bnc#949298, bnc#947128).\n - usb: ftdi_sio: fix race condition in TIOCMIWAIT, and abort of TIOCMIWAIT\n when the device is removed (bnc#956375).\n - usb: ftdi_sio: fix status line change handling for TIOCMIWAIT and\n TIOCGICOUNT (bnc#956375).\n - usb: ftdi_sio: fix tiocmget and tiocmset return values (bnc#956375).\n - usb: ftdi_sio: fix tiocmget indentation (bnc#956375).\n - usb: ftdi_sio: optimise chars_in_buffer (bnc#956375).\n - usb: ftdi_sio: refactor modem-control status retrieval (bnc#956375).\n - usb: ftdi_sio: remove unnecessary memset (bnc#956375).\n - usb: ftdi_sio: use ftdi_get_modem_status in chars_in_buffer (bnc#956375).\n - usb: ftdi_sio: use generic chars_in_buffer (bnc#956375).\n - usb: pl2303: clean up line-status handling (bnc#959649).\n - usb: pl2303: only wake up MSR queue on changes (bnc#959649).\n - usb: pl2303: remove bogus delta_msr_wait wake up (bnc#959649).\n - usb: serial: export usb_serial_generic_chars_in_buffer (bnc#956375).\n - usb: serial: ftdi_sio: Add missing chars_in_buffer function (bnc#956375).\n - vmxnet3: fix building without CONFIG_PCI_MSI (bsc#958912).\n - vmxnet3: fix netpoll race condition (bsc#958912).\n - xen/blkback: Persistent grant maps for xen blk drivers (bsc#961658\n fate#320200).\n - xen/blkback: persistent-grants fixes (bsc#961658 fate#320200).\n - xen-blkfront: allow building in our Xen environment (bsc#961658\n fate#320200).\n - xen/blk[front|back]: Enhance discard support with secure erasing support\n (bsc#961658 fate#320200).\n - xen/blk[front|back]: Squash blkif_request_rw and blkif_request_discard\n together (bsc#961658 fate#320200).\n - xen-blkfront: check for null drvdata in blkback_changed\n (XenbusStateClosing) (bsc#961658 fate#320200).\n - xen-blkfront: do not add indirect pages to list when !feature_persistent\n (bsc#961658 fate#320200).\n - xen/blkfront: do not put bdev right after getting it (bsc#961658\n fate#320200).\n - xen-blkfront: drop the use of llist_for_each_entry_safe (bsc#961658\n fate#320200).\n - xen, blkfront: factor out flush-related checks from do_blkif_request()\n (bsc#961658 fate#320200).\n - xen-blkfront: fix accounting of reqs when migrating (bsc#961658\n fate#320200).\n - xen-blkfront: fix a deadlock while handling discard response (bsc#961658\n fate#320200).\n - xen/blkfront: Fix crash if backend does not follow the right states\n (bsc#961658 fate#320200).\n - xen-blkfront: free allocated page (bsc#961658 fate#320200).\n - xen-blkfront: handle backend CLOSED without CLOSING (bsc#961658\n fate#320200).\n - xen-blkfront: handle bvecs with partial data (bsc#961658 fate#320200).\n - xen-blkfront: Handle discard requests (bsc#961658 fate#320200).\n - xen-blkfront: If no barrier or flush is supported, use invalid operation\n (bsc#961658 fate#320200).\n - xen-blkfront: improve aproximation of required grants per request\n (bsc#961658 fate#320200).\n - xen/blkfront: improve protection against issuing unsupported REQ_FUA\n (bsc#961658 fate#320200).\n - xen-blkfront: Introduce a 'max' module parameter to alter the amount of\n indirect segments (bsc#961658 fate#320200).\n - xen-blkfront: make blkif_io_lock spinlock per-device (bsc#961658\n fate#320200).\n - xen-blkfront: plug device number leak in xlblk_init() error path\n (bsc#961658 fate#320200).\n - xen-blkfront: pre-allocate pages for requests (bsc#961658 fate#320200).\n - xen-blkfront: remove frame list from blk_shadow (bsc#961658 fate#320200).\n - xen/blkfront: remove redundant flush_op (bsc#961658 fate#320200).\n - xen-blkfront: remove type check from blkfront_setup_discard (bsc#961658\n fate#320200).\n - xen-blkfront: restore the non-persistent data path (bsc#961658\n fate#320200).\n - xen-blkfront: revoke foreign access for grants not mapped by the backend\n (bsc#961658 fate#320200).\n - xen-blkfront: set blk_queue_max_hw_sectors correctly (bsc#961658\n fate#320200).\n - xen-blkfront: Silence pfn maybe-uninitialized warning (bsc#961658\n fate#320200).\n - xen-blkfront: switch from llist to list (bsc#961658 fate#320200).\n - xen-blkfront: use a different scatterlist for each request (bsc#961658\n fate#320200).\n - xen-block: implement indirect descriptors (bsc#961658 fate#320200).\n - xen: consolidate and simplify struct xenbus_driver instantiation\n (bsc#961658 fate#320200).\n - xen/panic/x86: Allow cpus to save registers even if they (bnc#940946).\n - xen/panic/x86: Fix re-entrance problem due to panic on (bnc#937444).\n - xen/pvhvm: If xen_platform_pci=0 is set do not blow up (v4) (bsc#961658\n fate#320200).\n - xen: Update Xen config files (enable upstream block frontend).\n - xen/x86/mm: Add barriers and document switch_mm()-vs-flush\n synchronization (bnc#963767).\n - xen: x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330).\n - xen: x86: mm: only do a local tlb flush in ptep_set_access_flags()\n (bsc#948330).\n - xfs: Skip dirty pages in ->releasepage (bnc#912738, bnc#915183).\n - zfcp: fix fc_host port_type with NPIV (bnc#958000, LTC#132479).\n\n", "cvss3": {}, "published": "2016-04-19T19:07:56", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2015-8551", "CVE-2016-2543", "CVE-2016-2069", "CVE-2015-7550", "CVE-2016-2548", "CVE-2016-0723", "CVE-2016-2547", "CVE-2015-8812", "CVE-2016-2544", "CVE-2015-8550", "CVE-2015-8543", "CVE-2015-7515", "CVE-2015-8539", "CVE-2016-2545", "CVE-2015-8767", "CVE-2016-2546", "CVE-2016-2549", "CVE-2015-8575", "CVE-2015-8552", "CVE-2013-7446", "CVE-2015-8569", "CVE-2015-8785"], "modified": "2016-04-19T19:07:56", "id": "SUSE-SU-2016:1102-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:50:35", "description": "The SUSE Linux Enterprise 12 kernel was updated to receive various\n security and bugfixes.\n\n Following security bugs were fixed:\n - CVE-2015-7550: A local user could have triggered a race between read and\n revoke in keyctl (bnc#958951).\n - CVE-2015-8539: A negatively instantiated user key could have been used\n by a local user to leverage privileges (bnc#958463).\n - CVE-2015-8543: The networking implementation in the Linux kernel did not\n validate protocol identifiers for certain protocol families, which\n allowed local users to cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain privileges by leveraging\n CLONE_NEWUSER support to execute a crafted SOCK_RAW application\n (bnc#958886).\n - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers\n could have lead to double fetch vulnerabilities, causing denial of\n service or arbitrary code execution (depending on the configuration)\n (bsc#957988).\n - CVE-2015-8551, CVE-2015-8552: xen/pciback: For\n XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled\n (bsc#957990).\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in\n drivers/net/ppp/pptp.c in the Linux kernel did not verify an address\n length, which allowed local users to obtain sensitive information from\n kernel memory and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n - CVE-2015-8575: Validate socket address length in sco_sock_bind() to\n prevent information leak (bsc#959399).\n\n The following non-security bugs were fixed:\n - ACPICA: Correctly cleanup after a ACPI table load failure (bnc#937261).\n - ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504).\n - Input: aiptek - fix crash on detecting device without endpoints\n (bnc#956708).\n - Re-add copy_page_vector_to_user()\n - Refresh patches.xen/xen3-patch-3.12.46-47 (bsc#959705).\n - Refresh patches.xen/xen3-patch-3.9 (bsc#951155).\n - Update\n patches.suse/btrfs-8361-Btrfs-keep-dropped-roots-in-cache-until-transaction\n -.patch (bnc#935087, bnc#945649, bnc#951615).\n - bcache: Add btree_insert_node() (bnc#951638).\n - bcache: Add explicit keylist arg to btree_insert() (bnc#951638).\n - bcache: Clean up keylist code (bnc#951638).\n - bcache: Convert btree_insert_check_key() to btree_insert_node()\n (bnc#951638).\n - bcache: Convert bucket_wait to wait_queue_head_t (bnc#951638).\n - bcache: Convert try_wait to wait_queue_head_t (bnc#951638).\n - bcache: Explicitly track btree node's parent (bnc#951638).\n - bcache: Fix a bug when detaching (bsc#951638).\n - bcache: Fix a lockdep splat in an error path (bnc#951638).\n - bcache: Fix a shutdown bug (bsc#951638).\n - bcache: Fix more early shutdown bugs (bsc#951638).\n - bcache: Fix sysfs splat on shutdown with flash only devs (bsc#951638).\n - bcache: Insert multiple keys at a time (bnc#951638).\n - bcache: Refactor journalling flow control (bnc#951638).\n - bcache: Refactor request_write() (bnc#951638).\n - bcache: Use blkdev_issue_discard() (bnc#951638).\n - bcache: backing device set to clean after finishing detach (bsc#951638).\n - bcache: kill closure locking usage (bnc#951638).\n - blktap: also call blkif_disconnect() when frontend switched to closed\n (bsc#952976).\n - blktap: refine mm tracking (bsc#952976).\n - block: Always check queue limits for cloned requests (bsc#902606).\n - btrfs: Add qgroup tracing (bnc#935087, bnc#945649).\n - btrfs: Adjust commit-transaction condition to avoid NO_SPACE more\n (bsc#958647).\n - btrfs: Fix out-of-space bug (bsc#958647).\n - btrfs: Fix tail space processing in find_free_dev_extent() (bsc#958647).\n - btrfs: Set relative data on clear btrfs_block_group_cache->pinned\n (bsc#958647).\n - btrfs: Update btrfs qgroup status item when rescan is done (bnc#960300).\n - btrfs: backref: Add special time_seq == (u64)-1 case for\n btrfs_find_all_roots() (bnc#935087, bnc#945649).\n - btrfs: backref: Do not merge refs which are not for same block\n (bnc#935087, bnc#945649).\n - btrfs: cleanup: remove no-used alloc_chunk in\n btrfs_check_data_free_space() (bsc#958647).\n - btrfs: delayed-ref: Cleanup the unneeded functions (bnc#935087,\n bnc#945649).\n - btrfs: delayed-ref: Use list to replace the ref_root in ref_head\n (bnc#935087, bnc#945649).\n - btrfs: extent-tree: Use ref_node to replace unneeded parameters in\n __inc_extent_ref() and __free_extent() (bnc#935087, bnc#945649).\n - btrfs: fix comp_oper to get right order (bnc#935087, bnc#945649).\n - btrfs: fix condition of commit transaction (bsc#958647).\n - btrfs: fix leak in qgroup_subtree_accounting() error path (bnc#935087,\n bnc#945649).\n - btrfs: fix order by which delayed references are run (bnc#949440).\n - btrfs: fix qgroup sanity tests (bnc#951615).\n - btrfs: fix race waiting for qgroup rescan worker (bnc#960300).\n - btrfs: fix regression running delayed references when using qgroups\n (bnc#951615).\n - btrfs: fix regression when running delayed references (bnc#951615).\n - btrfs: fix sleeping inside atomic context in qgroup rescan worker\n (bnc#960300).\n - btrfs: fix the number of transaction units needed to remove a block\n group (bsc#958647).\n - btrfs: keep dropped roots in cache until transaction commit (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Add function qgroup_update_counters() (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Add function qgroup_update_refcnt() (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Add new function to record old_roots (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Add new qgroup calculation function\n btrfs_qgroup_account_extents() (bnc#935087, bnc#945649).\n - btrfs: qgroup: Add the ability to skip given qgroup for old/new_roots\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: Cleanup open-coded old/new_refcnt update and read\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: Cleanup the old ref_node-oriented mechanism (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Do not copy extent buffer to do qgroup rescan\n (bnc#960300).\n - btrfs: qgroup: Fix a regression in qgroup reserved space (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Make snapshot accounting work with new extent-oriented\n qgroup (bnc#935087, bnc#945649).\n - btrfs: qgroup: Record possible quota-related extent for qgroup\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: Switch rescan to new mechanism (bnc#935087, bnc#945649).\n - btrfs: qgroup: Switch self test to extent-oriented qgroup mechanism\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: Switch to new extent-oriented qgroup mechanism\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: account shared subtree during snapshot delete\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: clear STATUS_FLAG_ON in disabling quota (bnc#960300).\n - btrfs: qgroup: exit the rescan worker during umount (bnc#960300).\n - btrfs: qgroup: fix quota disable during rescan (bnc#960300).\n - btrfs: qgroup: move WARN_ON() to the correct location (bnc#935087,\n bnc#945649).\n - btrfs: remove transaction from send (bnc#935087, bnc#945649).\n - btrfs: ulist: Add ulist_del() function (bnc#935087, bnc#945649).\n - btrfs: use btrfs_get_fs_root in resolve_indirect_ref (bnc#935087,\n bnc#945649).\n - btrfs: use global reserve when deleting unused block group after ENOSPC\n (bsc#958647).\n - cache: Fix sysfs splat on shutdown with flash only devs (bsc#951638).\n - cpusets, isolcpus: exclude isolcpus from load balancing in cpusets\n (bsc#957395).\n - drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040).\n - drm: Allocate new master object when client becomes master (bsc#956876,\n bsc#956801).\n - drm: Fix KABI of "struct drm_file" (bsc#956876, bsc#956801).\n - e1000e: Do not read ICR in Other interrupt (bsc#924919).\n - e1000e: Do not write lsc to ics in msi-x mode (bsc#924919).\n - e1000e: Fix msi-x interrupt automask (bsc#924919).\n - e1000e: Remove unreachable code (bsc#924919).\n - genksyms: Handle string literals with spaces in reference files\n (bsc#958510).\n - ipv6: fix tunnel error handling (bsc#952579).\n - lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392).\n - mm/mempolicy.c: convert the shared_policy lock to a rwlock (bnc#959436).\n - mm: remove PG_waiters from PAGE_FLAGS_CHECK_AT_FREE (bnc#943959).\n - pm, hinernate: use put_page in release_swap_writer (bnc#943959).\n - sched, isolcpu: make cpu_isolated_map visible outside scheduler\n (bsc#957395).\n - udp: properly support MSG_PEEK with truncated buffers (bsc#951199\n bsc#959364).\n - xhci: Workaround to get Intel xHCI reset working more reliably\n (bnc#957546).\n\n", "cvss3": {}, "published": "2016-01-19T14:12:54", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-8551", "CVE-2015-7550", "CVE-2015-8550", "CVE-2015-8543", "CVE-2015-8539", "CVE-2015-8575", "CVE-2015-8552", "CVE-2015-8569"], "modified": "2016-01-19T14:12:54", "id": "SUSE-SU-2016:0168-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00018.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:33", "description": "The Linux kernel for openSUSE Leap 42.1 was updated to the 4.1.15 stable\n release, and also includes security and bugfixes.\n\n Following security bugs were fixed:\n - CVE-2016-0728: A reference leak in keyring handling with\n join_session_keyring() could lead to local attackers gain root\n privileges. (bsc#962075).\n - CVE-2015-7550: A local user could have triggered a race between read and\n revoke in keyctl (bnc#958951).\n - CVE-2015-8767: A case can occur when sctp_accept() is called by the user\n during a heartbeat timeout event after the 4-way handshake. Since\n sctp_assoc_migrate() changes both assoc->base.sk and assoc->ep, the\n bh_sock_lock in sctp_generate_heartbeat_event() will be taken with the\n listening socket but released with the new association socket. The\n result is a deadlock on any future attempts to take the listening socket\n lock. (bsc#961509)\n - CVE-2015-8539: A negatively instantiated user key could have been used\n by a local user to leverage privileges (bnc#958463).\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in\n drivers/net/ppp/pptp.c in the Linux kernel did not verify an address\n length, which allowed local users to obtain sensitive information from\n kernel memory and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n - CVE-2015-8543: The networking implementation in the Linux kernel did not\n validate protocol identifiers for certain protocol families, which\n allowed local users to cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain privileges by leveraging\n CLONE_NEWUSER support to execute a crafted SOCK_RAW application\n (bnc#958886).\n - CVE-2015-8575: Validate socket address length in sco_sock_bind() to\n prevent information leak (bsc#959399).\n - CVE-2015-8551, CVE-2015-8552: xen/pciback: For\n XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled\n (bsc#957990).\n - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers\n could have lead to double fetch vulnerabilities, causing denial of\n service or arbitrary code execution (depending on the configuration)\n (bsc#957988).\n\n The following non-security bugs were fixed:\n - ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd (bsc#958439).\n - ALSA: hda - Apply click noise workaround for Thinkpads generically\n (bsc#958439).\n - ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504).\n - ALSA: hda - Flush the pending probe work at remove (boo#960710).\n - ALSA: hda - Set codec to D3 at reboot/shutdown on Thinkpads (bsc#958439).\n - Add Cavium Thunderx network enhancements\n - Add RHEL to kernel-obs-build\n - Backport amd xgbe fixes and features\n - Backport arm64 patches from SLE12-SP1-ARM.\n - Btrfs: fix the number of transaction units needed to remove a block\n group (bsc#950178).\n - Btrfs: use global reserve when deleting unused block group after ENOSPC\n (bsc#950178).\n - Documentation: nousb is a module parameter (bnc#954324).\n - Driver for IBM System i/p VNIC protocol.\n - Enable CONFIG_PINCTRL_CHERRYVIEW (boo#954532) Needed for recent\n tablets/laptops. CONFIG_PINCTRL_BAYTRAIL is still disabled as it can't\n be built as a module.\n - Fix PCI generic host controller\n - Fix kABI breakage for max_dev_sectors addition to queue_limits\n (boo#961263).\n - HID: multitouch: Fetch feature reports on demand for Win8 devices\n (boo#954532).\n - HID: multitouch: fix input mode switching on some Elan panels\n (boo#954532).\n - Implement enable/disable for Display C6 state (boo#960021).\n - Input: aiptek - fix crash on detecting device without endpoints\n (bnc#956708).\n - Linux 4.1.15 (boo#954647 bsc#955422).\n - Move kabi patch to patches.kabi directory\n - Obsolete compat-wireless, rts5229 and rts_pstor KMPs These are found in\n SLE11-SP3, now replaced with the upstream drivers.\n - PCI: generic: Pass starting bus number to pci_scan_root_bus().\n - Revert "block: remove artifical max_hw_sectors cap" (boo#961263).\n - Set system time through RTC device\n - Update arm64 config files. Enabled DRM_AST in the vanilla kernel since\n it is now enabled in the default kernel.\n - Update config files: CONFIG_IBMVNIC=m\n - block/sd: Fix device-imposed transfer length limits (boo#961263).\n - block: bump BLK_DEF_MAX_SECTORS to 2560 (boo#961263).\n - drm/i915/skl: Add DC5 Trigger Sequence (boo#960021).\n - drm/i915/skl: Add DC6 Trigger sequence (boo#960021).\n - drm/i915/skl: Add support to load SKL CSR firmware (boo#960021).\n - drm/i915/skl: Add the INIT power domain to the MISC I/O power well\n (boo#960021).\n - drm/i915/skl: Deinit/init the display at suspend/resume (boo#960021).\n - drm/i915/skl: Fix DMC API version in firmware file name (boo#960021).\n - drm/i915/skl: Fix WaDisableChickenBitTSGBarrierAckForFFSliceCS\n (boo#960021).\n - drm/i915/skl: Fix stepping check for a couple of W/As (boo#960021).\n - drm/i915/skl: Fix the CTRL typo in the DPLL_CRTL1 defines (boo#960021).\n - drm/i915/skl: Implement WaDisableVFUnitClockGating (boo#960021).\n - drm/i915/skl: Implement enable/disable for Display C5 state (boo#960021).\n - drm/i915/skl: Make the Misc I/O power well part of the PLLS domain\n (boo#960021).\n - drm/i915/skl: add F0 stepping ID (boo#960021).\n - drm/i915/skl: enable WaForceContextSaveRestoreNonCoherent (boo#960021).\n - drm/i915: Clear crtc atomic flags at beginning of transaction\n (boo#960021).\n - drm/i915: Fix CSR MMIO address check (boo#960021).\n - drm/i915: Switch to full atomic helpers for plane updates/disable, take\n two (boo#960021).\n - drm/i915: set CDCLK if DPLL0 enabled during resuming from S3\n (boo#960021).\n - ethernet/atheros/alx: sanitize buffer sizing and padding (boo#952621).\n - genksyms: Handle string literals with spaces in reference files\n (bsc#958510).\n - group-source-files: mark module.lds as devel file ld: cannot open linker\n script file /usr/src/linux-4.2.5-1/arch/arm/kernel/module.lds: No such\n file or directory\n - hwrng: core - sleep interruptible in read (bnc#962597).\n - ipv6: distinguish frag queues by device for multicast and link-local\n packets (bsc#955422).\n - kABI fixes for linux-4.1.15.\n - rpm/compute-PATCHVERSION.sh: Skip stale directories in the package dir\n - rpm/constraints.in: Bump disk space requirements up a bit Require 10GB\n on s390x, 20GB elsewhere.\n - rpm/constraints.in: Require 14GB worth of disk space on POWER The builds\n started to fail randomly due to ENOSPC errors.\n - rpm/kernel-binary.spec.in: Do not explicitly set DEBUG_SECTION_MISMATCH\n CONFIG_DEBUG_SECTION_MISMATCH is a selectable Kconfig option since\n 2.6.39 and is enabled in our configs.\n - rpm/kernel-binary.spec.in: Do not obsolete ocfs2-kmp (bnc#865259)865259\n - rpm/kernel-binary.spec.in: Fix build if no UEFI certs are installed\n - rpm/kernel-binary.spec.in: Install libopenssl-devel for newer sign-file\n - rpm/kernel-binary.spec.in: No scriptlets in kernel-zfcpdump The kernel\n should not be added to the bootloader nor are there any KMPs.\n - rpm/kernel-binary.spec.in: Obsolete the -base package from SLE11\n (bnc#865096)\n - rpm/kernel-binary.spec.in: Use parallel make in all invocations Also,\n remove the lengthy comment, since we are using a standard rpm macro now.\n - thinkpad_acpi: Do not yell on unsupported brightness interfaces\n (boo#957152).\n - usb: make "nousb" a clear module parameter (bnc#954324).\n - usbvision fix overflow of interfaces array (bnc#950998).\n - x86/microcode/amd: Do not overwrite final patch levels (bsc#913996).\n - x86/microcode/amd: Extract current patch level read to a function\n (bsc#913996).\n - xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set\n (bsc#957990 XSA-157).\n - xhci: refuse loading if nousb is used (bnc#954324).\n\n", "cvss3": {}, "published": "2016-01-29T14:11:40", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-8551", "CVE-2015-7550", "CVE-2015-8550", "CVE-2015-8543", "CVE-2016-0728", "CVE-2015-8539", "CVE-2015-8767", "CVE-2015-8575", "CVE-2015-8552", "CVE-2015-8569"], "modified": "2016-01-29T14:11:40", "id": "OPENSUSE-SU-2016:0280-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00049.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:29:26", "description": "The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.53 to receive\n various security and bugfixes.\n\n The following security bugs were fixed:\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the\n Linux kernel allowed local users to bypass intended AF_UNIX socket\n permissions or cause a denial of service (panic) via crafted epoll_ctl\n calls (bnc#955654).\n - CVE-2015-5707: Integer overflow in the sg_start_req function in\n drivers/scsi/sg.c in the Linux kernel allowed local users to cause a\n denial of service or possibly have unspecified other impact via a large\n iov_count value in a write request (bnc#940338).\n - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in\n the Linux kernel did not properly use a semaphore, which allowed local\n users to cause a denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact via a crafted\n application that leverages a race condition between keyctl_revoke and\n keyctl_read calls (bnc#958951).\n - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the\n Linux kernel did not ensure that certain slot numbers are valid, which\n allowed local users to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call\n (bnc#949936).\n - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel\n did not validate attempted changes to the MTU value, which allowed\n context-dependent attackers to cause a denial of service (packet loss)\n via a value that was (1) smaller than the minimum compliant value or (2)\n larger than the MTU of an interface, as demonstrated by a Router\n Advertisement (RA) message that is not validated by a daemon, a\n different vulnerability than CVE-2015-0272 (bnc#955354).\n - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local\n users to gain privileges or cause a denial of service (BUG) via crafted\n keyctl commands that negatively instantiate a key, related to\n security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and\n security/keys/user_defined.c (bnc#958463).\n - CVE-2015-8543: The networking implementation in the Linux kernel did not\n validate protocol identifiers for certain protocol families, which\n allowed local users to cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain privileges by leveraging\n CLONE_NEWUSER support to execute a crafted SOCK_RAW application\n (bnc#958886).\n - CVE-2015-8550: Optimizations introduced by the compiler could have lead\n to double fetch vulnerabilities, potentially possibly leading to\n arbitrary code execution in backend (bsc#957988).\n - CVE-2015-8551: Xen PCI backend driver did not perform proper sanity\n checks on the device's state, allowing for DoS (bsc#957990).\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in\n drivers/net/ppp/pptp.c in the Linux kernel did not verify an address\n length, which allowed local users to obtain sensitive information from\n kernel memory and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the\n Linux kernel did not verify an address length, which allowed local users\n to obtain sensitive information from kernel memory and bypass the KASLR\n protection mechanism via a crafted application (bnc#959399).\n - CVE-2015-8660: The ovl_setattr function in fs/overlayfs/inode.c in the\n Linux kernel attempted to merge distinct setattr operations, which\n allowed local users to bypass intended access restrictions and modify\n the attributes of arbitrary overlay files via a crafted application\n (bnc#960281).\n - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not\n properly manage the relationship between a lock and a socket, which\n allowed local users to cause a denial of service (deadlock) via a\n crafted sctp_accept call (bnc#961509).\n - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in\n the Linux kernel allowed local users to cause a denial of service\n (infinite loop) via a writev system call that triggers a zero length for\n the first segment of an iov (bnc#963765).\n - CVE-2016-0723: Race condition in the tty_ioctl function in\n drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain\n sensitive information from kernel memory or cause a denial of service\n (use-after-free and system crash) by making a TIOCGETD ioctl call during\n processing of a TIOCSETD ioctl call (bnc#961500).\n - CVE-2016-2069: A race in invalidating paging structures that were not in\n use locally could have lead to disclosoure of information or arbitrary\n code exectution (bnc#963767).\n\n The following non-security bugs were fixed:\n - ACPI: Introduce apic_id in struct processor to save parsed APIC id\n (bsc#959463).\n - ACPI: Make it possible to get local x2apic id via _MAT (bsc#959463).\n - ACPI: use apic_id and remove duplicated _MAT evaluation (bsc#959463).\n - ACPICA: Correctly cleanup after a ACPI table load failure (bnc#937261).\n - Add sd_mod to initrd modules. For some reason PowerVM backend can't work\n without sd_mod\n - Do not modify perf bias performance setting by default at boot\n (bnc#812259, bsc#959629).\n - Documentation: Document kernel.panic_on_io_nmi sysctl (bsc#940946,\n bsc#937444).\n - Driver for IBM System i/p VNIC protocol\n - Drop blktap patches from SLE12, since the driver is unsupported\n - Improve fairness when locking the per-superblock s_anon list\n (bsc#957525, bsc#941363).\n - Input: aiptek - fix crash on detecting device without endpoints\n (bnc#956708).\n - NFSD: Do not start lockd when only NFSv4 is running\n - NFSv4: Recovery of recalled read delegations is broken (bsc#956514).\n - Replace with 176bed1d vmstat: explicitly schedule per-cpu work on the\n CPU we need it to run on\n - Revert "ipv6: add complete rcu protection around np->opt" (bnc#961257).\n - Revert 874bbfe60 workqueue: make sure delayed work run in local cpu 1.\n Without 22b886dd, 874bbfe60 leads to timer corruption. 2. With 22b886dd\n applied, victim of 1 reports performance regression (1,2\n <a rel=\"nofollow\" href=\"https://lkml.org/lkml/2016/2/4/618\">https://lkml.org/lkml/2016/2/4/618</a>) 3. Leads to scheduling work to\n offlined CPU (bnc#959463). SLERT: 4. NO_HZ_FULL regressession, unbound\n delayed work timer is no longer deflected to a housekeeper CPU.\n - be2net: fix some log messages (bnc#855062, bnc#867583).\n - blktap: also call blkif_disconnect() when frontend switched to closed\n (bsc#952976).\n - blktap: refine mm tracking (bsc#952976).\n - block: Always check queue limits for cloned requests (bsc#902606).\n - block: Always check queue limits for cloned requests (bsc#902606).\n - bnx2x: Add new device ids under the Qlogic vendor (bnc#964821).\n - btrfs: Add qgroup tracing (bnc#935087, bnc#945649).\n - btrfs: Update btrfs qgroup status item when rescan is done (bnc#960300).\n - btrfs: backref: Add special time_seq == (u64)-1 case for\n btrfs_find_all_roots() (bnc#935087, bnc#945649).\n - btrfs: backref: Do not merge refs which are not for same block\n (bnc#935087, bnc#945649).\n - btrfs: delayed-ref: Cleanup the unneeded functions (bnc#935087,\n bnc#945649).\n - btrfs: delayed-ref: Use list to replace the ref_root in ref_head\n (bnc#935087, bnc#945649).\n - btrfs: extent-tree: Use ref_node to replace unneeded parameters in\n __inc_extent_ref() and __free_extent() (bnc#935087, bnc#945649).\n - btrfs: fix comp_oper to get right order (bnc#935087, bnc#945649).\n - btrfs: fix deadlock between direct IO write and defrag/readpages\n (bnc#965344).\n - btrfs: fix leak in qgroup_subtree_accounting() error path (bnc#935087,\n bnc#945649).\n - btrfs: fix order by which delayed references are run (bnc#949440).\n - btrfs: fix qgroup sanity tests (bnc#951615).\n - btrfs: fix race waiting for qgroup rescan worker (bnc#960300).\n - btrfs: fix regression running delayed references when using qgroups\n (bnc#951615).\n - btrfs: fix regression when running delayed references (bnc#951615).\n - btrfs: fix sleeping inside atomic context in qgroup rescan worker\n (bnc#960300).\n - btrfs: keep dropped roots in cache until transaction commit (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Add function qgroup_update_counters() (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Add function qgroup_update_refcnt() (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Add new function to record old_roots (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Add new qgroup calculation function\n btrfs_qgroup_account_extents() (bnc#935087, bnc#945649).\n - btrfs: qgroup: Add the ability to skip given qgroup for old/new_roots\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: Cleanup open-coded old/new_refcnt update and read\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: Cleanup the old ref_node-oriented mechanism (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Do not copy extent buffer to do qgroup rescan\n (bnc#960300).\n - btrfs: qgroup: Fix a regression in qgroup reserved space (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Make snapshot accounting work with new extent-oriented\n qgroup (bnc#935087, bnc#945649).\n - btrfs: qgroup: Record possible quota-related extent for qgroup\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: Switch rescan to new mechanism (bnc#935087, bnc#945649).\n - btrfs: qgroup: Switch self test to extent-oriented qgroup mechanism\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: Switch to new extent-oriented qgroup mechanism\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: account shared subtree during snapshot delete\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: clear STATUS_FLAG_ON in disabling quota (bnc#960300).\n - btrfs: qgroup: exit the rescan worker during umount (bnc#960300).\n - btrfs: qgroup: fix quota disable during rescan (bnc#960300).\n - btrfs: qgroup: move WARN_ON() to the correct location (bnc#935087,\n bnc#945649).\n - btrfs: remove transaction from send (bnc#935087, bnc#945649).\n - btrfs: skip locking when searching commit root (bnc#963825).\n - btrfs: ulist: Add ulist_del() function (bnc#935087, bnc#945649).\n - btrfs: use btrfs_get_fs_root in resolve_indirect_ref (bnc#935087,\n bnc#945649).\n - crypto: nx - use common code for both NX decompress success cases\n (bsc#942476).\n - crypto: nx-842 - Mask XERS0 bit in return value (bsc#960221).\n - driver core: Add BUS_NOTIFY_REMOVED_DEVICE event (bnc#962965).\n - drivers/firmware/memmap.c: do not allocate firmware_map_entry of same\n memory range (bsc#959463).\n - drivers/firmware/memmap.c: do not create memmap sysfs of same\n firmware_map_entry (bsc#959463).\n - drivers/firmware/memmap.c: pass the correct argument to\n firmware_map_find_entry_bootmem() (bsc#959463).\n - e1000e: Do not read ICR in Other interrupt (bsc#924919).\n - e1000e: Do not write lsc to ics in msi-x mode (bsc#924919).\n - e1000e: Fix msi-x interrupt automask (bsc#924919).\n - e1000e: Remove unreachable code (bsc#924919).\n - fuse: break infinite loop in fuse_fill_write_pages() (bsc#963765).\n - group-source-files: mark module.lds as devel file ld: cannot open linker\n script file /usr/src/linux-4.2.5-1/arch/arm/kernel/module.lds: No such\n file or directory\n - ipv6: fix tunnel error handling (bsc#952579).\n - jbd2: Fix unreclaimed pages after truncate in data=journal mode\n (bsc#961516).\n - kABI: reintroduce blk_rq_check_limits.\n - kabi: protect struct acpi_processor signature (bsc#959463).\n - kernel/watchdog.c: perform all-CPU backtrace in case of hard lockup\n (bsc#940946, bsc#937444).\n - kernel: Change ASSIGN_ONCE(val, x) to WRITE_ONCE(x, val) (bsc#940946,\n bsc#937444).\n - kernel: Provide READ_ONCE and ASSIGN_ONCE (bsc#940946, bsc#937444).\n - kernel: inadvertent free of the vector register save area (bnc#961202).\n - kexec: Fix race between panic() and crash_kexec() (bsc#940946,\n bsc#937444).\n - kgr: Remove the confusing search for fentry\n - kgr: Safe way to avoid an infinite redirection\n - kgr: do not print error for !abort_if_missing symbols (bnc#943989).\n - kgr: do not use WQ_MEM_RECLAIM workqueue (bnc#963572).\n - kgr: log when modifying kernel\n - kgr: mark some more missed kthreads (bnc#962336).\n - kgr: usb/storage: do not emit thread awakened (bnc#899908).\n - kvm: Add arch specific mmu notifier for page invalidation (bsc#959463).\n - kvm: Make init_rmode_identity_map() return 0 on success (bsc#959463).\n - kvm: Remove ept_identity_pagetable from struct kvm_arch (bsc#959463).\n - kvm: Rename make_all_cpus_request() to kvm_make_all_cpus_request() and\n make it non-static (bsc#959463).\n - kvm: Use APIC_DEFAULT_PHYS_BASE macro as the apic access page address\n (bsc#959463).\n - kvm: vmx: Implement set_apic_access_page_addr (bsc#959463).\n - kvm: x86: Add request bit to reload APIC access page address\n (bsc#959463).\n - kvm: x86: Unpin and remove kvm_arch->apic_access_page (bsc#959463).\n - libiscsi: Fix host busy blocking during connection teardown.\n - lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392).\n - md/bitmap: do not pass -1 to bitmap_storage_alloc (bsc#955118).\n - md/bitmap: remove confusing code from filemap_get_page.\n - md/bitmap: remove rcu annotation from pointer arithmetic.\n - mem-hotplug: reset node managed pages when hot-adding a new pgdat\n (bsc#959463).\n - mem-hotplug: reset node present pages when hot-adding a new pgdat\n (bsc#959463).\n - memory-hotplug: clear pgdat which is allocated by bootmem in\n try_offline_node() (bsc#959463).\n - mm/memory_hotplug.c: check for missing sections in\n test_pages_in_a_zone() (VM Functionality, bnc#961588).\n - mm/mempolicy.c: convert the shared_policy lock to a rwlock (VM\n Performance, bnc#959436).\n - module: keep percpu symbols in module's symtab (bsc#962788).\n - nmi: provide the option to issue an NMI back trace to every cpu but\n current (bsc#940946, bsc#937444).\n - nmi: provide the option to issue an NMI back trace to every cpu but\n current (bsc#940946, bsc#937444).\n - nvme: Clear BIO_SEG_VALID flag in nvme_bio_split() (bsc#954992).\n - panic, x86: Allow CPUs to save registers even if looping in NMI context\n (bsc#940946, bsc#937444).\n - panic, x86: Fix re-entrance problem due to panic on NMI (bsc#940946,\n bsc#937444).\n - pci: Check for valid tags when calculating the VPD size (bsc#959146).\n - qeth: initialize net_device with carrier off (bnc#964230).\n - rpm/constraints.in: Bump disk space requirements up a bit Require 10GB\n on s390x, 20GB elsewhere.\n - rpm/kernel-binary.spec.in: Fix build if no UEFI certs are installed\n - rpm/kernel-binary.spec.in: Fix kernel-vanilla-devel dependency\n (bsc#959090)\n - rpm/kernel-binary.spec.in: Fix paths in kernel-vanilla-devel\n (bsc#959090).\n - rpm/kernel-binary.spec.in: Install libopenssl-devel for newer sign-file\n - rpm/kernel-binary.spec.in: Use bzip compression to speed up build\n (bsc#962356)\n - rpm/kernel-source.spec.in: Install kernel-macros for\n kernel-source-vanilla (bsc#959090)\n - rpm/kernel-spec-macros: Do not modify the release string in PTFs\n (bsc#963449)\n - rpm/package-descriptions: Add kernel-zfcpdump and drop -desktop\n - s390/cio: ensure consistent measurement state (bnc#964230).\n - s390/cio: fix measurement characteristics memleak (bnc#964230).\n - s390/cio: update measurement characteristics (bnc#964230).\n - s390/dasd: fix failfast for disconnected devices (bnc#961202).\n - s390/vtime: correct scaled cputime for SMT (bnc#964230).\n - s390/vtime: correct scaled cputime of partially idle CPUs (bnc#964230).\n - s390/vtime: limit MT scaling value updates (bnc#964230).\n - sched,numa: cap pte scanning overhead to 3% of run time (Automatic NUMA\n Balancing).\n - sched/fair: Care divide error in update_task_scan_period() (bsc#959463).\n - sched/fair: Disable tg load_avg/runnable_avg update for root_task_group\n (bnc#960227).\n - sched/fair: Move cache hot load_avg/runnable_avg into separate cacheline\n (bnc#960227).\n - sched/numa: Cap PTE scanning overhead to 3% of run time (Automatic NUMA\n Balancing).\n - sched: Fix race between task_group and sched_task_group (Automatic NUMA\n Balancing).\n - scsi: restart list search after unlock in scsi_remove_target\n (bsc#944749, bsc#959257).\n - supported.conf: Add more QEMU and VMware drivers to -base (bsc#965840).\n - supported.conf: Add netfilter modules to base (bsc#950292)\n - supported.conf: Add nls_iso8859-1 and nls_cp437 to -base (bsc#950292)\n - supported.conf: Add vfat to -base to be able to mount the ESP\n (bsc#950292).\n - supported.conf: Add virtio_{blk,net,scsi} to kernel-default-base\n (bsc#950292)\n - supported.conf: Also add virtio_pci to kernel-default-base (bsc#950292).\n - supported.conf: drop +external from ghash-clmulni-intel It was agreed\n that it does not make sense to maintain "external" for this specific\n module. Furthermore it causes problems in rather ordinary VMware\n environments. (bsc#961971)\n - udp: properly support MSG_PEEK with truncated buffers (bsc#951199\n bsc#959364).\n - x86, xsave: Support eager-only xsave features, add MPX support\n (bsc#938577).\n - x86/apic: Introduce apic_extnmi command line parameter (bsc#940946,\n bsc#937444).\n - x86/fpu/xstate: Do not assume the first zero xfeatures zero bit means\n the end (bsc#938577).\n - x86/fpu: Fix double-increment in setup_xstate_features() (bsc#938577).\n - x86/fpu: Remove xsave_init() bootmem allocations (bsc#938577).\n - x86/nmi: Save regs in crash dump on external NMI (bsc#940946,\n bsc#937444).\n - x86/nmi: Save regs in crash dump on external NMI (bsc#940946,\n bsc#937444).\n - xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set\n (bsc#957990 XSA-157).\n - xfs: add a few more verifier tests (bsc#947953).\n - xfs: fix double free in xlog_recover_commit_trans (bsc#947953).\n - xfs: recovery of XLOG_UNMOUNT_TRANS leaks memory (bsc#947953).\n\n", "cvss3": {}, "published": "2016-02-25T21:11:27", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-8551", "CVE-2015-8215", "CVE-2016-2069", "CVE-2015-7550", "CVE-2016-0723", "CVE-2015-8550", "CVE-2015-8543", "CVE-2015-8539", "CVE-2015-8660", "CVE-2015-8767", "CVE-2015-7799", "CVE-2015-8575", "CVE-2013-7446", "CVE-2015-8569", "CVE-2015-0272", "CVE-2015-5707", "CVE-2015-8785"], "modified": "2016-02-25T21:11:27", "id": "SUSE-SU-2016:0585-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00057.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:08:27", "description": "The SUSE Linux Enterprise 12 kernel was updated to 3.12.55 to receive\n various security and bugfixes.\n\n Features added:\n - A improved XEN blkfront module was added, which allows more I/O\n bandwidth. (FATE#320625) It is called xen-blkfront in PV, and\n xen-vbd-upstream in HVM mode.\n\n The following security bugs were fixed:\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the\n Linux kernel allowed local users to bypass intended AF_UNIX socket\n permissions or cause a denial of service (panic) via crafted epoll_ctl\n calls (bnc#955654).\n - CVE-2015-5707: Integer overflow in the sg_start_req function in\n drivers/scsi/sg.c in the Linux kernel allowed local users to cause a\n denial of service or possibly have unspecified other impact via a large\n iov_count value in a write request (bnc#940338).\n - CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and\n gid mappings, which allowed local users to gain privileges by\n establishing a user namespace, waiting for a root process to enter that\n namespace with an unsafe uid or gid, and then using the ptrace system\n call. NOTE: the vendor states "there is no kernel bug here" (bnc#959709\n bnc#960561).\n - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not\n properly manage the relationship between a lock and a socket, which\n allowed local users to cause a denial of service (deadlock) via a\n crafted sctp_accept call (bnc#961509).\n - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in\n the Linux kernel allowed local users to cause a denial of service\n (infinite loop) via a writev system call that triggers a zero length for\n the first segment of an iov (bnc#963765).\n - CVE-2015-8812: A use-after-free flaw was found in the CXGB3 kernel\n driver when the network was considered to be congested. This could be\n used by local attackers to cause machine crashes or potentially code\n executuon (bsc#966437).\n - CVE-2016-0723: Race condition in the tty_ioctl function in\n drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain\n sensitive information from kernel memory or cause a denial of service\n (use-after-free and system crash) by making a TIOCGETD ioctl call during\n processing of a TIOCSETD ioctl call (bnc#961500).\n - CVE-2016-0774: A pipe buffer state corruption after unsuccessful atomic\n read from pipe was fixed (bsc#964730).\n - CVE-2016-2069: Race conditions in TLB syncing was fixed which could leak\n to information leaks (bnc#963767).\n - CVE-2016-2384: A double-free triggered by invalid USB descriptor in ALSA\n usb-audio was fixed, which could be exploited by physical local\n attackers to crash the kernel or gain code execution (bnc#966693).\n\n The following non-security bugs were fixed:\n - alsa: rawmidi: Make snd_rawmidi_transmit() race-free (bsc#968018).\n - alsa: seq: Fix leak of pool buffer at concurrent writes (bsc#968018).\n - be2net: fix some log messages (bnc#855062 FATE#315961, bnc#867583).\n - block: xen-blkfront: Fix possible NULL ptr dereference (bsc#957986\n fate#320625).\n - btrfs: Add handler for invalidate page (bsc#963193).\n - btrfs: check prepare_uptodate_page() error code earlier (bnc#966910).\n - btrfs: delayed_ref: Add new function to record reserved space into\n delayed ref (bsc#963193).\n - btrfs: delayed_ref: release and free qgroup reserved at proper timing\n (bsc#963193).\n - btrfs: extent_io: Introduce needed structure for recoding set/clear bits\n (bsc#963193).\n - btrfs: extent_io: Introduce new function clear_record_extent_bits()\n (bsc#963193).\n - btrfs: extent_io: Introduce new function set_record_extent_bits\n (bsc#963193).\n - btrfs: extent-tree: Add new version of btrfs_check_data_free_space and\n btrfs_free_reserved_data_space (bsc#963193).\n - btrfs: extent-tree: Add new version of\n btrfs_delalloc_reserve/release_space (bsc#963193).\n - btrfs: extent-tree: Switch to new check_data_free_space and\n free_reserved_data_space (bsc#963193).\n - btrfs: extent-tree: Switch to new delalloc space reserve and release\n (bsc#963193).\n - btrfs: fallocate: Add support to accurate qgroup reserve (bsc#963193).\n - btrfs: fix deadlock between direct IO write and defrag/readpages\n (bnc#965344).\n - btrfs: fix invalid page accesses in extent_same (dedup) ioctl\n (bnc#968230).\n - btrfs: fix page reading in extent_same ioctl leading to csum errors\n (bnc#968230).\n - btrfs: fix warning in backref walking (bnc#966278).\n - btrfs: qgroup: Add handler for NOCOW and inline (bsc#963193).\n - btrfs: qgroup: Add new trace point for qgroup data reserve (bsc#963193).\n - btrfs: qgroup: Avoid calling btrfs_free_reserved_data_space in\n clear_bit_hook (bsc#963193).\n - btrfs: qgroup: Check if qgroup reserved space leaked (bsc#963193).\n - btrfs: qgroup: Cleanup old inaccurate facilities (bsc#963193).\n - btrfs: qgroup: Fix a race in delayed_ref which leads to abort trans\n (bsc#963193).\n - btrfs: qgroup: Fix a rebase bug which will cause qgroup double free\n (bsc#963193).\n - btrfs: qgroup: Introduce btrfs_qgroup_reserve_data function (bsc#963193).\n - btrfs: qgroup: Introduce functions to release/free qgroup reserve data\n space (bsc#963193).\n - btrfs: qgroup: Introduce new functions to reserve/free metadata\n (bsc#963193).\n - btrfs: qgroup: Use new metadata reservation (bsc#963193).\n - btrfs: skip locking when searching commit root (bnc#963825).\n - dcache: use IS_ROOT to decide where dentry is hashed (bsc#949752).\n - documentation: Document kernel.panic_on_io_nmi sysctl (bsc#940946,\n bsc#937444).\n - documentation: Fix build of PDF files in kernel-docs package Double the\n spaces for tex, and fix buildrequires for docbook.\n - doc: Use fop for creating PDF files in kernel-docs package as some files\n still cannot be built with the default backend.\n - driver core: Add BUS_NOTIFY_REMOVED_DEVICE event (bnc#962965).\n - drivers: xen-blkfront: only talk_to_blkback() when in\n XenbusStateInitialising (bsc#957986 fate#320625).\n - driver: xen-blkfront: move talk_to_blkback to a more suitable place\n (bsc#957986 fate#320625).\n - ec2: updated kabi files and start tracking\n - fs: Improve fairness when locking the per-superblock s_anon list\n (bsc#957525, bsc#941363).\n - fs/proc_namespace.c: simplify testing nsp and nsp->mnt_ns (bug#963960).\n - fuse: break infinite loop in fuse_fill_write_pages() (bsc#963765).\n - futex: Drop refcount if requeue_pi() acquired the rtmutex (bug#960174).\n - jbd2: Fix unreclaimed pages after truncate in data=journal mode\n (bsc#961516).\n - kabi: Preserve checksum of kvm_x86_ops (bsc#969112).\n - kABI: protect struct af_alg_type.\n - kABI: protect struct crypto_ahash.\n - kABI: reintroduce blk_rq_check_limits.\n - kabi/severities: Fail on changes in kvm_x86_ops, needed by lttng-modules\n - kernel: Change ASSIGN_ONCE(val, x) to WRITE_ONCE(x, val) (bsc#940946,\n bsc#937444).\n - kernel: Provide READ_ONCE and ASSIGN_ONCE (bsc#940946, bsc#937444).\n - kernel/watchdog.c: perform all-CPU backtrace in case of hard lockup\n (bsc#940946, bsc#937444).\n - kexec: Fix race between panic() and crash_kexec() (bsc#940946,\n bsc#937444).\n - kgr: do not print error for !abort_if_missing symbols (bnc#943989).\n - kgr: do not use WQ_MEM_RECLAIM workqueue (bnc#963572).\n - kgr: log when modifying kernel (fate#317827).\n - kgr: mark some more missed kthreads (bnc#962336).\n - kgr: usb/storage: do not emit thread awakened (bnc#899908).\n - kvm: x86: Check dest_map->vector to match eoi signals for rtc\n (bsc#966471).\n - kvm: x86: Convert ioapic->rtc_status.dest_map to a struct (bsc#966471).\n - kvm: x86: store IOAPIC-handled vectors in each VCPU (bsc#966471).\n - kvm: x86: Track irq vectors in ioapic->rtc_status.dest_map (bsc#966471).\n - libceph: fix scatterlist last_piece calculation (bsc#963746).\n - megaraid_sas: Chip reset if driver fails to get IOC ready (bsc#922071).\n Refresh the patch based on the actual upstream commit, and add the\n commit ID.\n - mm/memory_hotplug.c: check for missing sections in\n test_pages_in_a_zone() (VM Functionality, bnc#961588).\n - module: keep percpu symbols in module's symtab (bsc#962788).\n - namespaces: Re-introduce task_nsproxy() helper (bug#963960).\n - namespaces: Use task_lock and not rcu to protect nsproxy (bug#963960).\n - net: core: Correct an over-stringent device loop detection (bsc#945219).\n - nfs: Background flush should not be low priority (bsc#955308).\n - nfsd: Do not start lockd when only NFSv4 is running (fate#316311).\n - nfs: do not use STABLE writes during writeback (bnc#816099).\n - nfs: Fix handling of re-write-before-commit for mmapped NFS pages\n (bsc#964201).\n - nfs: Move nfsd patch to the right section\n - nfsv4: Recovery of recalled read delegations is broken (bsc#956514).\n - nmi: provide the option to issue an NMI back trace to every cpu but\n current (bsc#940946, bsc#937444).\n - nmi: provide the option to issue an NMI back trace to every cpu but\n current (bsc#940946, bsc#937444).\n - panic, x86: Allow CPUs to save registers even if looping in NMI context\n (bsc#940946, bsc#937444).\n - panic, x86: Fix re-entrance problem due to panic on NMI (bsc#940946,\n bsc#937444).\n - pci: allow access to VPD attributes with size 0 (bsc#959146).\n - pciback: Check PF instead of VF for PCI_COMMAND_MEMORY.\n - pciback: Save the number of MSI-X entries to be copied later.\n - pci: Blacklist vpd access for buggy devices (bsc#959146).\n - pci: Determine actual VPD size on first access (bsc#959146).\n - pci: Update VPD definitions (bsc#959146).\n - perf: Do not modify perf bias performance setting by default at boot\n (bnc#812259,bsc#959629).\n - proc: Fix ptrace-based permission checks for accessing task maps.\n - rpm/constraints.in: Bump disk space requirements up a bit Require 10GB\n on s390x, 20GB elsewhere.\n - rpm/kernel-binary.spec.in: Fix build if no UEFI certs are installed\n - rpm/kernel-binary.spec.in: Fix kernel-vanilla-devel dependency\n (bsc#959090)\n - rpm/kernel-binary.spec.in: Fix paths in kernel-vanilla-devel\n (bsc#959090).\n - rpm/kernel-binary.spec.in: Install libopenssl-devel for newer sign-file\n - rpm/kernel-binary.spec.in: Sync the main and -base package dependencies\n (bsc#965830#c51).\n - rpm/kernel-binary.spec.in: Use bzip compression to speed up build\n (bsc#962356)\n - rpm/kernel-module-subpackage: Fix obsoleting dropped flavors (bsc#968253)\n - rpm/kernel-source.spec.in: Install kernel-macros for\n kernel-source-vanilla (bsc#959090)\n - rpm/kernel-spec-macros: Do not modify the release string in PTFs\n (bsc#963449)\n - rpm/package-descriptions: Add kernel-zfcpdump and drop -desktop\n - sched/fair: Disable tg load_avg/runnable_avg update for root_task_group\n (bnc#960227).\n - sched/fair: Move cache hot load_avg/runnable_avg into separate cacheline\n (bnc#960227).\n - sched: Fix race between task_group and sched_task_group (Automatic NUMA\n Balancing (fate#315482))\n - scsi: Add sd_mod to initrd modules For some reason PowerVM backend can't\n work without sd_mod\n - scsi_dh_alua: Do not block request queue if workqueue is active\n (bsc#960458).\n - scsi: fix soft lockup in scsi_remove_target() on module removal\n (bsc#965199).\n - scsi: restart list search after unlock in scsi_remove_target\n (bsc#959257).\n - series.conf: add section comments\n - supported.conf: Add e1000e (emulated by VMware) to -base (bsc#968074)\n - supported.conf: Add Hyper-V modules to -base (bsc#965830)\n - supported.conf: Add more QEMU and VMware drivers to -base (bsc#965840).\n - supported.conf: Add more qemu device driver (bsc#968234)\n - supported.conf: Add mptspi and mptsas to -base (bsc#968206)\n - supported.conf: Add netfilter modules to base (bsc#950292)\n - supported.conf: Add nls_iso8859-1 and nls_cp437 to -base (bsc#950292)\n - supported.conf: Add the qemu scsi driver (sym53c8xx) to -base\n (bsc#967802)\n - supported.conf: Add tulip to -base for Hyper-V (bsc#968234)\n - supported.conf: Add vfat to -base to be able to mount the ESP\n (bsc#950292).\n - supported.conf: Add virtio_{blk,net,scsi} to kernel-default-base\n (bsc#950292)\n - supported.conf: Add virtio-rng (bsc#966026)\n - supported.conf: Add xen-blkfront.\n - supported.conf: Add xfs to -base (bsc#965891)\n - supported.conf: Also add virtio_pci to kernel-default-base (bsc#950292).\n - supported.conf: drop +external from ghash-clmulni-intel It was agreed\n that it does not make sense to maintain "external" for this specific\n module. Furthermore it causes problems in rather ordinary VMware\n environments. (bsc#961971)\n - supported.conf: Fix usb-common path usb-common moved to its own\n subdirectory in kernel v3.16, and we backported that change to SLE12.\n - tcp: Restore RFC5961-compliant behavior for SYN packets (bsc#966864).\n - usb: Quiet down false peer failure messages (bnc#960629).\n - x86/apic: Introduce apic_extnmi command line parameter (bsc#940946,\n bsc#937444).\n - x86/nmi: Save regs in crash dump on external NMI (bsc#940946,\n bsc#937444).\n - x86/nmi: Save regs in crash dump on external NMI (bsc#940946,\n bsc#937444).\n - xen: Add /etc/modprobe.d/50-xen.conf selecting Xen frontend driver\n implementation (bsc#957986, bsc#956084, bsc#961658).\n - xen-blkfront: allow building in our Xen environment (bsc#957986\n fate#320625).\n - xen, blkfront: factor out flush-related checks from do_blkif_request()\n (bsc#957986 fate#320625).\n - xen-blkfront: fix accounting of reqs when migrating (bsc#957986\n fate#320625).\n - xen/blkfront: Fix crash if backend does not follow the right states\n (bsc#957986 fate#320625).\n - xen-blkfront: improve aproximation of required grants per request\n (bsc#957986 fate#320625).\n - xen/blkfront: improve protection against issuing unsupported REQ_FUA\n (bsc#957986 fate#320625).\n - xen/blkfront: remove redundant flush_op (bsc#957986 fate#320625).\n - xen-blkfront: remove type check from blkfront_setup_discard (bsc#957986\n fate#320625).\n - xen-blkfront: Silence pfn maybe-uninitialized warning (bsc#957986\n fate#320625).\n - xen: Linux 3.12.52.\n - xen: Refresh patches.xen/xen3-patch-3.9 (bsc#951155).\n - xen: Refresh patches.xen/xen3-patch-3.9 (do not subvert NX protection\n during 1:1 mapping setup).\n - xen-vscsi-large-requests: Fix resource collision for racing request maps\n and unmaps (bsc#966094).\n - xen: Xen config files updated to enable upstream block frontend.\n - xfs: add a few more verifier tests (bsc#947953).\n - xfs: fix double free in xlog_recover_commit_trans (bsc#947953).\n - xfs: recovery of XLOG_UNMOUNT_TRANS leaks memory (bsc#947953).\n\n", "cvss3": {}, "published": "2016-03-16T15:12:30", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-2069", "CVE-2016-0723", "CVE-2016-0774", "CVE-2015-8812", "CVE-2015-8767", "CVE-2013-7446", "CVE-2015-8709", "CVE-2015-5707", "CVE-2015-8785"], "modified": "2016-03-16T15:12:30", "id": "SUSE-SU-2016:0785-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00054.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:22:35", "description": "The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the\n Linux kernel allowed local users to bypass intended AF_UNIX socket\n permissions or cause a denial of service (panic) via crafted epoll_ctl\n calls (bnc#955654).\n - CVE-2015-7509: fs/ext4/namei.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (system crash) via a\n crafted no-journal filesystem, a related issue to CVE-2013-2015\n (bnc#956707).\n - CVE-2015-7515: An out of bounds memory access in the aiptek USB driver\n could be used by physical local attackers to crash the kernel\n (bnc#956708).\n - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in\n the Linux kernel did not properly use a semaphore, which allowed local\n users to cause a denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact via a crafted\n application that leverages a race condition between keyctl_revoke and\n keyctl_read calls (bnc#958951).\n - CVE-2015-7566: A malicious USB device could cause kernel crashes in the\n visor device driver (bnc#961512).\n - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the\n Linux kernel did not ensure that certain slot numbers are valid, which\n allowed local users to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call\n (bnc#949936).\n - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel\n did not validate attempted changes to the MTU value, which allowed\n context-dependent attackers to cause a denial of service (packet loss)\n via a value that is (1) smaller than the minimum compliant value or (2)\n larger than the MTU of an interface, as demonstrated by a Router\n Advertisement (RA) message that is not validated by a daemon, a\n different vulnerability than CVE-2015-0272. NOTE: the scope of\n CVE-2015-0272 is limited to the NetworkManager product (bnc#955354).\n - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local\n users to gain privileges or cause a denial of service (BUG) via crafted\n keyctl commands that negatively instantiate a key, related to\n security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and\n security/keys/user_defined.c (bnc#958463).\n - CVE-2015-8543: The networking implementation in the Linux kernel did not\n validate protocol identifiers for certain protocol families, which\n allowed local users to cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain privileges by leveraging\n CLONE_NEWUSER support to execute a crafted SOCK_RAW application\n (bnc#958886).\n - CVE-2015-8550: Optimizations introduced by the compiler could have lead\n to double fetch vulnerabilities, potentially possibly leading to\n arbitrary code execution in backend (bsc#957988). (bsc#957988 XSA-155).\n - CVE-2015-8551: The PCI backend driver in Xen, when running on an x86\n system and using Linux as the driver domain, allowed local guest\n administrators to hit BUG conditions and cause a denial of service (NULL\n pointer dereference and host OS crash) by leveraging a system with\n access to a passed-through MSI or MSI-X capable physical PCI device and\n a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback\n missing sanity checks (bnc#957990).\n - CVE-2015-8552: The PCI backend driver in Xen, when running on an x86\n system and using Linux as the driver domain, allowed local guest\n administrators to generate a continuous stream of WARN messages and\n cause a denial of service (disk consumption) by leveraging a system with\n access to a passed-through MSI or MSI-X capable physical PCI device and\n XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity\n checks (bnc#957990).\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in\n drivers/net/ppp/pptp.c in the Linux kernel do not verify an address\n length, which allowed local users to obtain sensitive information from\n kernel memory and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the\n Linux kernel did not verify an address length, which allowed local users\n to obtain sensitive information from kernel memory and bypass the KASLR\n protection mechanism via a crafted application (bnc#959399).\n - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not\n properly manage the relationship between a lock and a socket, which\n allowed local users to cause a denial of service (deadlock) via a\n crafted sctp_accept call (bnc#961509).\n - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in\n the Linux kernel allowed local users to cause a denial of service\n (infinite loop) via a writev system call that triggers a zero length for\n the first segment of an iov (bnc#963765).\n - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the\n network was considered congested. The kernel would incorrectly\n misinterpret the congestion as an error condition and incorrectly\n free/clean up the skb. When the device would then send the skb's queued,\n these structures would be referenced and may panic the system\n or allow an attacker to escalate privileges in a use-after-free\n scenario.(bsc#966437).\n - CVE-2015-8816: A malicious USB device could cause kernel crashes in the\n in hub_activate() function (bnc#968010).\n - CVE-2016-0723: Race condition in the tty_ioctl function in\n drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain\n sensitive information from kernel memory or cause a denial of service\n (use-after-free and system crash) by making a TIOCGETD ioctl call during\n processing of a TIOCSETD ioctl call (bnc#961500).\n - CVE-2016-2069: A race in invalidating paging structures that were not in\n use locally could have lead to disclosoure of information or arbitrary\n code exectution (bnc#963767).\n - CVE-2016-2143: On zSeries a fork of a large process could have caused\n memory corruption due to incorrect page table handling. (bnc#970504,\n LTC#138810).\n - CVE-2016-2184: A malicious USB device could cause kernel crashes in the\n alsa usb-audio device driver (bsc#971125).\n - CVE-2016-2185: A malicious USB device could cause kernel crashes in the\n usb_driver_claim_interface function (bnc#971124).\n - CVE-2016-2186: A malicious USB device could cause kernel crashes in the\n powermate device driver (bnc#970958).\n - CVE-2016-2384: A double free on the ALSA umidi object was fixed.\n (bsc#966693).\n - CVE-2016-2543: A missing NULL check at remove_events ioctl in the ALSA\n seq driver was fixed. (bsc#967972).\n - CVE-2016-2544: Fix race at timer setup and close in the ALSA seq driver\n was fixed. (bsc#967973).\n - CVE-2016-2545: A double unlink of active_list in the ALSA timer driver\n was fixed. (bsc#967974).\n - CVE-2016-2546: A race among ALSA timer ioctls was fixed (bsc#967975).\n - CVE-2016-2547,CVE-2016-2548: The ALSA slave timer list handling was\n hardened against hangs and races.\n (CVE-2016-2547,CVE-2016-2548,bsc#968011,bsc#968012).\n - CVE-2016-2549: A stall in ALSA hrtimer handling was fixed (bsc#968013).\n - CVE-2016-2782: A malicious USB device could cause kernel crashes in the\n visor device driver (bnc#968670).\n - CVE-2016-3137: A malicious USB device could cause kernel crashes in the\n cypress_m8 device driver (bnc#970970).\n - CVE-2016-3139: A malicious USB device could cause kernel crashes in the\n wacom device driver (bnc#970909).\n - CVE-2016-3140: A malicious USB device could cause kernel crashes in the\n digi_acceleport device driver (bnc#970892).\n - CVE-2016-3156: A quadratic algorithm could lead to long kernel ipv4\n hangs when removing a device with a large number of addresses.\n (bsc#971360).\n - CVE-2016-3955: A remote buffer overflow in the usbip driver could be\n used by authenticated attackers to crash the kernel. (bsc#975945)\n - CVE-2016-2847: A local user could exhaust kernel memory by pushing lots\n of data into pipes. (bsc#970948).\n - CVE-2016-2188: A malicious USB device could cause kernel crashes in the\n iowarrior device driver (bnc#970956).\n - CVE-2016-3138: A malicious USB device could cause kernel crashes in the\n cdc-acm device driver (bnc#970911).\n\n The following non-security bugs were fixed:\n - af_unix: Guard against other == sk in unix_dgram_sendmsg (bsc#973570).\n - blktap: also call blkif_disconnect() when frontend switched to closed\n (bsc#952976).\n - blktap: refine mm tracking (bsc#952976).\n - cachefiles: Avoid deadlocks with fs freezing (bsc#935123).\n - cifs: Schedule on hard mount retry (bsc#941514).\n - cpuset: Fix potential deadlock w/ set_mems_allowed (bsc#960857,\n bsc#974646).\n - dcache: use IS_ROOT to decide where dentry is hashed (bsc#949752).\n - driver: Vmxnet3: Fix ethtool -S to return correct rx queue stats\n (bsc#950750).\n - drm/i915: Change semantics of hw_contexts_disabled (bsc#963276).\n - drm/i915: Evict CS TLBs between batches (bsc#758040).\n - drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040).\n - e1000e: Do not read ICR in Other interrupt (bsc#924919).\n - e1000e: Do not write lsc to ics in msi-x mode (bsc#924919).\n - e1000e: Fix msi-x interrupt automask (bsc#924919).\n - e1000e: Remove unreachable code (bsc#924919).\n - ext3: fix data=journal fast mount/umount hang (bsc#942082).\n - ext3: NULL dereference in ext3_evict_inode() (bsc#942082).\n - firmware: Create directories for external firmware (bsc#959312).\n - firmware: Simplify directory creation (bsc#959312).\n - fs: Avoid deadlocks of fsync_bdev() and fs freezing (bsc#935123).\n - fs: Fix deadlocks between sync and fs freezing (bsc#935123).\n - ftdi_sio: private backport of TIOCMIWAIT (bnc#956375).\n - ipr: Fix incorrect trace indexing (bsc#940913).\n - ipr: Fix invalid array indexing for HRRQ (bsc#940913).\n - ipv6: make fib6 serial number per namespace (bsc#965319).\n - ipv6: mld: fix add_grhead skb_over_panic for devs with large MTUs\n (bsc#956852).\n - ipv6: per netns fib6 walkers (bsc#965319).\n - ipv6: per netns FIB garbage collection (bsc#965319).\n - ipv6: replace global gc_args with local variable (bsc#965319).\n - jbd: Fix unreclaimed pages after truncate in data=journal mode\n (bsc#961516).\n - kabi: protect struct netns_ipv6 after FIB6 GC series (bsc#965319).\n - kbuild: create directory for dir/file.o (bsc#959312).\n - kexec: Fix race between panic() and crash_kexec() called directly\n (bnc#937444).\n - lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392).\n - mld, igmp: Fix reserved tailroom calculation (bsc#956852).\n - mm-memcg-print-statistics-from-live-counters-fix (bnc#969307).\n - netfilter: xt_recent: fix namespace destroy path (bsc#879378).\n - nfs4: treat lock owners as opaque values (bnc#968141).\n - nfs: Fix handling of re-write-before-commit for mmapped NFS pages\n (bsc#964201).\n - nfs: use smaller allocations for 'struct id_map' (bsc#965923).\n - nfsv4: Fix two infinite loops in the mount code (bsc#954628).\n - nfsv4: Recovery of recalled read delegations is broken (bsc#956514).\n - panic/x86: Allow cpus to save registers even if they (bnc#940946).\n - panic/x86: Fix re-entrance problem due to panic on (bnc#937444).\n - pciback: do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set.\n - pciback: for XEN_PCI_OP_disable_msi[|x] only disable if device has\n MSI(X) enabled.\n - pciback: return error on XEN_PCI_OP_enable_msi when device has MSI or\n MSI-X enabled.\n - pciback: return error on XEN_PCI_OP_enable_msix when device has MSI or\n MSI-X enabled.\n - pci: Update VPD size with correct length (bsc#958906).\n - quota: Fix deadlock with suspend and quotas (bsc#935123).\n - rdma/ucma: Fix AB-BA deadlock (bsc#963998).\n - README.BRANCH: Switch to LTSS mode\n - Refresh patches.xen/xen3-08-x86-ldt-make-modify_ldt-synchronous.patch\n (bsc#959705).\n - Restore kabi after lock-owner change (bnc#968141).\n - s390/pageattr: Do a single TLB flush for change_page_attr (bsc#940413).\n - scsi_dh_rdac: always retry MODE SELECT on command lock violation\n (bsc#956949).\n - scsi: mpt2sas: Rearrange the the code so that the completion queues are\n initialized prior to sending the request to controller firmware\n (bsc#967863).\n - skb: Add inline helper for getting the skb end offset from head\n (bsc#956852).\n - sunrcp: restore fair scheduling to priority queues (bsc#955308).\n - sunrpc: refactor rpcauth_checkverf error returns (bsc#955673).\n - tcp: avoid order-1 allocations on wifi and tx path (bsc#956852).\n - tcp: fix skb_availroom() (bsc#956852).\n - tg3: 5715 does not link up when autoneg off (bsc#904035).\n - Update\n patches.fixes/mm-exclude-reserved-pages-from-dirtyable-memory-fix.patch\n (bnc#940017, bnc#949298, bnc#947128).\n - usb: ftdi_sio: fix race condition in TIOCMIWAIT, and abort of TIOCMIWAIT\n when the device is removed (bnc#956375).\n - usb: ftdi_sio: fix status line change handling for TIOCMIWAIT and\n TIOCGICOUNT (bnc#956375).\n - usb: ftdi_sio: fix tiocmget and tiocmset return values (bnc#956375).\n - usb: ftdi_sio: fix tiocmget indentation (bnc#956375).\n - usb: ftdi_sio: optimise chars_in_buffer (bnc#956375).\n - usb: ftdi_sio: refactor modem-control status retrieval (bnc#956375).\n - usb: ftdi_sio: remove unnecessary memset (bnc#956375).\n - usb: ftdi_sio: use ftdi_get_modem_status in chars_in_buffer (bnc#956375).\n - usb: ftdi_sio: use generic chars_in_buffer (bnc#956375).\n - usb: serial: export usb_serial_generic_chars_in_buffer (bnc#956375).\n - usb: serial: ftdi_sio: Add missing chars_in_buffer function (bnc#956375).\n - usbvision fix overflow of interfaces array (bnc#950998).\n - veth: extend device features (bsc#879381).\n - vfs: Provide function to get superblock and wait for it to thaw\n (bsc#935123).\n - vmxnet3: adjust ring sizes when interface is down (bsc#950750).\n - vmxnet3: fix building without CONFIG_PCI_MSI (bsc#958912).\n - vmxnet3: fix ethtool ring buffer size setting (bsc#950750).\n - vmxnet3: fix netpoll race condition (bsc#958912).\n - writeback: Skip writeback for frozen filesystem (bsc#935123).\n - x86/evtchn: make use of PHYSDEVOP_map_pirq.\n - x86, kvm: fix kvm's usage of kernel_fpu_begin/end() (bsc#961518).\n - x86, kvm: fix maintenance of guest/host xcr0 state (bsc#961518).\n - x86, kvm: use kernel_fpu_begin/end() in kvm_load/put_guest_fpu()\n (bsc#961518).\n - x86/mce: Fix return value of mce_chrdev_read() when erst is disabled\n (bsc#934787).\n - xen/panic/x86: Allow cpus to save registers even if they (bnc#940946).\n - xen/panic/x86: Fix re-entrance problem due to panic on (bnc#937444).\n - xen: x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330).\n - xen: x86: mm: only do a local tlb flush in ptep_set_access_flags()\n (bsc#948330).\n - xfrm: do not segment UFO packets (bsc#946122).\n - xhci: silence TD warning (bnc#939955).\n\n", "cvss3": {}, "published": "2016-05-03T19:07:56", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-2782", "CVE-2015-8551", "CVE-2016-2543", "CVE-2015-7509", "CVE-2015-8215", "CVE-2016-2069", "CVE-2015-7550", "CVE-2016-2847", "CVE-2016-2548", "CVE-2016-3139", "CVE-2016-0723", "CVE-2016-2186", "CVE-2016-2547", "CVE-2016-3156", "CVE-2013-2015", "CVE-2015-8812", "CVE-2016-2544", "CVE-2016-2184", "CVE-2015-8550", "CVE-2015-8543", "CVE-2016-3955", "CVE-2015-7515", "CVE-2016-3137", "CVE-2015-8539", "CVE-2016-2545", "CVE-2015-8767", "CVE-2016-3138", "CVE-2015-7799", "CVE-2016-3140", "CVE-2016-2546", "CVE-2015-7566", "CVE-2016-2549", "CVE-2016-2143", "CVE-2015-8816", "CVE-2016-2185", "CVE-2015-8575", "CVE-2015-8552", "CVE-2013-7446", "CVE-2015-8569", "CVE-2015-0272", "CVE-2015-8785", "CVE-2016-2188"], "modified": "2016-05-03T19:07:56", "id": "SUSE-SU-2016:1203-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00000.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-10-26T17:27:44", "description": "This kernel update fixes the well known "Dirty COW" issue as well as a\n bunch of other security and non-security related issues.\n\n", "cvss3": {}, "published": "2016-10-26T18:07:11", "type": "suse", "title": "kernel update for Evergreen 11.4 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-2782", "CVE-2016-2543", "CVE-2015-7509", "CVE-2015-8215", "CVE-2016-2069", "CVE-2015-6252", "CVE-2015-7550", "CVE-2015-3339", "CVE-2016-2847", "CVE-2016-2548", "CVE-2016-3139", "CVE-2016-4486", "CVE-2016-0723", "CVE-2016-2186", "CVE-2016-2547", "CVE-2016-3156", "CVE-2015-7872", "CVE-2015-5307", "CVE-2015-8812", "CVE-2016-2544", "CVE-2016-2184", "CVE-2015-8543", "CVE-2015-7515", "CVE-2016-3137", "CVE-2015-8539", "CVE-2015-7990", "CVE-2016-2545", "CVE-2015-8767", "CVE-2016-3138", "CVE-2015-1339", "CVE-2015-7799", "CVE-2016-3140", "CVE-2016-2546", "CVE-2015-7566", "CVE-2016-5195", "CVE-2016-2549", "CVE-2016-2143", "CVE-2015-8816", "CVE-2016-2185", "CVE-2015-8575", "CVE-2013-7446", "CVE-2015-8569", "CVE-2015-0272", "CVE-2015-8785", "CVE-2016-3134", "CVE-2015-6937", "CVE-2015-8104", "CVE-2016-2188"], "modified": "2016-10-26T18:07:11", "id": "OPENSUSE-SU-2016:2649-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00063.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:06:50", "description": "The SUSE Linux Enterprise 11 SP2 kernel was updated to receive various\n security and bug fixes.\n\n The following security bugs were fixed:\n - CVE-2016-4486: Fixed 4 byte information leak in net/core/rtnetlink.c\n (bsc#978822).\n - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not\n validate certain offset fields, which allowed local users to gain\n privileges or cause a denial of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bnc#971126).\n - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of\n unread data in pipes, which allowed local users to cause a denial of\n service (memory consumption) by creating many pipes with non-default\n sizes (bnc#970948).\n - CVE-2016-2188: The iowarrior_probe function in\n drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints value in a USB\n device descriptor (bnc#970956).\n - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in\n the Linux kernel allowed physically proximate attackers to cause a\n denial of service (NULL pointer dereference and system crash) via a USB\n device without both a control and a data endpoint descriptor\n (bnc#970911).\n - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel\n allowed physically proximate attackers to cause a denial of service\n (NULL pointer dereference and system crash) via a USB device without\n both an interrupt-in and an interrupt-out endpoint descriptor, related\n to the cypress_generic_port_probe and cypress_open functions\n (bnc#970970).\n - CVE-2016-3140: The digi_port_init function in\n drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of service (NULL\n pointer dereference and system crash) via a crafted endpoints value in a\n USB device descriptor (bnc#970892).\n - CVE-2016-2186: The powermate_probe function in\n drivers/input/misc/powermate.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints value in a USB\n device descriptor (bnc#970958).\n - CVE-2016-2185: The ati_remote2_probe function in\n drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints value in a USB\n device descriptor (bnc#971124).\n - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles\n destruction of device objects, which allowed guest OS users to cause a\n denial of service (host OS networking outage) by arranging for a large\n number of IP addresses (bnc#971360).\n - CVE-2016-2184: The create_fixed_stream_quirk function in\n sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel\n allowed physically proximate attackers to cause a denial of service\n (NULL pointer dereference or double free, and system crash) via a\n crafted endpoints value in a USB device descriptor (bnc#971125).\n - CVE-2016-3139: The wacom_probe function in\n drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints value in a USB\n device descriptor (bnc#970909).\n - CVE-2016-2143: The fork implementation in the Linux kernel on s390\n platforms mishandled the case of four page-table levels, which allowed\n local users to cause a denial of service (system crash) or possibly have\n unspecified other impact via a crafted application, related to\n arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h\n (bnc#970504).\n - CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in\n the Linux kernel allowed physically proximate attackers to cause a\n denial of service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact by inserting a USB device that\n lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670).\n - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in\n the Linux kernel did not properly maintain a hub-interface data\n structure, which allowed physically proximate attackers to cause a\n denial of service (invalid memory access and system crash) or possibly\n have unspecified other impact by unplugging a USB hub device\n (bnc#968010).\n - CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c\n in the Linux kernel allowed physically proximate attackers to cause a\n denial of service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact by inserting a USB device that\n lacks a bulk-out endpoint (bnc#961512).\n - CVE-2016-2549: sound/core/hrtimer.c in the Linux kernel did not prevent\n recursive callback access, which allowed local users to cause a denial\n of service (deadlock) via a crafted ioctl call (bnc#968013).\n - CVE-2016-2547: sound/core/timer.c in the Linux kernel employed a locking\n approach that did not consider slave timer instances, which allowed\n local users to cause a denial of service (race condition,\n use-after-free, and system crash) via a crafted ioctl call (bnc#968011).\n - CVE-2016-2548: sound/core/timer.c in the Linux kernel retained certain\n linked lists after a close or stop action, which allowed local users to\n cause a denial of service (system crash) via a crafted ioctl call,\n related to the (1) snd_timer_close and (2) _snd_timer_stop functions\n (bnc#968012).\n - CVE-2016-2546: sound/core/timer.c in the Linux kernel used an incorrect\n type of mutex, which allowed local users to cause a denial of service\n (race condition, use-after-free, and system crash) via a crafted ioctl\n call (bnc#967975).\n - CVE-2016-2545: The snd_timer_interrupt function in sound/core/timer.c in\n the Linux kernel did not properly maintain a certain linked list, which\n allowed local users to cause a denial of service (race condition and\n system crash) via a crafted ioctl call (bnc#967974).\n - CVE-2016-2544: Race condition in the queue_delete function in\n sound/core/seq/seq_queue.c in the Linux kernel allowed local users to\n cause a denial of service (use-after-free and system crash) by making an\n ioctl call at a certain time (bnc#967973).\n - CVE-2016-2543: The snd_seq_ioctl_remove_events function in\n sound/core/seq/seq_clientmgr.c in the Linux kernel did not verify FIFO\n assignment before proceeding with FIFO clearing, which allowed local\n users to cause a denial of service (NULL pointer dereference and OOPS)\n via a crafted ioctl call (bnc#967972).\n - CVE-2016-2384: Double free vulnerability in the snd_usbmidi_create\n function in sound/usb/midi.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (panic) or possibly\n have unspecified other impact via vectors involving an invalid USB\n descriptor (bnc#966693).\n - CVE-2015-8812: drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel\n did not properly identify error conditions, which allowed remote\n attackers to execute arbitrary code or cause a denial of service\n (use-after-free) via crafted packets (bnc#966437).\n - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in\n the Linux kernel allowed local users to cause a denial of service\n (infinite loop) via a writev system call that triggers a zero length for\n the first segment of an iov (bnc#963765).\n - CVE-2016-2069: Race condition in arch/x86/mm/tlb.c in the Linux kernel\n .4.1 allowed local users to gain privileges by triggering access to a\n paging structure by a different CPU (bnc#963767).\n - CVE-2016-0723: Race condition in the tty_ioctl function in\n drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain\n sensitive information from kernel memory or cause a denial of service\n (use-after-free and system crash) by making a TIOCGETD ioctl call during\n processing of a TIOCSETD ioctl call (bnc#961500).\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the\n Linux kernel allowed local users to bypass intended AF_UNIX socket\n permissions or cause a denial of service (panic) via crafted epoll_ctl\n calls (bnc#955654).\n - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not\n properly manage the relationship between a lock and a socket, which\n allowed local users to cause a denial of service (deadlock) via a\n crafted sctp_accept call (bnc#961509).\n - CVE-2015-7515: The aiptek_probe function in\n drivers/input/tablet/aiptek.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted USB device that lacks\n endpoints (bnc#956708).\n - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel\n did not validate attempted changes to the MTU value, which allowed\n context-dependent attackers to cause a denial of service (packet loss)\n via a value that is (1) smaller than the minimum compliant value or (2)\n larger than the MTU of an interface, as demonstrated by a Router\n Advertisement (RA) message that is not validated by a daemon, a\n different vulnerability than CVE-2015-0272 (bnc#955354).\n - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in\n the Linux kernel did not properly use a semaphore, which allowed local\n users to cause a denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact via a crafted\n application that leverages a race condition between keyctl_revoke and\n keyctl_read calls (bnc#958951).\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in\n drivers/net/ppp/pptp.c in the Linux kernel did not verify an address\n length, which allowed local users to obtain sensitive information from\n kernel memory and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the\n Linux kernel did not verify an address length, which allowed local users\n to obtain sensitive information from kernel memory and bypass the KASLR\n protection mechanism via a crafted application (bnc#959399).\n - CVE-2015-8543: The networking implementation in the Linux kernel did not\n validate protocol identifiers for certain protocol families, which\n allowed local users to cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain privileges by leveraging\n CLONE_NEWUSER support to execute a crafted SOCK_RAW application\n (bnc#958886).\n - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local\n users to gain privileges or cause a denial of service (BUG) via crafted\n keyctl commands that negatively instantiate a key, related to\n security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and\n security/keys/user_defined.c (bnc#958463).\n - CVE-2015-7509: fs/ext4/namei.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (system crash) via a\n crafted no-journal filesystem, a related issue to CVE-2013-2015\n (bnc#956709).\n - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the\n Linux kernel did not ensure that certain slot numbers are valid, which\n allowed local users to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call\n (bnc#949936).\n - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS\n users to cause a denial of service (host OS panic or hang) by triggering\n many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).\n - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS\n users to cause a denial of service (host OS panic or hang) by triggering\n many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c\n (bnc#953527).\n - CVE-2015-7990: Race condition in the rds_sendmsg function in\n net/rds/sendmsg.c in the Linux kernel allowed local users to cause a\n denial of service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact by using a socket that was not\n properly bound (bnc#952384).\n - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in\n the Linux kernel allowed local users to cause a denial of service (OOPS)\n via crafted keyctl commands (bnc#951440).\n - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in\n the Linux kernel allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) or possibly have unspecified other\n impact by using a socket that was not properly bound (bnc#945825).\n - CVE-2015-6252: The vhost_dev_ioctl function in drivers/vhost/vhost.c in\n the Linux kernel allowed local users to cause a denial of service\n (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers\n permanent file-descriptor allocation (bnc#942367).\n - CVE-2015-3339: Race condition in the prepare_binprm function in\n fs/exec.c in the Linux kernel allowed local users to gain privileges by\n executing a setuid program at a time instant when a chown to root is in\n progress, and the ownership is changed but the setuid bit is not yet\n stripped (bnc#928130).\n\n The following non-security bugs were fixed:\n - Fix handling of re-write-before-commit for mmapped NFS pages\n (bsc#964201).\n - Fix lpfc_send_rscn_event allocation size claims bnc#935757\n - Fix ntpd clock synchronization in Xen PV domains (bnc#816446).\n - Fix vmalloc_fault oops during lazy MMU updates (bsc#948562).\n - Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309).\n - SCSI: bfa: Fix to handle firmware tskim abort request response\n (bsc#972510).\n - USB: usbip: fix potential out-of-bounds write (bnc#975945).\n - af_unix: Guard against other == sk in unix_dgram_sendmsg (bsc#973570).\n - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826).\n - mm/hugetlb: check for pte NULL pointer in __page_check_address()\n (bsc#977847).\n - nf_conntrack: fix bsc#758540 kabi fix (bsc#946117).\n - privcmd: allow preempting long running user-mode originating hypercalls\n (bnc#861093).\n - s390/cio: collect format 1 channel-path description data (bsc#966460,\n bsc#966662).\n - s390/cio: ensure consistent measurement state (bsc#966460, bsc#966662).\n - s390/cio: fix measurement characteristics memleak (bsc#966460,\n bsc#966662).\n - s390/cio: update measurement characteristics (bsc#966460, bsc#966662).\n - xfs: Fix lost direct IO write in the last block (bsc#949744).\n\n", "cvss3": {}, "published": "2016-08-15T16:08:51", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-2782", "CVE-2016-2543", "CVE-2015-7509", "CVE-2015-8215", "CVE-2016-2069", "CVE-2015-6252", "CVE-2015-7550", "CVE-2015-3339", "CVE-2016-2847", "CVE-2016-2548", "CVE-2016-3139", "CVE-2016-4486", "CVE-2016-0723", "CVE-2016-2186", "CVE-2016-2547", "CVE-2016-3156", "CVE-2015-7872", "CVE-2013-2015", "CVE-2015-5307", "CVE-2015-8812", "CVE-2016-2544", "CVE-2016-2184", "CVE-2015-8543", "CVE-2015-7515", "CVE-2016-3137", "CVE-2015-8539", "CVE-2015-7990", "CVE-2016-2545", "CVE-2015-8767", "CVE-2016-3138", "CVE-2015-7799", "CVE-2016-3140", "CVE-2016-2546", "CVE-2015-7566", "CVE-2016-2549", "CVE-2016-2143", "CVE-2015-8816", "CVE-2016-2185", "CVE-2015-8575", "CVE-2013-7446", "CVE-2015-8569", "CVE-2015-0272", "CVE-2015-8785", "CVE-2016-3134", "CVE-2015-6937", "CVE-2015-8104", "CVE-2016-2188"], "modified": "2016-08-15T16:08:51", "id": "SUSE-SU-2016:2074-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:41:37", "description": "The openSUSE 13.2 kernel was updated to receive security and bugfixes.\n\n It also fixes a regression that caused the Chromium sandbox to no longer\n work (bsc#965356).\n\n Following security bugs were fixed:\n - CVE-2016-2069: A flaw was discovered in a way the Linux deals with\n paging structures. When Linux invalidates a paging structure that is not\n in use locally, it could, in principle, race against another CPU that is\n switching to a process that uses the paging structure in question,\n causing a local denial service (machine crash). (bnc#963767).\n - CVE-2016-0723: Race condition in the tty_ioctl function in\n drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain\n sensitive information from kernel memory or cause a denial of service\n (use-after-free and system crash) by making a TIOCGETD ioctl call during\n processing of a TIOCSETD ioctl call (bnc#961500).\n\n The following non-security bugs were fixed:\n - Bluetooth: ath3k: workaround the compatibility issue with xHCI\n controller (bnc#907378).\n - kABI fix for addition of user_namespace.flags field (bnc#965308,\n bnc#965356).\n - userns: Add a knob to disable setgroups on a per user namespace basis\n (bnc#965308, bnc#965356).\n - userns: Allow setting gid_maps without privilege when setgroups is\n disabled (bnc#965308, bnc#965356).\n - userns: Rename id_map_mutex to userns_state_mutex (bnc#965308,\n bnc#965356).\n\n", "cvss3": {}, "published": "2016-02-22T12:11:15", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2069", "CVE-2016-0723"], "modified": "2016-02-22T12:11:15", "id": "OPENSUSE-SU-2016:0537-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00051.html", "cvss": {"score": 5.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:41:36", "description": "The openSUSE 13.2 kernel was updated to receive various security and\n bugfixes.\n\n Following security bugs were fixed:\n - CVE-2016-0728: A reference leak in keyring handling with\n join_session_keyring() could lead to local attackers gain root\n privileges. (bsc#962075).\n - CVE-2015-7550: A local user could have triggered a race between read and\n revoke in keyctl (bnc#958951).\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in\n drivers/net/ppp/pptp.c in the Linux kernel did not verify an address\n length, which allowed local users to obtain sensitive information from\n kernel memory and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n - CVE-2015-8543: The networking implementation in the Linux kernel did not\n validate protocol identifiers for certain protocol families, which\n allowed local users to cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain privileges by leveraging\n CLONE_NEWUSER support to execute a crafted SOCK_RAW application\n (bnc#958886).\n - CVE-2014-8989: The Linux kernel did not properly restrict dropping\n of supplemental group memberships in certain namespace scenarios, which\n allowed local users to bypass intended file permissions by leveraging a\n POSIX ACL containing an entry for the group category that is more\n restrictive than the entry for the other category, aka a "negative\n groups" issue, related to kernel/groups.c, kernel/uid16.c, and\n kernel/user_namespace.c (bnc#906545).\n - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the\n x86_64 platform mishandles IRET faults in processing NMIs that\n occurred during userspace execution, which might allow local users to\n gain privileges by triggering an NMI (bnc#937969).\n - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the\n Linux kernel through 4.2.3 did not ensure that certain slot numbers are\n valid, which allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl\n call (bnc#949936).\n - CVE-2015-8104: The KVM subsystem in the Linux kernel through 4.2.6, and\n Xen 4.3.x through 4.6.x, allowed guest OS users to cause a denial\n of service (host OS panic or hang) by triggering many #DB (aka Debug)\n exceptions, related to svm.c (bnc#954404).\n - CVE-2015-5307: The KVM subsystem in the Linux kernel through 4.2.6, and\n Xen 4.3.x through 4.6.x, allowed guest OS users to cause a denial\n of service (host OS panic or hang) by triggering many #AC (aka Alignment\n Check) exceptions, related to svm.c and vmx.c (bnc#953527).\n - CVE-2014-9529: Race condition in the key_gc_unused_keys function in\n security/keys/gc.c in the Linux kernel allowed local users to cause a\n denial of service (memory corruption or panic) or possibly have\n unspecified other impact via keyctl commands that trigger access to a\n key structure member during garbage collection of a key (bnc#912202).\n - CVE-2015-7990: Race condition in the rds_sendmsg function in\n net/rds/sendmsg.c in the Linux kernel allowed local users to cause a\n denial of service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact by using a socket that was not\n properly bound. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2015-6937 (bnc#952384 953052).\n - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in\n the Linux kernel allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) or possibly have unspecified\n other impact by using a socket that was not properly bound (bnc#945825).\n - CVE-2015-7885: The dgnc_mgmt_ioctl function in\n drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 did\n not initialize a certain structure member, which allowed local users to\n obtain sensitive information from kernel memory via a crafted\n application (bnc#951627).\n - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel\n did not validate attempted changes to the MTU value, which allowed\n context-dependent attackers to cause a denial of service (packet loss)\n via a value that is (1) smaller than the minimum compliant value or (2)\n larger than the MTU of an interface, as demonstrated by a Router\n Advertisement (RA) message that is not validated by a daemon, a\n different vulnerability than CVE-2015-0272. NOTE: the scope of\n CVE-2015-0272 is limited to the NetworkManager product (bnc#955354).\n - CVE-2015-8767: A case can occur when sctp_accept() is called by the user\n during a heartbeat timeout event after the 4-way handshake. Since\n sctp_assoc_migrate() changes both assoc->base.sk and assoc->ep, the\n bh_sock_lock in sctp_generate_heartbeat_event() will be taken with the\n listening socket but released with the new association socket. The\n result is a deadlock on any future attempts to take the listening socket\n lock. (bsc#961509)\n - CVE-2015-8575: Validate socket address length in sco_sock_bind() to\n prevent information leak (bsc#959399).\n - CVE-2015-8551, CVE-2015-8552: xen/pciback: For\n XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled\n (bsc#957990).\n - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers\n could have lead to double fetch vulnerabilities, causing denial of\n service or arbitrary code execution (depending on the configuration)\n (bsc#957988).\n\n The following non-security bugs were fixed:\n - ALSA: hda - Disable 64bit address for Creative HDA controllers\n (bnc#814440).\n - ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504).\n - Input: aiptek - fix crash on detecting device without endpoints\n (bnc#956708).\n - KEYS: Make /proc/keys unconditional if CONFIG_KEYS=y (boo#956934).\n - KVM: x86: update masterclock values on TSC writes (bsc#961739).\n - NFS: Fix a NULL pointer dereference of migration recovery ops for v4.2\n client (bsc#960839).\n - apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another\n task (bsc#921949).\n - blktap: also call blkif_disconnect() when frontend switched to closed\n (bsc#952976).\n - blktap: refine mm tracking (bsc#952976).\n - cdrom: Random writing support for BD-RE media (bnc#959568).\n - genksyms: Handle string literals with spaces in reference files\n (bsc#958510).\n - ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224).\n - ipv6: distinguish frag queues by device for multicast and link-local\n packets (bsc#955422).\n - ipv6: fix tunnel error handling (bsc#952579).\n - route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224).\n - uas: Add response iu handling (bnc#954138).\n - usbvision fix overflow of interfaces array (bnc#950998).\n - x86/evtchn: make use of PHYSDEVOP_map_pirq.\n - xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set\n (bsc#957990 XSA-157).\n\n", "cvss3": {}, "published": "2016-02-03T15:11:57", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-8551", "CVE-2014-9529", "CVE-2015-8215", "CVE-2015-7550", "CVE-2014-8989", "CVE-2015-5307", "CVE-2015-8550", "CVE-2015-8543", "CVE-2016-0728", "CVE-2015-7990", "CVE-2015-8767", "CVE-2015-7799", "CVE-2015-8575", "CVE-2015-8552", "CVE-2015-8569", "CVE-2015-0272", "CVE-2015-5157", "CVE-2015-7885", "CVE-2015-6937", "CVE-2015-8104"], "modified": "2016-02-03T15:11:57", "id": "OPENSUSE-SU-2016:0318-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00005.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:46:06", "description": "The openSUSE Leap 42.1 kernel was updated to 4.1.20 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2015-1339: A memory leak in cuse could be used to exhaust kernel\n memory. (bsc#969356).\n - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the\n Linux kernel did not ensure that certain slot numbers are valid, which\n allowed local users to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call\n (bnc#949936 951638).\n - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in\n the Linux kernel allowed local users to cause a denial of service (OOPS)\n via crafted keyctl commands (bnc#951440).\n - CVE-2015-7884: The vivid_fb_ioctl function in\n drivers/media/platform/vivid/vivid-osd.c in the Linux kernel did not\n initialize a certain structure member, which allowed local users to\n obtain sensitive information from kernel memory via a crafted\n application (bnc#951626).\n - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS\n users to cause a denial of service (host OS panic or hang) by triggering\n many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).\n - CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and\n gid mappings, which allowed local users to gain privileges by\n establishing a user namespace, waiting for a root process to enter that\n namespace with an unsafe uid or gid, and then using the ptrace system\n call. NOTE: the vendor states "there is no kernel bug here (bnc#959709).\n - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not\n properly manage the relationship between a lock and a socket, which\n allowed local users to cause a denial of service (deadlock) via a\n crafted sctp_accept call. (bsc#961509)\n - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in\n the Linux kernel allowed local users to cause a denial of service\n (infinite loop) via a writev system call that triggers a zero length for\n the first segment of an iov (bnc#963765).\n - CVE-2015-8787: The nf_nat_redirect_ipv4 function in\n net/netfilter/nf_nat_redirect.c in the Linux kernel allowed remote\n attackers to cause a denial of service (NULL pointer dereference and\n system crash) or possibly have unspecified other impact by sending\n certain IPv4 packets to an incompletely configured interface, a related\n issue to CVE-2003-1604 (bnc#963931).\n - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the\n network was considered congested. The kernel would incorrectly\n misinterpret the congestion as an error condition and incorrectly\n free/clean up the skb. When the device would then send the skb's queued,\n these structures would be referenced and may panic the system\n or allow an attacker to escalate privileges in a use-after-free\n scenario. (bsc#966437).\n - CVE-2016-0723: Race condition in the tty_ioctl function in\n drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain\n sensitive information from kernel memory or cause a denial of service\n (use-after-free and system crash) by making a TIOCGETD ioctl call during\n processing of a TIOCSETD ioctl call (bnc#961500).\n - CVE-2016-2069: When Linux invalidated a paging structure that is not in\n use locally, it could, in principle, race against another CPU that is\n switching to a process that uses the paging structure in question.\n (bsc#963767)\n - CVE-2016-2184: A malicious USB device could cause a kernel crash in the\n alsa usb-audio driver. (bsc#971125)\n - CVE-2016-2383: Incorrect branch fixups for eBPF allow arbitrary read\n of kernel memory. (bsc#966684)\n - CVE-2016-2384: A malicious USB device could cause a kernel crash in the\n alsa usb-audio driver. (bsc#966693)\n\n The following non-security bugs were fixed:\n - alsa: hda - Apply clock gate workaround to Skylake, too (bsc#966137).\n - alsa: hda - disable dynamic clock gating on Broxton before reset\n (bsc#966137).\n - alsa: hda - Fix playback noise with 24/32 bit sample size on BXT\n (bsc#966137).\n - alsa: seq: Fix double port list deletion (bsc#968018).\n - alsa: seq: Fix leak of pool buffer at concurrent writes (bsc#968018).\n - alsa: timer: Fix race between stop and interrupt (bsc#968018).\n - alsa: timer: Fix wrong instance passed to slave callbacks (bsc#968018).\n - arm64: Add workaround for Cavium erratum 27456.\n - arm64: Backport arm64 patches from SLE12-SP1-ARM\n - btrfs: teach backref walking about backrefs with underflowed\n (bsc#966259).\n - cgroup kabi fix for 4.1.19.\n - config: Disable CONFIG_DDR. CONFIG_DDR is selected automatically by\n drivers which need it.\n - config: Disable MFD_TPS65218 The TPS65218 is a power management IC for\n 32-bit ARM systems.\n - config: Modularize NF_REJECT_IPV4/V6 There is no reason why these helper\n modules should be built-in when the rest of netfilter is built as\n modules.\n - config: Update x86 config files: Enable Intel RAPL This driver is useful\n when power caping is needed. It was enabled in the SLE kernel 2 years\n ago.\n - Delete patches.fixes/bridge-module-get-put.patch. As discussed in\n <a rel=\"nofollow\" href=\"http://lists.opensuse.org/opensuse-kernel/2015-11/msg00046.html\">http://lists.opensuse.org/opensuse-kernel/2015-11/msg00046.html</a>\n - drm/i915: Fix double unref in intelfb_alloc failure path (boo#962866,\n boo#966179).\n - drm/i915: Fix failure paths around initial fbdev allocation (boo#962866,\n boo#966179).\n - drm/i915: Pin the ifbdev for the info-&gt;system_base GGTT mmapping\n (boo#962866, boo#966179).\n - e1000e: Avoid divide by zero error (bsc#965125).\n - e1000e: fix division by zero on jumbo MTUs (bsc#965125).\n - e1000e: fix systim issues (bsc#965125).\n - e1000e: Fix tight loop implementation of systime read algorithm\n (bsc#965125).\n - ibmvnic: Fix ibmvnic_capability struct.\n - intel: Disable Skylake support in intel_idle driver again (boo#969582)\n This turned out to bring a regression on some machines, unfortunately.\n It should be addressed in the upstream at first.\n - intel_idle: allow idle states to be freeze-mode specific (boo#969582).\n - intel_idle: Skylake Client Support (boo#969582).\n - intel_idle: Skylake Client Support - updated (boo#969582).\n - libceph: fix scatterlist last_piece calculation (bsc#963746).\n - lio: Add LIO clustered RBD backend (fate#318836)\n - net kabi fixes for 4.1.19.\n - numa patches updated to v15\n - ocfs2: fix dlmglue deadlock issue(bnc#962257)\n - pci: thunder: Add driver for ThunderX-pass{1,2} on-chip devices\n - pci: thunder: Add PCIe host driver for ThunderX processors\n - sd: Optimal I/O size is in bytes, not sectors (boo#961263).\n - sd: Reject optimal transfer length smaller than page size (boo#961263).\n - series.conf: move cxgb3 patch to network drivers section\n\n", "cvss3": {}, "published": "2016-04-12T12:09:32", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2015-8787", "CVE-2016-2069", "CVE-2015-7884", "CVE-2016-2383", "CVE-2016-0723", "CVE-2015-7872", "CVE-2015-8812", "CVE-2016-2184", "CVE-2015-8767", "CVE-2015-1339", "CVE-2015-7799", "CVE-2015-8709", "CVE-2003-1604", "CVE-2015-8785", "CVE-2015-8104"], "modified": "2016-04-12T12:09:32", "id": "OPENSUSE-SU-2016:1008-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:27:23", "description": "This update for the Linux Kernel 3.12.53-60.30.1 fixes the following\n issues:\n\n - CVE-2016-2384: A malicious USB device could cause a kernel crash in the\n alsa usb-audio driver. (bsc#967773)\n\n - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the\n network was considered congested. The kernel would incorrectly\n misinterpret the congestion as an error condition and incorrectly\n free/clean up the skb. When the device would then send the skb's queued,\n these structures would be referenced and may panic the system or allow\n an attacker to escalate privileges in a use-after-free scenario.\n (bsc#966683)\n\n - CVE-2016-0774: A pipe buffer state corruption after unsuccessful atomic\n read from pipe was fixed (bsc#964732).\n\n - CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and\n gid mappings, which allowed local users to gain privileges by\n establishing a user namespace, waiting for a root process to enter that\n namespace with an unsafe uid or gid, and then using the ptrace system\n call. NOTE: the vendor states "there is no kernel bug here." (bsc#960563)\n\n", "cvss3": {}, "published": "2016-04-14T17:09:56", "type": "suse", "title": "Security update for Linux Kernel Live Patch 3 for SP 1 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-0774", "CVE-2015-8812", "CVE-2015-8709"], "modified": "2016-04-14T17:09:56", "id": "SUSE-SU-2016:1033-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:05:54", "description": "This update for the Linux Kernel 3.12.51-60.20.1 fixes the following\n issues:\n\n - CVE-2016-2384: A malicious USB device could cause a kernel crash in the\n alsa usb-audio driver. (bsc#967773)\n\n - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the\n network was considered congested. The kernel would incorrectly\n misinterpret the congestion as an error condition and incorrectly\n free/clean up the skb. When the device would then send the skb's queued,\n these structures would be referenced and may panic the system or allow\n an attacker to escalate privileges in a use-after-free scenario.\n (bsc#966683)\n\n - CVE-2016-0774: A pipe buffer state corruption after unsuccessful atomic\n read from pipe was fixed (bsc#964732).\n\n - CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and\n gid mappings, which allowed local users to gain privileges by\n establishing a user namespace, waiting for a root process to enter that\n namespace with an unsafe uid or gid, and then using the ptrace system\n call. NOTE: the vendor states "there is no kernel bug here." (bsc#960563)\n\n", "cvss3": {}, "published": "2016-04-14T17:09:06", "type": "suse", "title": "Security update for Linux Kernel Live Patch 1 for SP 1 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-0774", "CVE-2015-8812", "CVE-2015-8709"], "modified": "2016-04-14T17:09:06", "id": "SUSE-SU-2016:1032-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:19:58", "description": "This update for the Linux Kernel 3.12.44-52.18.1 fixes the following\n issues:\n\n - CVE-2016-2384: A malicious USB device could cause a kernel crash in the\n alsa usb-audio driver. (bsc#967773)\n\n - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the\n network was considered congested. The kernel would incorrectly\n misinterpret the congestion as an error condition and incorrectly\n free/clean up the skb. When the device would then send the skb's queued,\n these structures would be referenced and may panic the system or allow\n an attacker to escalate privileges in a use-after-free scenario.\n (bsc#966683)\n\n - CVE-2016-0774: A pipe buffer state corruption after unsuccessful atomic\n read from pipe was fixed (bsc#964732).\n\n - CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and\n gid mappings, which allowed local users to gain privileges by\n establishing a user namespace, waiting for a root process to enter that\n namespace with an unsafe uid or gid, and then using the ptrace system\n call. NOTE: the vendor states "there is no kernel bug here." (bsc#960563)\n\n", "cvss3": {}, "published": "2016-04-14T20:07:59", "type": "suse", "title": "Security update for Linux Kernel Live Patch 7 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-0774", "CVE-2015-8812", "CVE-2015-8709"], "modified": "2016-04-14T20:07:59", "id": "SUSE-SU-2016:1037-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:42:02", "description": "This update for the Linux Kernel 3.12.39-47.1 fixes the following issues:\n\n - CVE-2016-2384: A malicious USB device could cause a kernel crash in the\n alsa usb-audio driver. (bsc#967773)\n\n - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the\n network was considered congested. The kernel would incorrectly\n misinterpret the congestion as an error condition and incorrectly\n free/clean up the skb. When the device would then send the skb's queued,\n these structures would be referenced and may panic the system or allow\n an attacker to escalate privileges in a use-after-free scenario.\n (bsc#966683)\n\n - CVE-2016-0774: A pipe buffer state corruption after unsuccessful atomic\n read from pipe was fixed (bsc#964732).\n\n - CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and\n gid mappings, which allowed local users to gain privileges by\n establishing a user namespace, waiting for a root process to enter that\n namespace with an unsafe uid or gid, and then using the ptrace system\n call. NOTE: the vendor states "there is no kernel bug here." (bsc#960563)\n\n", "cvss3": {}, "published": "2016-04-14T20:10:22", "type": "suse", "title": "Security update for Linux Kernel Live Patch 4 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-0774", "CVE-2015-8812", "CVE-2015-8709"], "modified": "2016-04-14T20:10:22", "id": "SUSE-SU-2016:1040-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:26:30", "description": "This update for the Linux Kernel 3.12.43-52.6.1 fixes the following issues:\n\n - CVE-2016-2384: A malicious USB device could cause a kernel crash in the\n alsa usb-audio driver. (bsc#967773)\n\n - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the\n network was considered congested. The kernel would incorrectly\n misinterpret the congestion as an error condition and incorrectly\n free/clean up the skb. When the device would then send the skb's queued,\n these structures would be referenced and may panic the system or allow\n an attacker to escalate privileges in a use-after-free scenario.\n (bsc#966683)\n\n - CVE-2016-0774: A pipe buffer state corruption after unsuccessful atomic\n read from pipe was fixed (bsc#964732).\n\n - CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and\n gid mappings, which allowed local users to gain privileges by\n establishing a user namespace, waiting for a root process to enter that\n namespace with an unsafe uid or gid, and then using the ptrace system\n call. NOTE: the vendor states "there is no kernel bug here." (bsc#960563)\n\n", "cvss3": {}, "published": "2016-04-15T15:08:50", "type": "suse", "title": "Security update for Linux Kernel Live Patch 5 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-0774", "CVE-2015-8812", "CVE-2015-8709"], "modified": "2016-04-15T15:08:50", "id": "SUSE-SU-2016:1046-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:51:43", "description": "This update for the Linux Kernel 3.12.51-52.31.1 fixes the following\n issues:\n\n - CVE-2016-2384: A malicious USB device could cause a kernel crash in the\n alsa usb-audio driver. (bsc#967773)\n\n - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the\n network was considered congested. The kernel would incorrectly\n misinterpret the congestion as an error condition and incorrectly\n free/clean up the skb. When the device would then send the skb's queued,\n these structures would be referenced and may panic the system or allow\n an attacker to escalate privileges in a use-after-free scenario.\n (bsc#966683)\n\n - CVE-2016-0774: A pipe buffer state corruption after unsuccessful atomic\n read from pipe was fixed (bsc#964732).\n\n - CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and\n gid mappings, which allowed local users to gain privileges by\n establishing a user namespace, waiting for a root process to enter that\n namespace with an unsafe uid or gid, and then using the ptrace system\n call. NOTE: the vendor states "there is no kernel bug here." (bsc#960563)\n\n", "cvss3": {}, "published": "2016-04-14T20:09:35", "type": "suse", "title": "Security update for Linux Kernel Live Patch 9 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-0774", "CVE-2015-8812", "CVE-2015-8709"], "modified": "2016-04-14T20:09:35", "id": "SUSE-SU-2016:1039-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:15:22", "description": "This update for the Linux Kernel 3.12.44-52.10.1 fixes the following\n issues:\n\n - CVE-2016-2384: A malicious USB device could cause a kernel crash in the\n alsa usb-audio driver. (bsc#967773)\n\n - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the\n network was considered congested. The kernel would incorrectly\n misinterpret the congestion as an error condition and incorrectly\n free/clean up the skb. When the device would then send the skb's queued,\n these structures would be referenced and may panic the system or allow\n an attacker to escalate privileges in a use-after-free scenario.\n (bsc#966683)\n\n - CVE-2016-0774: A pipe buffer state corruption after unsuccessful atomic\n read from pipe was fixed (bsc#964732).\n\n - CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and\n gid mappings, which allowed local users to gain privileges by\n establishing a user namespace, waiting for a root process to enter that\n namespace with an unsafe uid or gid, and then using the ptrace system\n call. NOTE: the vendor states "there is no kernel bug here." (bsc#960563)\n\n", "cvss3": {}, "published": "2016-04-14T20:08:48", "type": "suse", "title": "Security update for Linux Kernel Live Patch 6 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-0774", "CVE-2015-8812", "CVE-2015-8709"], "modified": "2016-04-14T20:08:48", "id": "SUSE-SU-2016:1038-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:26:30", "description": "This update for the Linux Kernel 3.12.51-60.25.1 fixes the following\n issues:\n\n - CVE-2016-2384: A malicious USB device could cause a kernel crash in the\n alsa usb-audio driver. (bsc#967773)\n\n - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the\n network was considered congested. The kernel would incorrectly\n misinterpret the congestion as an error condition and incorrectly\n free/clean up the skb. When the device would then send the skb's queued,\n these structures would be referenced and may panic the system or allow\n an attacker to escalate privileges in a use-after-free scenario.\n (bsc#966683)\n\n - CVE-2016-0774: A pipe buffer state corruption after unsuccessful atomic\n read from pipe was fixed (bsc#964732).\n\n - CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and\n gid mappings, which allowed local users to gain privileges by\n establishing a user namespace, waiting for a root process to enter that\n namespace with an unsafe uid or gid, and then using the ptrace system\n call. NOTE: the vendor states "there is no kernel bug here." (bsc#960563)\n\n", "cvss3": {}, "published": "2016-04-14T17:11:57", "type": "suse", "title": "Security update for Linux Kernel Live Patch 2 for SP 1 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-0774", "CVE-2015-8812", "CVE-2015-8709"], "modified": "2016-04-14T17:11:57", "id": "SUSE-SU-2016:1035-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:56:41", "description": "This update for the Linux Kernel 3.12.48-52.27.1 fixes the following\n issues:\n\n - CVE-2016-2384: A malicious USB device could cause a kernel crash in the\n alsa usb-audio driver. (bsc#967773)\n\n - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the\n network was considered congested. The kernel would incorrectly\n misinterpret the congestion as an error condition and incorrectly\n free/clean up the skb. When the device would then send the skb's queued,\n these structures would be referenced and may panic the system or allow\n an attacker to escalate privileges in a use-after-free scenario.\n (bsc#966683)\n\n - CVE-2016-0774: A pipe buffer state corruption after unsuccessful atomic\n read from pipe was fixed (bsc#964732).\n\n - CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and\n gid mappings, which allowed local users to gain privileges by\n establishing a user namespace, waiting for a root process to enter that\n namespace with an unsafe uid or gid, and then using the ptrace system\n call. NOTE: the vendor states "there is no kernel bug here." (bsc#960563)\n\n", "cvss3": {}, "published": "2016-04-14T20:11:21", "type": "suse", "title": "Security update for Linux Kernel Live Patch 8 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-0774", "CVE-2015-8812", "CVE-2015-8709"], "modified": "2016-04-14T20:11:21", "id": "SUSE-SU-2016:1041-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:23:18", "description": "This update for the Linux Kernel 3.12.51-52.34.1 fixes the following\n issues:\n\n - CVE-2016-2384: A malicious USB device could cause a kernel crash in the\n alsa usb-audio driver. (bsc#967773)\n\n - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the\n network was considered congested. The kernel would incorrectly\n misinterpret the congestion as an error condition and incorrectly\n free/clean up the skb. When the device would then send the skb's queued,\n these structures would be referenced and may panic the system or allow\n an attacker to escalate privileges in a use-after-free scenario.\n (bsc#966683)\n\n - CVE-2016-0774: A pipe buffer state corruption after unsuccessful atomic\n read from pipe was fixed (bsc#964732).\n\n - CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and\n gid mappings, which allowed local users to gain privileges by\n establishing a user namespace, waiting for a root process to enter that\n namespace with an unsafe uid or gid, and then using the ptrace system\n call. NOTE: the vendor states "there is no kernel bug here." (bsc#960563)\n\n", "cvss3": {}, "published": "2016-04-15T15:08:00", "type": "suse", "title": "Security update for Linux Kernel Live Patch 10 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-0774", "CVE-2015-8812", "CVE-2015-8709"], "modified": "2016-04-15T15:08:00", "id": "SUSE-SU-2016:1045-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:50:47", "description": "This update for the Linux Kernel 3.12.49-11.1 fixes the following issues:\n\n - CVE-2016-2384: A malicious USB device could cause a kernel crash in the\n alsa usb-audio driver. (bsc#967773)\n\n - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the\n network was considered congested. The kernel would incorrectly\n misinterpret the congestion as an error condition and incorrectly\n free/clean up the skb. When the device would then send the skb's queued,\n these structures would be referenced and may panic the system or allow\n an attacker to escalate privileges in a use-after-free scenario.\n (bsc#966683)\n\n - CVE-2016-0774: A pipe buffer state corruption after unsuccessful atomic\n read from pipe was fixed (bsc#964732).\n\n - CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and\n gid mappings, which allowed local users to gain privileges by\n establishing a user namespace, waiting for a root process to enter that\n namespace with an unsafe uid or gid, and then using the ptrace system\n call. NOTE: the vendor states "there is no kernel bug here." (bsc#960563)\n\n", "cvss3": {}, "published": "2016-04-14T17:08:08", "type": "suse", "title": "Security update for Linux Kernel Live Patch 0 for SP 1 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-0774", "CVE-2015-8812", "CVE-2015-8709"], "modified": "2016-04-14T17:08:08", "id": "SUSE-SU-2016:1031-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:21:38", "description": "This update for the Linux Kernel 3.12.51-52.39.1 fixes the following\n issues:\n\n - CVE-2016-2384: A malicious USB device could cause a kernel crash in the\n alsa usb-audio driver. (bsc#967773)\n\n - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the\n network was considered congested. The kernel would incorrectly\n misinterpret the congestion as an error condition and incorrectly\n free/clean up the skb. When the device would then send the skb's queued,\n these structures would be referenced and may panic the system or allow\n an attacker to escalate privileges in a use-after-free scenario.\n (bsc#966683)\n\n - CVE-2016-0774: A pipe buffer state corruption after unsuccessful atomic\n read from pipe was fixed (bsc#964732).\n\n - CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and\n gid mappings, which allowed local users to gain privileges by\n establishing a user namespace, waiting for a root process to enter that\n namespace with an unsafe uid or gid, and then using the ptrace system\n call. NOTE: the vendor states "there is no kernel bug here." (bsc#960563)\n\n", "cvss3": {}, "published": "2016-04-14T17:10:58", "type": "suse", "title": "Security update for Linux Kernel Live Patch 11 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-0774", "CVE-2015-8812", "CVE-2015-8709"], "modified": "2016-04-14T17:10:58", "id": "SUSE-SU-2016:1034-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:39:50", "description": "The SUSE Linux Enterprise 12 SP1 Realtime kernel was updated to 3.12.58 to\n receive various security and bugfixes.\n\n The following security bugs were fixed:\n - CVE-2015-7566: The treo_attach function in drivers/usb/serial/visor.c in\n the Linux kernel allowed physically proximate attackers to cause a\n denial of service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact by inserting a USB device that\n lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#961512).\n - CVE-2015-8550: Xen, when used on a system providing PV backends, allowed\n local guest OS administrators to cause a denial of service (host OS\n crash) or gain privileges by writing to memory shared between the\n frontend and backend, aka a double fetch vulnerability (bsc#957988).\n - CVE-2015-8551: The PCI backend driver in Xen, when running on an x86\n system, allowed local guest administrators to hit BUG conditions and\n cause a denial of service (NULL pointer dereference and host OS crash)\n by leveraging a system with access to a passed-through MSI or MSI-X\n capable physical PCI device and a crafted sequence of XEN_PCI_OP_*\n operations, aka "Linux pciback missing sanity checks (bsc#957990).\n - CVE-2015-8551: The pci backend driver in Xen, when running on an x86\n system and using Linux 3.1.x through 4.3.x as the driver domain, allowed\n local guest administrators to hit BUG conditions and cause a denial of\n service (NULL pointer dereference and host OS crash) by leveraging a\n system with access to a passed-through MSI or MSI-X capable physical PCI\n device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux\n pciback missing sanity checks (bnc#957990).\n - CVE-2015-8552: The PCI backend driver in Xen, when running on an x86\n system, allowed local guest administrators to generate a continuous\n stream of WARN messages and cause a denial of service (disk consumption)\n by leveraging a system with access to a passed-through MSI or MSI-X\n capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka\n "Linux pciback missing sanity checks (bsc#957990).\n - CVE-2015-8552: The pci backend driver in Xen, when running on an x86\n system and using Linux 3.1.x through 4.3.x as the driver domain, allowed\n local guest administrators to generate a continuous stream\n of WARN messages and cause a denial of service (disk consumption) by\n leveraging a system with access to a passed-through MSI or MSI-X\n capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka\n "Linux pciback missing sanity checks (bnc#957990).\n - CVE-2015-8709: ** DISPUTED ** kernel/ptrace.c in the Linux kernel\n mishandles uid and gid mappings, which allowed local users to gain\n privileges by establishing a user namespace, waiting for a root process\n to enter that namespace with an unsafe uid or gid, and then using the\n ptrace system call. Upstream states that there is no kernel bug here\n (bnc#960561).\n - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c\n allowed local users to cause a denial of service (infinite loop) via a\n writev system call that triggers a zero length for the first segment of\n an iov (bsc#963765).\n - CVE-2015-8812: drivers/infiniband/hw/cxgb3/iwch_cm.c did not properly\n identify error conditions, which allowed remote attackers to execute\n arbitrary code or cause a denial of service (use-after-free) via crafted\n packets (bsc#966437).\n - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c did\n not properly maintain a hub-interface data structure, which allowed\n physically proximate attackers to cause a denial of service (invalid\n memory access and system crash) or possibly have unspecified other\n impact by unplugging a USB hub device (bsc#968010).\n - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in\n the Linux kernel did not properly maintain a hub-interface data\n structure, which allowed physically proximate attackers to cause a\n denial of service (invalid memory access and system crash) or possibly\n have unspecified\n other impact by unplugging a USB hub device (bnc#968010).\n - CVE-2016-0723: Race condition in the tty_ioctl function in\n drivers/tty/tty_io.c allowed local users to obtain sensitive information\n from kernel memory or cause a denial of service (use-after-free and\n system crash) by making a TIOCGETD ioctl call during processing of a\n TIOCSETD ioctl call (bsc#961500).\n - CVE-2016-2143: The fork implementation in the Linux kernel on s390\n platforms mishandles the case of four page-table levels, which allowed\n local users to cause a denial of service (system crash) or possibly have\n unspecified other impact via a crafted application, related to\n arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h.\n (bnc#970504)\n - CVE-2016-2143: The fork implementation on s390 platforms mishandles the\n case of four page-table levels, which allowed local users to cause a\n denial of service (system crash) or possibly have unspecified other\n impact via a crafted application, related to\n arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h\n (bsc#970504).\n - CVE-2016-2184: The create_fixed_stream_quirk function in\n sound/usb/quirks.c in the snd-usb-audio driver allowed physically\n proximate attackers to cause a denial of service (NULL pointer\n dereference\n or double free, and system crash) via a crafted endpoints value in a USB\n device descriptor (bsc#971125).\n - CVE-2016-2184: The create_fixed_stream_quirk function in\n sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel\n allowed physically proximate attackers to cause a denial of service\n (NULL pointer dereference or double free, and system crash) via a\n crafted endpoints value in a USB device descriptor (bnc#971125).\n - CVE-2016-2185: The ati_remote2_probe function in\n drivers/input/misc/ati_remote2.c allowed physically proximate attackers\n to cause a denial of service (NULL pointer dereference and system crash)\n via a crafted endpoints value in a USB device descriptor (bsc#971124).\n - CVE-2016-2185: The ati_remote2_probe function in\n drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints value in a USB\n device descriptor (bnc#971124).\n - CVE-2016-2186: The powermate_probe function in\n drivers/input/misc/powermate.c allowed physically proximate attackers to\n cause a denial of service (NULL pointer dereference and system crash)\n via a crafted endpoints value in a USB device descriptor (bsc#970958).\n - CVE-2016-2186: The powermate_probe function in\n drivers/input/misc/powermate.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints value in a USB\n device descriptor (bnc#970958).\n - CVE-2016-2188: The iowarrior_probe function in\n drivers/usb/misc/iowarrior.c allowed physically proximate attackers to\n cause a denial of service (NULL pointer dereference and system crash)\n via a crafted endpoints value in a USB device descriptor (bsc#970956).\n - CVE-2016-2188: The iowarrior_probe function in\n drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints value in a USB\n device descriptor (bnc#970956).\n - CVE-2016-2384: Double free vulnerability in the snd_usbmidi_create\n function in sound/usb/midi.c allowed physically proximate attackers to\n cause a denial of service (panic) or possibly have unspecified other\n impact via vectors involving an invalid USB descriptor (bsc#966693).\n - CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c\n allowed physically proximate attackers to cause a denial of service\n (NULL pointer dereference and system crash) or possibly have unspecified\n other impact by inserting a USB device that lacks a (1) bulk-in or (2)\n interrupt-in endpoint (bsc#968670).\n - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not\n validate certain offset fields, which allowed local users to gain\n privileges or cause a denial of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bnc#971126).\n - CVE-2016-3136: The mct_u232_msr_to_state function in\n drivers/usb/serial/mct_u232.c allowed physically proximate attackers to\n cause a denial of service (NULL pointer dereference and system crash)\n via a crafted USB device without two interrupt-in endpoint descriptors\n (bsc#970955).\n - CVE-2016-3136: The mct_u232_msr_to_state function in\n drivers/usb/serial/mct_u232.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted USB device without two\n interrupt-in endpoint descriptors (bnc#970955).\n - CVE-2016-3137: drivers/usb/serial/cypress_m8.c allowed physically\n proximate attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a USB device without both an\n interrupt-in and an interrupt-out endpoint descriptor, related to the\n cypress_generic_port_probe and cypress_open functions (bsc#970970).\n - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel\n allowed physically proximate attackers to cause a denial of service\n (NULL pointer dereference and system crash) via a USB device without\n both an interrupt-in and an interrupt-out endpoint descriptor, related\n to the cypress_generic_port_probe and cypress_open functions\n (bnc#970970).\n - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c\n allowed physically proximate attackers to cause a denial of service\n (NULL pointer dereference and system crash) via a USB device without\n both a control and a data endpoint descriptor (bsc#970911).\n - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in\n the Linux kernel allowed physically proximate attackers to cause a\n denial of service (NULL pointer dereference and system crash) via a USB\n device without both a control and a data endpoint descriptor\n (bnc#970911).\n - CVE-2016-3139: The wacom_probe function in\n drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints value in a USB\n device descriptor (bnc#970909).\n - CVE-2016-3140: The digi_port_init function in\n drivers/usb/serial/digi_acceleport.c allowed physically proximate\n attackers to cause a denial of service (NULL pointer dereference and\n system crash) via a crafted endpoints value in a USB device descriptor\n (bsc#970892).\n - CVE-2016-3140: The digi_port_init function in\n drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of service (NULL\n pointer dereference and system crash) via a crafted endpoints value in a\n USB device descriptor (bnc#970892).\n - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles\n destruction of device objects, which allowed guest OS users to cause a\n denial of service (host OS networking outage) by arranging for a large\n number of IP addresses (bnc#971360).\n - CVE-2016-3156: The IPv4 implementation mishandled destruction of device\n objects, which allowed guest OS users to cause a denial of service (host\n OS networking outage) by arranging for a large number of IP addresses\n (bsc#971360).\n - CVE-2016-3689: The ims_pcu_parse_cdc_data function in\n drivers/input/misc/ims-pcu.c allowed physically proximate attackers to\n cause a denial of service (system crash) via a USB device without both a\n master and a slave interface (bsc#971628).\n - CVE-2016-3689: The ims_pcu_parse_cdc_data function in\n drivers/input/misc/ims-pcu.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (system crash) via a\n USB device without both a master and a slave interface (bnc#971628).\n - CVE-2016-3707: A ICMP echo feature hooked to sysrq was removed, which\n could have allowed remote attackers to reboot / halt the machine.\n - CVE-2016-3951: Double free vulnerability in drivers/net/usb/cdc_ncm.c in\n the Linux kernel allowed physically proximate attackers to cause a denial\n of service (system crash) or possibly have unspecified other impact by\n inserting a USB device with an invalid USB descriptor (bnc#974418).\n\n The following non-security bugs were fixed:\n - acpi: Disable ACPI table override when UEFI Secure Boot is enabled\n (bsc#970604).\n - acpi: Disable APEI error injection if securelevel is set (bsc#972891).\n - alsa: rawmidi: Make snd_rawmidi_transmit() race-free (bsc#968018).\n - alsa: seq: Fix leak of pool buffer at concurrent writes (bsc#968018).\n - alsa: timer: Call notifier in the same spinlock (bsc#973378).\n - alsa: timer: Protect the whole snd_timer_close() with open race\n (bsc#973378).\n - alsa: timer: Sync timer deletion at closing the system timer\n (bsc#973378).\n - alsa: timer: Use mod_timer() for rearming the system timer (bsc#973378).\n - apparmor: Skip proc ns files (bsc#959514).\n - block: xen-blkfront: Fix possible NULL ptr dereference (bsc#957986\n fate#320625).\n - btrfs: Account data space in more proper timin: (bsc#963193).\n - btrfs: Add handler for invalidate page (bsc#963193).\n - Btrfs: check prepare_uptodate_page() error code earlier (bnc#966910).\n - btrfs: delayed_ref: Add new function to record reserved space into\n delayed ref (bsc#963193).\n - btrfs: delayed_ref: release and free qgroup reserved at proper timing\n (bsc#963193).\n - btrfs: extent_io: Introduce needed structure for recoding set/clear bits\n (bsc#963193).\n - btrfs: extent_io: Introduce new function clear_record_extent_bits()\n (bsc#963193).\n - btrfs: extent_io: Introduce new function set_record_extent_bits\n (bsc#963193).\n - btrfs: extent-tree: Add new version of btrfs_check_data_free_space and\n btrfs_free_reserved_data_space (bsc#963193).\n - btrfs: extent-tree: Add new version of\n btrfs_delalloc_reserve/release_space (bsc#963193).\n - btrfs: extent-tree: Switch to new check_data_free_space and\n free_reserved_data_space (bsc#963193).\n - btrfs: extent-tree: Switch to new delalloc space reserve and release\n (bsc#963193).\n - btrfs: fallocate: Add support to accurate qgroup reserve (bsc#963193).\n - Btrfs: fix deadlock between direct IO reads and buffered writes\n (bsc#973855).\n - Btrfs: fix invalid page accesses in extent_same (dedup) ioctl\n (bnc#968230).\n - Btrfs: fix loading of orphan roots leading to BUG_ON (bsc#972844).\n - Btrfs: fix page reading in extent_same ioctl leading to csum errors\n (bnc#968230).\n - btrfs: handle non-fatal errors in btrfs_qgroup_inherit() (bsc#972951).\n - btrfs: qgroup: Add handler for NOCOW and inline (bsc#963193).\n - btrfs: qgroup: Add new trace point for qgroup data reserve (bsc#963193).\n - btrfs: qgroup: Avoid calling btrfs_free_reserved_data_space in\n clear_bit_hook (bsc#963193).\n - btrfs: qgroup: Check if qgroup reserved space leaked (bsc#963193).\n - btrfs: qgroup: Cleanup old inaccurate facilities (bsc#963193).\n - btrfs: qgroup: Fix a race in delayed_ref which leads to abort trans\n (bsc#963193).\n - btrfs: qgroup: Fix a rebase bug which will cause qgroup double free\n (bsc#963193).\n - btrfs: qgroup: Fix dead judgement on qgroup_rescan_leaf() return value\n (bsc#969439).\n - btrfs: qgroup: Introduce btrfs_qgroup_reserve_data function (bsc#963193).\n - btrfs: qgroup: Introduce functions to release/free qgroup reserve data\n space (bsc#963193).\n - btrfs: qgroup: Introduce new functions to reserve/free metadata\n (bsc#963193).\n - btrfs: qgroup: return EINVAL if level of parent is not higher than\n child's (bsc#972951).\n - btrfs: qgroup: Use new metadata reservation (bsc#963193).\n - Btrfs: teach backref walking about backrefs with underflowed offset\n values (bsc#975371).\n - dasd: fix hanging system after LCU changes (bnc#968497, LTC#136671).\n - dmapi: fix dm_open_by_handle_rvp taking an extra ref to mnt (bsc#967292).\n - drivers/base/memory.c: fix kernel warning during memory hotplug on ppc64\n (bsc#963827).\n - drivers: hv: Allow for MMIO claims that span ACPI _CRS records\n (bnc#965924).\n - drivers: hv: Define the channel type for Hyper-V pci Express\n pass-through (bnc#965924).\n - drivers: hv: Export a function that maps Linux CPU num onto Hyper-V proc\n num (bnc#965924).\n - drivers: hv: Export the API to invoke a hypercall on Hyper-V\n (bnc#965924).\n - drivers: hv: kvp: fix IP Failover.\n - drivers: pci:hv: New paravirtual pci front-end for Hyper-V VMs\n (bnc#965924).\n - drivers: xen-blkfront: move talk_to_blkback to a more suitable place\n (bsc#957986 fate#320625).\n - drivers: xen-blkfront: only talk_to_blkback() when in\n XenbusStateInitialising (bsc#957986 fate#320625).\n - drm/core: Preserve the framebuffer after removing it (bsc#968812).\n - drm/i915: do not warn if backlight unexpectedly enabled (boo#972068).\n - drm/i915: set backlight duty cycle after backlight enable for gen4\n (boo#972780).\n - drm/radeon: fix-up some float to fixed conversion thinkos (bsc#968813).\n - drm/radeon: use HDP_MEM_COHERENCY_FLUSH_CNTL for sdma as well\n (bsc#968813).\n - e1000e: Avoid divide by zero error (bsc#968643).\n - e1000e: fix division by zero on jumbo MTUs (bsc#968643).\n - e1000e: Fix tight loop implementation of systime read algorithm\n (bsc#968643).\n - ext4: fix: print ext4 mountopt data_err=abort correctly (bsc#969735).\n - ext4: fix races between page faults and hole punching (bsc#972174).\n - ext4: fix races of writeback with punch hole and zero range (bsc#972174).\n - ext4: Fix softlockups in SEEK_HOLE and SEEK_DATA implementations\n (bsc#942262).\n - Fix preemptible_lazy() unused function warning for compute flavor\n - fs/pipe.c: skip file_update_time on frozen fs (bsc#975488).\n - fs/proc_namespace.c: simplify testing nsp and nsp-&gt;mnt_ns\n (bug#963960).\n - fs, seqfile: always allow oom killer (bnc#968687).\n - fs, seq_file: fallback to vmalloc instead of oom kill processes\n (bnc#968687).\n - futex: Drop refcount if requeue_pi() acquired the rtmutex (bug#960174).\n - hv: Lock access to hyperv_mmio resource tree (bnc#965924).\n - hv: Make a function to free mmio regions through vmbus (bnc#965924).\n - hv: Reverse order of resources in hyperv_mmio (bnc#965924).\n - hv: Track allocations of children of hv_vmbus in private resource tree\n (bnc#965924).\n - hv: Use new vmbus_mmio_free() from client drivers (bnc#965924).\n - hwmon: (coretemp) Increase maximum core to 128 (bsc#970160)\n - hyperv: Add mainline tags to some hyperv patches\n - ibmvnic: Fix ibmvnic_capability struct (fate#320253).\n - ibmvscsi: Remove unsupported host config MAD (bsc#973556).\n - Ignore efivar_validate kabi failures -- it's an EFI internal function.\n - intel_pstate: Use del_timer_sync in intel_pstate_cpu_stop (bsc#967650).\n - iommu/vt-d: Improve fault handler error messages (bsc#975772).\n - iommu/vt-d: Ratelimit fault handler (bsc#975772).\n - ipv6: make fib6 serial number per namespace (bsc#965319).\n - ipv6: mld: fix add_grhead skb_over_panic for devs with large MTUs\n (bsc#956852).\n - ipv6: per netns fib6 walkers (bsc#965319).\n - ipv6: per netns FIB garbage collection (bsc#965319).\n - ipv6: replace global gc_args with local variable (bsc#965319).\n - kabi fix for patches.fixes/reduce-m_start-cost (bsc#966573).\n - kabi: kgr, add reserved fields (fate#313296).\n - kABI: kgr: fix subtle race with kgr_module_init(), going notifier and\n kgr_modify_kernel().\n - kabi: Preserve checksum of kvm_x86_ops (bsc#969112).\n - kABI: protect enum enclosure_component_type.\n - kABI: protect function file_open_root.\n - kABI: protect struct af_alg_type.\n - kABI: protect struct crypto_ahash.\n - kABI: protect struct dm_exception_store_type.\n - kABI: protect struct fib_nh_exception.\n - kABI: protect struct module.\n - kabi: protect struct netns_ipv6 after FIB6 GC series (bsc#965319).\n - kABI: protect struct rq.\n - kABI: protect struct sched_class.\n - kABI: protect struct scm_creds.\n - kABI: protect struct user_struct.\n - kabi/severities:\n - kabi/severities: Fail on changes in kvm_x86_ops, needed by lttng-modules\n - kgr: add kgraft annotations to kthreads' wait_event_freezable() API\n calls (fate#313296).\n - kgr: add kgraft annotation to hwrng kthread (fate#313296).\n - kgr: add objname to kgr_patch_fun struct (fate#313296).\n - kgr: add sympos and objname to error and debug messages (fate#313296).\n - kgr: add sympos as disambiguator field to kgr_patch_fun structure\n (fate#313296).\n - kgr: add sympos to sysfs (fate#313296).\n - kgr: add TAINT_KGRAFT (fate#313296).\n - kgr: call kgr_init_ftrace_ops() only for loaded objects (fate#313296).\n - kgr: change to kallsyms_on_each_symbol iterator (fate#313296).\n - kgr: define pr_fmt and modify all pr_* messages (fate#313296).\n - kgr: do not print error for !abort_if_missing symbols (bnc#943989).\n - kgr: do not return and print an error only if the object is not loaded\n (fate#313296).\n - kgr: do not use WQ_MEM_RECLAIM workqueue (bnc#963572).\n - kgr: fix an asymmetric dealing with delayed module loading (fate#313296).\n - kgr: fix redirection on s390x arch (bsc#903279).\n - kgr: fix reversion of a patch already reverted by a replace_all patch\n (fate#313296).\n - kgr: fix reversion of a patch already reverted by a replace_all patch\n (fate#313296).\n - kgr: fix subtle race with kgr_module_init(), going notifier and\n kgr_modify_kernel() (fate#313296).\n - kgr: handle btrfs kthreads (fate#313296 bnc#889207).\n - kgr: kmemleak, really mark the kthread safe after an interrupt\n (fate#313296).\n - kgr: kmemleak, really mark the kthread safe after an interrupt\n (fate#313296).\n - kgr: log when modifying kernel (fate#317827).\n - kgr: mark kernel unsupported upon patch revert (fate#313296).\n - kgr: mark some more missed kthreads (bnc#962336).\n - kgr: remove abort_if_missing flag (fate#313296).\n - kgr: usb/storage: do not emit thread awakened (bnc#899908).\n - kvm: SVM: add rdmsr support for AMD event registers (bsc#968448).\n - kvm: x86: Check dest_map-&gt;vector to match eoi signals for rtc\n (bsc#966471).\n - kvm: x86: Convert ioapic-&gt;rtc_status.dest_map to a struct\n (bsc#966471).\n - kvm: x86: store IOAPIC-handled vectors in each VCPU (bsc#966471).\n - kvm: x86: Track irq vectors in ioapic-&gt;rtc_status.dest_map\n (bsc#966471).\n - libceph: fix scatterlist last_piece calculation (bsc#963746).\n - lpfc: Fix kmalloc overflow in LPFC driver at large core count\n (bsc#969690).\n - memcg: do not hang on OOM when killed by userspace OOM access to memory\n reserves (bnc#969571).\n - mld, igmp: Fix reserved tailroom calculation (bsc#956852).\n - mmc: Allow forward compatibility for eMMC (bnc#966054).\n - mm: reduce m_start() cost.. (bsc#966573).\n - namespaces: Re-introduce task_nsproxy() helper (bug#963960).\n - namespaces: Use task_lock and not rcu to protect nsproxy (bug#963960).\n - net: core: Correct an over-stringent device loop detection (bsc#945219).\n - net: irda: Fix use-after-free in irtty_open() (bnc#967903).\n - nfs4: treat lock owners as opaque values (bnc#968141).\n - nfsd: fix nfsd_setattr return code for HSM (bsc#969992).\n - nfs: Fix handling of re-write-before-commit for mmapped NFS pages\n (bsc#964201).\n - nfs: fix high load average due to callback thread sleeping (bsc#971170).\n - nfs: Fix problem with setting ACL on directories (bsc#967251).\n - nfs-rdma: Fix for FMR leaks (bsc#908151).\n - nfsv4.1: do not use machine credentials for CLOSE when using 'sec=sys'\n (bsc#972003).\n - nvme: default to 4k device page size (bsc#967047).\n - nvme: special case AEN requests (bsc#965087).\n - pci: Add global pci_lock_rescan_remove() (bnc#965924).\n - pci/AER: Fix aer_inject error codes (bsc#931448).\n - pci/AER: Log actual error causes in aer_inject (bsc#931448).\n - pci/AER: Log aer_inject error injections (bsc#931448).\n - pci/AER: Use dev_warn() in aer_inject (bsc#931448).\n - pci: allow access to VPD attributes with size '0' (bsc#959146).\n - pciback: Check PF instead of VF for pci_COMMAND_MEMORY.\n - pciback: Save the number of MSI-X entries to be copied later.\n - pci: Blacklist vpd access for buggy devices (bsc#959146).\n - pci: Determine actual VPD size on first access (bsc#959146).\n - pci: Export symbols required for loadable host driver modules\n (bnc#965924).\n - pci: pciehp: Disable link notification across slot reset (bsc#967651).\n - pci: pciehp: Do not check adapter or latch status while disabling\n (bsc#967651).\n - pci: pciehp: Do not disable the link permanently during removal\n (bsc#967651).\n - pci: pciehp: Ensure very fast hotplug events are also processed\n (bsc#967651).\n - pci: Update VPD definitions (bsc#959146).\n - perf, nmi: Fix unknown NMI warning (bsc#968512).\n - pipe: limit the per-user amount of pages allocated in pipes (bsc#970948).\n - printk: fix scheduling while atomic bug while oom testing (bnc#965153)\n - proc: Fix ptrace-based permission checks for accessing task maps.\n - qla2xxx: Remove unavailable firmware files (bsc#943645).\n - rbd: do not log miscompare as an error (bsc#970062).\n - rbd: use GFP_NOIO consistently for request allocations (bsc#971159).\n - RDMA/ocrdma: Avoid reporting wrong completions in case of error CQEs\n (bsc#908151).\n - Remove now unneeded (thus harmful) -rt74\n probe_wakeup_latency_hist_start() prototype fix.\n - Remove superfluous Git-commit header from\n patches.fixes/0001-namespaces-Re-introduce-task_nsproxy-helper.patch.\n - Remove VIOSRP_HOST_CONFIG_TYPE from ibmvstgt.c in\n patches.fixes/0001-ibmvscsi-remove-unsupported-host-config-mad.patch. as\n well.\n - resources: Set type in __request_region() (bnc#965924).\n - Restore kabi after lock-owner change.\n - Restore try_get_online_cpus() lockdep annotation dropped by commit\n d1811e3c\n - Revert "libata: Align ata_device's id on a cacheline".\n - Revert "net/ipv6: add sysctl option accept_ra_min_hop_limit".\n - rpm/kernel-binary.spec.in: Sync the main and -base package dependencies\n (bsc#965830#c51).\n - rpm/kernel-module-subpackage: Fix obsoleting dropped flavors (bsc#968253)\n - s390/compat: correct restore of high gprs on signal return (bnc#968497,\n LTC#137571).\n - s390/pageattr: do a single TLB flush for change_page_attr (bsc#940413).\n - s390/zcrypt: HWRNG registration cause kernel panic on CEX hotplug\n (bnc#968497, LTC#138409).\n - scsi: Add intermediate STARGET_REMOVE state to scsi_target_state\n (bsc#970609).\n - scsi: fix soft lockup in scsi_remove_target() on module removal\n (bsc#965199).\n - scsi: proper state checking and module refcount handling in\n scsi_device_get (boo#966831).\n - series.conf: add section comments\n - SUNRPC: Fix large reads on NFS/RDMA (bsc#908151).\n - SUNRPC: remove KERN_INFO from dprintk() call sites (bsc#908151).\n - supported.conf: Add bridge.ko for OpenStack (bsc#971600)\n - supported.conf:Add drivers/infiniband/hw/ocrdma/ocrdma.ko to\n supported.conf (bsc#964461)\n - supported.conf: Add e1000e (emulated by VMware) to -base (bsc#968074)\n - supported.conf: Add Hyper-V modules to -base (bsc#965830)\n - supported.conf: Add isofs to -base (bsc#969655).\n - supported.conf: Add more qemu device driver (bsc#968234)\n - supported.conf: Add mptspi and mptsas to -base (bsc#968206)\n - supported.conf: add pci-hyperv\n - supported.conf: Add the qemu scsi driver (sym53c8xx) to -base\n (bsc#967802)\n - supported.conf: Add tulip to -base for Hyper-V (bsc#968234)\n - supported.conf: Add xen-blkfront.\n - svcrdma: advertise the correct max payload (bsc#908151).\n - svcrdma: Fence LOCAL_INV work requests (bsc#908151).\n - svcrdma: fix offset calculation for non-page aligned sge entries\n (bsc#908151).\n - svcrdma: fix printk when memory allocation fails (bsc#908151).\n - svcrdma: refactor marshalling logic (bsc#908151).\n - svcrdma: send_write() must not overflow the device's max sge\n (bsc#908151).\n - target: Drop incorrect ABORT_TASK put for completed commands\n (bsc#962872).\n - target: Fix LUN_RESET active I/O handling for ACK_KREF (bsc#962872).\n - target: Fix LUN_RESET active TMR descriptor handling (bsc#962872).\n - target: Fix race with SCF_SEND_DELAYED_TAS handling (bsc#962872).\n - target: Fix remote-port TMR ABORT + se_cmd fabric stop (bsc#962872).\n - target: Fix TAS handling for multi-session se_node_acls (bsc#962872).\n - tcp: convert cached rtt from usec to jiffies when feeding initial rto\n (bsc#937086).\n - tcp: Restore RFC5961-compliant behavior for SYN packets (bsc#966864).\n - tracing: Fix probe_wakeup_latency_hist_start() prototype @stable-rt\n cf1dd658fc10b2c34988cd27942fac0d94cb4b5f removed 'success` from trace\n prototypes, but missed probe_wakeup_latency_hist_start().\n - Update\n patches.drivers/drm-ast-Initialize-data-needed-to-map-fbdev-memory.patch\n (bnc#880007). Fix refs and upstream status.\n - Update patches.suse/kgr-0102-add-TAINT_KGRAFT.patch (fate#313296\n bsc#974406).\n - usb: Quiet down false peer failure messages (bnc#960629).\n - USB: usbip: fix potential out-of-bounds write (bnc#975945).\n - x86: export x86_msi (bnc#965924).\n - xen: Add /etc/modprobe.d/50-xen.conf selecting Xen frontend driver\n implementation (bsc#957986, bsc#956084, bsc#961658).\n - xen-blkfront: allow building in our Xen environment (bsc#957986\n fate#320625).\n - xen, blkfront: factor out flush-related checks from do_blkif_request()\n (bsc#957986 fate#320625).\n - xen-blkfront: fix accounting of reqs when migrating (bsc#957986\n fate#320625).\n - xen/blkfront: Fix crash if backend does not follow the right states\n (bsc#957986 fate#320625).\n - xen-blkfront: improve aproximation of required grants per request\n (bsc#957986 fate#320625).\n - xen/blkfront: improve protection against issuing unsupported REQ_FUA\n (bsc#957986 fate#320625).\n - xen/blkfront: remove redundant flush_op (bsc#957986 fate#320625).\n - xen-blkfront: remove type check from blkfront_setup_discard (bsc#957986\n fate#320625).\n - xen-blkfront: Silence pfn maybe-uninitialized warning (bsc#957986\n fate#320625).\n - xen-vscsi-large-requests: Fix resource collision for racing request maps\n and unmaps (bsc#966094).\n - xfs/dmapi: drop lock over synchronous XFS_SEND_DATA events (bsc#969993).\n - xfs/dmapi: propertly send postcreate event (bsc#967299).\n - xprtrdma: Allocate missing pagelist (bsc#908151).\n - xprtrdma: Avoid deadlock when credit window is reset (bsc#908151).\n - xprtrdma: Disconnect on registration failure (bsc#908151).\n - xprtrdma: Ensure ia-&gt;ri_id-&gt;qp is not NULL when reconnecting\n (bsc#908151).\n - xprtrdma: Fall back to MTHCAFMR when FRMR is not supported (bsc#908151).\n - xprtrdma: Limit work done by completion handler (bsc#908151).\n - xprtrdma: Make rpcrdma_ep_destroy() return void (bsc#908151).\n - xprtrdma: mind the device's max fast register page list depth\n (bsc#908151).\n - xprtrdma: mount reports "Invalid mount option" if memreg mode not\n supported (bsc#908151).\n - xprtrdma: Reduce the number of hardway buffer allocations (bsc#908151).\n - xprtrdma: Remove BOUNCEBUFFERS memory registration mode (bsc#908151).\n - xprtrdma: Remove BUG_ON() call sites (bsc#908151).\n - xprtrdma: Remove MEMWINDOWS registration modes (bsc#908151).\n - xprtrdma: Remove REGISTER memory registration mode (bsc#908151).\n - xprtrdma: Remove Tavor MTU setting (bsc#908151).\n - xprtrdma: Reset connection timeout after successful reconnect\n (bsc#908151).\n - xprtrdma: RPC/RDMA must invoke xprt_wake_pending_tasks() in process\n context (bsc#908151).\n - xprtrdma: Simplify rpcrdma_deregister_external() synopsis (bsc#908151).\n - xprtrdma: Split the completion queue (bsc#908151).\n - xprtrdma: Use macros for reconnection timeout constants (bsc#908151).\n - xprtrmda: Reduce calls to ib_poll_cq() in completion handlers\n (bsc#908151).\n - xprtrmda: Reduce lock contention in completion handlers (bsc#908151).\n\n", "cvss3": {}, "published": "2016-07-08T17:07:51", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-2782", "CVE-2015-8551", "CVE-2016-3689", "CVE-2016-3139", "CVE-2016-0723", "CVE-2016-2186", "CVE-2016-3156", "CVE-2015-8812", "CVE-2016-2184", "CVE-2015-8550", "CVE-2016-3951", "CVE-2016-3137", "CVE-2016-3136", "CVE-2016-3138", "CVE-2016-3140", "CVE-2015-7566", "CVE-2016-2143", "CVE-2015-8816", "CVE-2016-2185", "CVE-2015-8552", "CVE-2015-8709", "CVE-2016-3707", "CVE-2015-8785", "CVE-2016-3134", "CVE-2016-2188"], "modified": "2016-07-08T17:07:51", "id": "SUSE-SU-2016:1764-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:22:47", "description": "This kernel live patch for Linux Kernel 3.12.51-52.39.1 fixes two security\n issues:\n\n Fixes:\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the\n Linux kernel allowed local users to bypass intended AF_UNIX socket\n permissions or cause a denial of service (panic) via crafted epoll_ctl\n calls. (bsc#955837)\n\n", "cvss3": {}, "published": "2016-03-14T18:17:22", "type": "suse", "title": "Security update for kernel live patch 11 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2013-7446"], "modified": "2016-03-14T18:17:22", "id": "SUSE-SU-2016:0754-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00042.html", "cvss": {"score": 5.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:05:45", "description": "This kernel live patch for Linux Kernel 3.12.51-52.34.1 fixes two security\n issues:\n\n Fixes:\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the\n Linux kernel allowed local users to bypass intended AF_UNIX socket\n permissions or cause a denial of service (panic) via crafted epoll_ctl\n calls. (bsc#955837)\n\n", "cvss3": {}, "published": "2016-03-14T18:13:57", "type": "suse", "title": "Security update for kernel live patch 10 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2013-7446"], "modified": "2016-03-14T18:13:57", "id": "SUSE-SU-2016:0749-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00037.html", "cvss": {"score": 5.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:COMPLETE/"}}], "nessus": [{"lastseen": "2023-05-18T14:23:09", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.\n\nFollowing feature was added to kernel-xen :\n\n - A improved XEN blkfront module was added, which allows more I/O bandwidth. (FATE#320200) It is called xen-blkfront in PV, and xen-vbd-upstream in HVM mode.\n\nThe following security bugs were fixed :\n\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654).\n\n - CVE-2015-7515: An out of bounds memory access in the aiptek USB driver could be used by physical local attackers to crash the kernel (bnc#956708).\n\n - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951).\n\n - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463).\n\n - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886).\n\n - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988).\n\n - CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled (bsc#957990).\n\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190).\n\n - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190 bnc#959399).\n\n - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509).\n\n - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765).\n\n - CVE-2015-8812: A use-after-free flaw was found in the CXGB3 kernel driver when the network was considered to be congested. This could be used by local attackers to cause machine crashes or potentially code execution (bsc#966437).\n\n - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500).\n\n - CVE-2016-2069: Race conditions in TLB syncing was fixed which could leak to information leaks (bnc#963767).\n\n - CVE-2016-2384: Removed a double free in the ALSA usb-audio driver in the umidi object which could lead to crashes (bsc#966693).\n\n - CVE-2016-2543: Added a missing NULL check at remove_events ioctl in ALSA that could lead to crashes.\n (bsc#967972).\n\n - CVE-2016-2544, CVE-2016-2545, CVE-2016-2546, CVE-2016-2547, CVE-2016-2548, CVE-2016-2549: Various race conditions in ALSAs timer handling were fixed.\n (bsc#967975, bsc#967974, bsc#967973, bsc#968011, bsc#968012, bsc#968013).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-04-01T00:00:00", "type": "nessus", "title": "SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2016:0911-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7446", "CVE-2015-7515", "CVE-2015-7550", "CVE-2015-8539", "CVE-2015-8543", "CVE-2015-8550", "CVE-2015-8551", "CVE-2015-8552", "CVE-2015-8569", "CVE-2015-8575", "CVE-2015-8767", "CVE-2015-8785", "CVE-2015-8812", "CVE-2016-0723", "CVE-2016-2069", "CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-pae-extra", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:kernel-xen-extra", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-0911-1.NASL", "href": "https://www.tenable.com/plugins/nessus/90264", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0911-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90264);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-7446\", \"CVE-2015-7515\", \"CVE-2015-7550\", \"CVE-2015-8539\", \"CVE-2015-8543\", \"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\", \"CVE-2015-8569\", \"CVE-2015-8575\", \"CVE-2015-8767\", \"CVE-2015-8785\", \"CVE-2015-8812\", \"CVE-2016-0723\", \"CVE-2016-2069\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\");\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2016:0911-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\nsecurity and bugfixes.\n\nFollowing feature was added to kernel-xen :\n\n - A improved XEN blkfront module was added, which allows\n more I/O bandwidth. (FATE#320200) It is called\n xen-blkfront in PV, and xen-vbd-upstream in HVM mode.\n\nThe following security bugs were fixed :\n\n - CVE-2013-7446: Use-after-free vulnerability in\n net/unix/af_unix.c in the Linux kernel allowed local\n users to bypass intended AF_UNIX socket permissions or\n cause a denial of service (panic) via crafted epoll_ctl\n calls (bnc#955654).\n\n - CVE-2015-7515: An out of bounds memory access in the\n aiptek USB driver could be used by physical local\n attackers to crash the kernel (bnc#956708).\n\n - CVE-2015-7550: The keyctl_read_key function in\n security/keys/keyctl.c in the Linux kernel did not\n properly use a semaphore, which allowed local users to\n cause a denial of service (NULL pointer dereference and\n system crash) or possibly have unspecified other impact\n via a crafted application that leverages a race\n condition between keyctl_revoke and keyctl_read calls\n (bnc#958951).\n\n - CVE-2015-8539: The KEYS subsystem in the Linux kernel\n allowed local users to gain privileges or cause a denial\n of service (BUG) via crafted keyctl commands that\n negatively instantiate a key, related to\n security/keys/encrypted-keys/encrypted.c,\n security/keys/trusted.c, and\n security/keys/user_defined.c (bnc#958463).\n\n - CVE-2015-8543: The networking implementation in the\n Linux kernel did not validate protocol identifiers for\n certain protocol families, which allowed local users to\n cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain\n privileges by leveraging CLONE_NEWUSER support to\n execute a crafted SOCK_RAW application (bnc#958886).\n\n - CVE-2015-8550: Compiler optimizations in the XEN PV\n backend drivers could have lead to double fetch\n vulnerabilities, causing denial of service or arbitrary\n code execution (depending on the configuration)\n (bsc#957988).\n\n - CVE-2015-8551, CVE-2015-8552: xen/pciback: For\n XEN_PCI_OP_disable_msi[|x] only disable if device has\n MSI(X) enabled (bsc#957990).\n\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect\n functions in drivers/net/ppp/pptp.c in the Linux kernel\n did not verify an address length, which allowed local\n users to obtain sensitive information from kernel memory\n and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n\n - CVE-2015-8575: The sco_sock_bind function in\n net/bluetooth/sco.c in the Linux kernel did not verify\n an address length, which allowed local users to obtain\n sensitive information from kernel memory and bypass the\n KASLR protection mechanism via a crafted application\n (bnc#959190 bnc#959399).\n\n - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux\n kernel did not properly manage the relationship between\n a lock and a socket, which allowed local users to cause\n a denial of service (deadlock) via a crafted sctp_accept\n call (bnc#961509).\n\n - CVE-2015-8785: The fuse_fill_write_pages function in\n fs/fuse/file.c in the Linux kernel allowed local users\n to cause a denial of service (infinite loop) via a\n writev system call that triggers a zero length for the\n first segment of an iov (bnc#963765).\n\n - CVE-2015-8812: A use-after-free flaw was found in the\n CXGB3 kernel driver when the network was considered to\n be congested. This could be used by local attackers to\n cause machine crashes or potentially code execution\n (bsc#966437).\n\n - CVE-2016-0723: Race condition in the tty_ioctl function\n in drivers/tty/tty_io.c in the Linux kernel allowed\n local users to obtain sensitive information from kernel\n memory or cause a denial of service (use-after-free and\n system crash) by making a TIOCGETD ioctl call during\n processing of a TIOCSETD ioctl call (bnc#961500).\n\n - CVE-2016-2069: Race conditions in TLB syncing was fixed\n which could leak to information leaks (bnc#963767).\n\n - CVE-2016-2384: Removed a double free in the ALSA\n usb-audio driver in the umidi object which could lead to\n crashes (bsc#966693).\n\n - CVE-2016-2543: Added a missing NULL check at\n remove_events ioctl in ALSA that could lead to crashes.\n (bsc#967972).\n\n - CVE-2016-2544, CVE-2016-2545, CVE-2016-2546,\n CVE-2016-2547, CVE-2016-2548, CVE-2016-2549: Various\n race conditions in ALSAs timer handling were fixed.\n (bsc#967975, bsc#967974, bsc#967973, bsc#968011,\n bsc#968012, bsc#968013).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=758040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=904035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=912738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=915183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=933782\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=947128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=948330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949298\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=952976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=953369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956949\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957986\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=962965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963765\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=964201\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=964818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968012\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-7446/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7515/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7550/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8539/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8550/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8551/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8552/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8569/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8575/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8767/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8785/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8812/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0723/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2069/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2384/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2544/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2545/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2546/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2547/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2548/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2549/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160911-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?97a0fcf5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-kernel-201603-12480=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-kernel-201603-12480=1\n\nSUSE Linux Enterprise Server 11-EXTRA :\n\nzypper in -t patch slexsp3-kernel-201603-12480=1\n\nSUSE Linux Enterprise Desktop 11-SP4 :\n\nzypper in -t patch sledsp4-kernel-201603-12480=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-kernel-201603-12480=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-base-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-source-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-syms-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-base-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-base-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-extra-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-source-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-syms-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-trace-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-extra-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-extra-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-default-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-default-base-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-default-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-default-extra-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-source-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-syms-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-trace-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-extra-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-extra-3.0.101-71.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:29", "description": "The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes.\n\nFollowing security bugs were fixed :\n\n - CVE-2015-7550: A local user could have triggered a race between read and revoke in keyctl (bnc#958951).\n\n - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958463).\n\n - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886).\n\n - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988).\n\n - CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled (bsc#957990).\n\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190).\n\n - CVE-2015-8575: Validate socket address length in sco_sock_bind() to prevent information leak (bsc#959399).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-01-20T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:0168-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7550", "CVE-2015-8539", "CVE-2015-8543", "CVE-2015-8550", "CVE-2015-8551", "CVE-2015-8552", "CVE-2015-8569", "CVE-2015-8575"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-0168-1.NASL", "href": "https://www.tenable.com/plugins/nessus/88006", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0168-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88006);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-7550\", \"CVE-2015-8539\", \"CVE-2015-8543\", \"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\", \"CVE-2015-8569\", \"CVE-2015-8575\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:0168-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 kernel was updated to receive various\nsecurity and bugfixes.\n\nFollowing security bugs were fixed :\n\n - CVE-2015-7550: A local user could have triggered a race\n between read and revoke in keyctl (bnc#958951).\n\n - CVE-2015-8539: A negatively instantiated user key could\n have been used by a local user to leverage privileges\n (bnc#958463).\n\n - CVE-2015-8543: The networking implementation in the\n Linux kernel did not validate protocol identifiers for\n certain protocol families, which allowed local users to\n cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain\n privileges by leveraging CLONE_NEWUSER support to\n execute a crafted SOCK_RAW application (bnc#958886).\n\n - CVE-2015-8550: Compiler optimizations in the XEN PV\n backend drivers could have lead to double fetch\n vulnerabilities, causing denial of service or arbitrary\n code execution (depending on the configuration)\n (bsc#957988).\n\n - CVE-2015-8551, CVE-2015-8552: xen/pciback: For\n XEN_PCI_OP_disable_msi[|x] only disable if device has\n MSI(X) enabled (bsc#957990).\n\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect\n functions in drivers/net/ppp/pptp.c in the Linux kernel\n did not verify an address length, which allowed local\n users to obtain sensitive information from kernel memory\n and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n\n - CVE-2015-8575: Validate socket address length in\n sco_sock_bind() to prevent information leak\n (bsc#959399).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=758040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=902606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937261\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=945649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951199\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951638\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=952579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=952976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959364\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=960300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7550/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8539/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8550/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8551/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8552/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8569/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8575/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160168-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ceb6abc6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12 :\n\nzypper in -t patch SUSE-SLE-WE-12-2016-107=1\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2016-107=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2016-107=1\n\nSUSE Linux Enterprise Module for Public Cloud 12 :\n\nzypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-107=1\n\nSUSE Linux Enterprise Live Patching 12 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-2016-107=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-107=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-debuginfo-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debuginfo-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debugsource-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-devel-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-syms-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-devel-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-extra-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-syms-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.51-52.34.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:20", "description": "The Linux kernel for openSUSE Leap 42.1 was updated to the 4.1.15 stable release, and also includes security and bugfixes.\n\nFollowing security bugs were fixed :\n\n - CVE-2016-0728: A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962075).\n\n - CVE-2015-7550: A local user could have triggered a race between read and revoke in keyctl (bnc#958951).\n\n - CVE-2015-8767: A case can occur when sctp_accept() is called by the user during a heartbeat timeout event after the 4-way handshake. Since sctp_assoc_migrate() changes both assoc->base.sk and assoc->ep, the bh_sock_lock in sctp_generate_heartbeat_event() will be taken with the listening socket but released with the new association socket. The result is a deadlock on any future attempts to take the listening socket lock.\n (bsc#961509)\n\n - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958463).\n\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190).\n\n - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886).\n\n - CVE-2015-8575: Validate socket address length in sco_sock_bind() to prevent information leak (bsc#959399).\n\n - CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled (bsc#957990).\n\n - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988).\n\nThe following non-security bugs were fixed :\n\n - ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd (bsc#958439).\n\n - ALSA: hda - Apply click noise workaround for Thinkpads generically (bsc#958439).\n\n - ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504).\n\n - ALSA: hda - Flush the pending probe work at remove (boo#960710).\n\n - ALSA: hda - Set codec to D3 at reboot/shutdown on Thinkpads (bsc#958439).\n\n - Add Cavium Thunderx network enhancements\n\n - Add RHEL to kernel-obs-build\n\n - Backport amd xgbe fixes and features\n\n - Backport arm64 patches from SLE12-SP1-ARM.\n\n - Btrfs: fix the number of transaction units needed to remove a block group (bsc#950178).\n\n - Btrfs: use global reserve when deleting unused block group after ENOSPC (bsc#950178).\n\n - Documentation: nousb is a module parameter (bnc#954324).\n\n - Driver for IBM System i/p VNIC protocol.\n\n - Enable CONFIG_PINCTRL_CHERRYVIEW (boo#954532) Needed for recent tablets/laptops. CONFIG_PINCTRL_BAYTRAIL is still disabled as it can't be built as a module.\n\n - Fix PCI generic host controller\n\n - Fix kABI breakage for max_dev_sectors addition to queue_limits (boo#961263).\n\n - HID: multitouch: Fetch feature reports on demand for Win8 devices (boo#954532).\n\n - HID: multitouch: fix input mode switching on some Elan panels (boo#954532).\n\n - Implement enable/disable for Display C6 state (boo#960021).\n\n - Input: aiptek - fix crash on detecting device without endpoints (bnc#956708).\n\n - Linux 4.1.15 (boo#954647 bsc#955422).\n\n - Move kabi patch to patches.kabi directory\n\n - Obsolete compat-wireless, rts5229 and rts_pstor KMPs These are found in SLE11-SP3, now replaced with the upstream drivers.\n\n - PCI: generic: Pass starting bus number to pci_scan_root_bus().\n\n - Revert 'block: remove artifical max_hw_sectors cap' (boo#961263).\n\n - Set system time through RTC device\n\n - Update arm64 config files. Enabled DRM_AST in the vanilla kernel since it is now enabled in the default kernel.\n\n - Update config files: CONFIG_IBMVNIC=m\n\n - block/sd: Fix device-imposed transfer length limits (boo#961263).\n\n - block: bump BLK_DEF_MAX_SECTORS to 2560 (boo#961263).\n\n - drm/i915/skl: Add DC5 Trigger Sequence (boo#960021).\n\n - drm/i915/skl: Add DC6 Trigger sequence (boo#960021).\n\n - drm/i915/skl: Add support to load SKL CSR firmware (boo#960021).\n\n - drm/i915/skl: Add the INIT power domain to the MISC I/O power well (boo#960021).\n\n - drm/i915/skl: Deinit/init the display at suspend/resume (boo#960021).\n\n - drm/i915/skl: Fix DMC API version in firmware file name (boo#960021).\n\n - drm/i915/skl: Fix WaDisableChickenBitTSGBarrierAckForFFSliceCS (boo#960021).\n\n - drm/i915/skl: Fix stepping check for a couple of W/As (boo#960021).\n\n - drm/i915/skl: Fix the CTRL typo in the DPLL_CRTL1 defines (boo#960021).\n\n - drm/i915/skl: Implement WaDisableVFUnitClockGating (boo#960021).\n\n - drm/i915/skl: Implement enable/disable for Display C5 state (boo#960021).\n\n - drm/i915/skl: Make the Misc I/O power well part of the PLLS domain (boo#960021).\n\n - drm/i915/skl: add F0 stepping ID (boo#960021).\n\n - drm/i915/skl: enable WaForceContextSaveRestoreNonCoherent (boo#960021).\n\n - drm/i915: Clear crtc atomic flags at beginning of transaction (boo#960021).\n\n - drm/i915: Fix CSR MMIO address check (boo#960021).\n\n - drm/i915: Switch to full atomic helpers for plane updates/disable, take two (boo#960021).\n\n - drm/i915: set CDCLK if DPLL0 enabled during resuming from S3 (boo#960021).\n\n - ethernet/atheros/alx: sanitize buffer sizing and padding (boo#952621).\n\n - genksyms: Handle string literals with spaces in reference files (bsc#958510).\n\n - group-source-files: mark module.lds as devel file ld:\n cannot open linker script file /usr/src/linux-4.2.5-1/arch/arm/kernel/module.lds: No such file or directory\n\n - hwrng: core - sleep interruptible in read (bnc#962597).\n\n - ipv6: distinguish frag queues by device for multicast and link-local packets (bsc#955422).\n\n - kABI fixes for linux-4.1.15.\n\n - rpm/compute-PATCHVERSION.sh: Skip stale directories in the package dir\n\n - rpm/constraints.in: Bump disk space requirements up a bit Require 10GB on s390x, 20GB elsewhere.\n\n - rpm/constraints.in: Require 14GB worth of disk space on POWER The builds started to fail randomly due to ENOSPC errors.\n\n - rpm/kernel-binary.spec.in: Do not explicitly set DEBUG_SECTION_MISMATCH CONFIG_DEBUG_SECTION_MISMATCH is a selectable Kconfig option since 2.6.39 and is enabled in our configs.\n\n - rpm/kernel-binary.spec.in: Do not obsolete ocfs2-kmp (bnc#865259)865259\n\n - rpm/kernel-binary.spec.in: Fix build if no UEFI certs are installed\n\n - rpm/kernel-binary.spec.in: Install libopenssl-devel for newer sign-file\n\n - rpm/kernel-binary.spec.in: No scriptlets in kernel-zfcpdump The kernel should not be added to the bootloader nor are there any KMPs.\n\n - rpm/kernel-binary.spec.in: Obsolete the -base package from SLE11 (bnc#865096)\n\n - rpm/kernel-binary.spec.in: Use parallel make in all invocations Also, remove the lengthy comment, since we are using a standard rpm macro now.\n\n - thinkpad_acpi: Do not yell on unsupported brightness interfaces (boo#957152).\n\n - usb: make 'nousb' a clear module parameter (bnc#954324).\n\n - usbvision fix overflow of interfaces array (bnc#950998).\n\n - x86/microcode/amd: Do not overwrite final patch levels (bsc#913996).\n\n - x86/microcode/amd: Extract current patch level read to a function (bsc#913996).\n\n - xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set (bsc#957990 XSA-157).\n\n - xhci: refuse loading if nousb is used (bnc#954324).", "cvss3": {}, "published": "2016-02-03T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2016-116)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7550", "CVE-2015-8539", "CVE-2015-8543", "CVE-2015-8550", "CVE-2015-8551", "CVE-2015-8552", "CVE-2015-8569", "CVE-2015-8575", "CVE-2015-8767", "CVE-2016-0728"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-obs-qa-xen", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-pv", "p-cpe:/a:novell:opensuse:kernel-pv-base", "p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pv-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pv-debugsource", "p-cpe:/a:novell:opensuse:kernel-pv-devel", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-116.NASL", "href": "https://www.tenable.com/plugins/nessus/88542", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-116.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88542);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-7550\", \"CVE-2015-8539\", \"CVE-2015-8543\", \"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\", \"CVE-2015-8569\", \"CVE-2015-8575\", \"CVE-2015-8767\", \"CVE-2016-0728\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2016-116)\");\n script_summary(english:\"Check for the openSUSE-2016-116 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Linux kernel for openSUSE Leap 42.1 was updated to the 4.1.15\nstable release, and also includes security and bugfixes.\n\nFollowing security bugs were fixed :\n\n - CVE-2016-0728: A reference leak in keyring handling with\n join_session_keyring() could lead to local attackers\n gain root privileges. (bsc#962075).\n\n - CVE-2015-7550: A local user could have triggered a race\n between read and revoke in keyctl (bnc#958951).\n\n - CVE-2015-8767: A case can occur when sctp_accept() is\n called by the user during a heartbeat timeout event\n after the 4-way handshake. Since sctp_assoc_migrate()\n changes both assoc->base.sk and assoc->ep, the\n bh_sock_lock in sctp_generate_heartbeat_event() will be\n taken with the listening socket but released with the\n new association socket. The result is a deadlock on any\n future attempts to take the listening socket lock.\n (bsc#961509)\n\n - CVE-2015-8539: A negatively instantiated user key could\n have been used by a local user to leverage privileges\n (bnc#958463).\n\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect\n functions in drivers/net/ppp/pptp.c in the Linux kernel\n did not verify an address length, which allowed local\n users to obtain sensitive information from kernel memory\n and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n\n - CVE-2015-8543: The networking implementation in the\n Linux kernel did not validate protocol identifiers for\n certain protocol families, which allowed local users to\n cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain\n privileges by leveraging CLONE_NEWUSER support to\n execute a crafted SOCK_RAW application (bnc#958886).\n\n - CVE-2015-8575: Validate socket address length in\n sco_sock_bind() to prevent information leak\n (bsc#959399).\n\n - CVE-2015-8551, CVE-2015-8552: xen/pciback: For\n XEN_PCI_OP_disable_msi[|x] only disable if device has\n MSI(X) enabled (bsc#957990).\n\n - CVE-2015-8550: Compiler optimizations in the XEN PV\n backend drivers could have lead to double fetch\n vulnerabilities, causing denial of service or arbitrary\n code execution (depending on the configuration)\n (bsc#957988).\n\nThe following non-security bugs were fixed :\n\n - ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd\n (bsc#958439).\n\n - ALSA: hda - Apply click noise workaround for Thinkpads\n generically (bsc#958439).\n\n - ALSA: hda - Fix noise problems on Thinkpad T440s\n (boo#958504).\n\n - ALSA: hda - Flush the pending probe work at remove\n (boo#960710).\n\n - ALSA: hda - Set codec to D3 at reboot/shutdown on\n Thinkpads (bsc#958439).\n\n - Add Cavium Thunderx network enhancements\n\n - Add RHEL to kernel-obs-build\n\n - Backport amd xgbe fixes and features\n\n - Backport arm64 patches from SLE12-SP1-ARM.\n\n - Btrfs: fix the number of transaction units needed to\n remove a block group (bsc#950178).\n\n - Btrfs: use global reserve when deleting unused block\n group after ENOSPC (bsc#950178).\n\n - Documentation: nousb is a module parameter (bnc#954324).\n\n - Driver for IBM System i/p VNIC protocol.\n\n - Enable CONFIG_PINCTRL_CHERRYVIEW (boo#954532) Needed for\n recent tablets/laptops. CONFIG_PINCTRL_BAYTRAIL is still\n disabled as it can't be built as a module.\n\n - Fix PCI generic host controller\n\n - Fix kABI breakage for max_dev_sectors addition to\n queue_limits (boo#961263).\n\n - HID: multitouch: Fetch feature reports on demand for\n Win8 devices (boo#954532).\n\n - HID: multitouch: fix input mode switching on some Elan\n panels (boo#954532).\n\n - Implement enable/disable for Display C6 state\n (boo#960021).\n\n - Input: aiptek - fix crash on detecting device without\n endpoints (bnc#956708).\n\n - Linux 4.1.15 (boo#954647 bsc#955422).\n\n - Move kabi patch to patches.kabi directory\n\n - Obsolete compat-wireless, rts5229 and rts_pstor KMPs\n These are found in SLE11-SP3, now replaced with the\n upstream drivers.\n\n - PCI: generic: Pass starting bus number to\n pci_scan_root_bus().\n\n - Revert 'block: remove artifical max_hw_sectors cap'\n (boo#961263).\n\n - Set system time through RTC device\n\n - Update arm64 config files. Enabled DRM_AST in the\n vanilla kernel since it is now enabled in the default\n kernel.\n\n - Update config files: CONFIG_IBMVNIC=m\n\n - block/sd: Fix device-imposed transfer length limits\n (boo#961263).\n\n - block: bump BLK_DEF_MAX_SECTORS to 2560 (boo#961263).\n\n - drm/i915/skl: Add DC5 Trigger Sequence (boo#960021).\n\n - drm/i915/skl: Add DC6 Trigger sequence (boo#960021).\n\n - drm/i915/skl: Add support to load SKL CSR firmware\n (boo#960021).\n\n - drm/i915/skl: Add the INIT power domain to the MISC I/O\n power well (boo#960021).\n\n - drm/i915/skl: Deinit/init the display at suspend/resume\n (boo#960021).\n\n - drm/i915/skl: Fix DMC API version in firmware file name\n (boo#960021).\n\n - drm/i915/skl: Fix\n WaDisableChickenBitTSGBarrierAckForFFSliceCS\n (boo#960021).\n\n - drm/i915/skl: Fix stepping check for a couple of W/As\n (boo#960021).\n\n - drm/i915/skl: Fix the CTRL typo in the DPLL_CRTL1\n defines (boo#960021).\n\n - drm/i915/skl: Implement WaDisableVFUnitClockGating\n (boo#960021).\n\n - drm/i915/skl: Implement enable/disable for Display C5\n state (boo#960021).\n\n - drm/i915/skl: Make the Misc I/O power well part of the\n PLLS domain (boo#960021).\n\n - drm/i915/skl: add F0 stepping ID (boo#960021).\n\n - drm/i915/skl: enable\n WaForceContextSaveRestoreNonCoherent (boo#960021).\n\n - drm/i915: Clear crtc atomic flags at beginning of\n transaction (boo#960021).\n\n - drm/i915: Fix CSR MMIO address check (boo#960021).\n\n - drm/i915: Switch to full atomic helpers for plane\n updates/disable, take two (boo#960021).\n\n - drm/i915: set CDCLK if DPLL0 enabled during resuming\n from S3 (boo#960021).\n\n - ethernet/atheros/alx: sanitize buffer sizing and padding\n (boo#952621).\n\n - genksyms: Handle string literals with spaces in\n reference files (bsc#958510).\n\n - group-source-files: mark module.lds as devel file ld:\n cannot open linker script file\n /usr/src/linux-4.2.5-1/arch/arm/kernel/module.lds: No\n such file or directory\n\n - hwrng: core - sleep interruptible in read (bnc#962597).\n\n - ipv6: distinguish frag queues by device for multicast\n and link-local packets (bsc#955422).\n\n - kABI fixes for linux-4.1.15.\n\n - rpm/compute-PATCHVERSION.sh: Skip stale directories in\n the package dir\n\n - rpm/constraints.in: Bump disk space requirements up a\n bit Require 10GB on s390x, 20GB elsewhere.\n\n - rpm/constraints.in: Require 14GB worth of disk space on\n POWER The builds started to fail randomly due to ENOSPC\n errors.\n\n - rpm/kernel-binary.spec.in: Do not explicitly set\n DEBUG_SECTION_MISMATCH CONFIG_DEBUG_SECTION_MISMATCH is\n a selectable Kconfig option since 2.6.39 and is enabled\n in our configs.\n\n - rpm/kernel-binary.spec.in: Do not obsolete ocfs2-kmp\n (bnc#865259)865259\n\n - rpm/kernel-binary.spec.in: Fix build if no UEFI certs\n are installed\n\n - rpm/kernel-binary.spec.in: Install libopenssl-devel for\n newer sign-file\n\n - rpm/kernel-binary.spec.in: No scriptlets in\n kernel-zfcpdump The kernel should not be added to the\n bootloader nor are there any KMPs.\n\n - rpm/kernel-binary.spec.in: Obsolete the -base package\n from SLE11 (bnc#865096)\n\n - rpm/kernel-binary.spec.in: Use parallel make in all\n invocations Also, remove the lengthy comment, since we\n are using a standard rpm macro now.\n\n - thinkpad_acpi: Do not yell on unsupported brightness\n interfaces (boo#957152).\n\n - usb: make 'nousb' a clear module parameter (bnc#954324).\n\n - usbvision fix overflow of interfaces array (bnc#950998).\n\n - x86/microcode/amd: Do not overwrite final patch levels\n (bsc#913996).\n\n - x86/microcode/amd: Extract current patch level read to a\n function (bsc#913996).\n\n - xen/pciback: Do not allow MSI-X ops if\n PCI_COMMAND_MEMORY is not set (bsc#957990 XSA-157).\n\n - xhci: refuse loading if nousb is used (bnc#954324).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=865096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=865259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=913996\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=950178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=950998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=952621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954532\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=955422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=956708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958439\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=959190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=959399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=960021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=960710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=961263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=961509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=962075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=962597\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debugsource-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-devel-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-devel-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-html-4.1.15-8.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-pdf-4.1.15-8.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-macros-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-4.1.15-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-debugsource-4.1.15-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-qa-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-qa-xen-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-vanilla-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-syms-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debugsource-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debugsource-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-devel-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debugsource-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-devel-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debugsource-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-devel-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debugsource-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-devel-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-4.1.15-8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:34", "description": "Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events.\nA local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134)\n\nIt was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. (CVE-2013-4312)\n\nIt was discovered that a race condition existed when handling heartbeat- timeout events in the SCTP implementation of the Linux kernel. A remote attacker could use this to cause a denial of service.\n(CVE-2015-8767)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's translation lookaside buffer (TLB) handling of flush events. A local attacker could use this to cause a denial of service or possibly leak sensitive information. (CVE-2016-2069)\n\nAndrey Konovalov discovered that the ALSA USB MIDI driver incorrectly performed a double-free. A local attacker with physical access could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-2384)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework did not verify that a FIFO was attached to a client before attempting to clear it. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2543)\n\nDmitry Vyukov discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) framework between timer setup and closing of the client, resulting in a use-after-free. A local attacker could use this to cause a denial of service. (CVE-2016-2544)\n\nDmitry Vyukov discovered a race condition in the timer handling implementation of the Advanced Linux Sound Architecture (ALSA) framework, resulting in a use-after-free. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2545)\n\nDmitry Vyukov discovered race conditions in the Advanced Linux Sound Architecture (ALSA) framework's timer ioctls leading to a use-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2016-2546)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers did not properly manage its data structures. A local attacker could use this to cause a denial of service (system hang or crash) or possibly execute arbitrary code. (CVE-2016-2547, CVE-2016-2548)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers could lead to a deadlock condition. A local attacker could use this to cause a denial of service (system hang). (CVE-2016-2549).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-03-15T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2931-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-8767", "CVE-2016-2069", "CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2016-3134"], "modified": "2023-01-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2931-1.NASL", "href": "https://www.tenable.com/plugins/nessus/89936", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2931-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89936);\n script_version(\"2.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-8767\", \"CVE-2016-2069\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-3134\");\n script_xref(name:\"USN\", value:\"2931-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2931-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ben Hawkes discovered that the Linux netfilter implementation did not\ncorrectly perform validation when handling IPT_SO_SET_REPLACE events.\nA local unprivileged attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code with\nadministrative privileges. (CVE-2016-3134)\n\nIt was discovered that the Linux kernel did not properly enforce\nrlimits for file descriptors sent over UNIX domain sockets. A local\nattacker could use this to cause a denial of service. (CVE-2013-4312)\n\nIt was discovered that a race condition existed when handling\nheartbeat- timeout events in the SCTP implementation of the Linux\nkernel. A remote attacker could use this to cause a denial of service.\n(CVE-2015-8767)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's\ntranslation lookaside buffer (TLB) handling of flush events. A local\nattacker could use this to cause a denial of service or possibly leak\nsensitive information. (CVE-2016-2069)\n\nAndrey Konovalov discovered that the ALSA USB MIDI driver incorrectly\nperformed a double-free. A local attacker with physical access could\nuse this to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-2384)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework did not verify that a FIFO was attached to a client\nbefore attempting to clear it. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-2543)\n\nDmitry Vyukov discovered that a race condition existed in the Advanced\nLinux Sound Architecture (ALSA) framework between timer setup and\nclosing of the client, resulting in a use-after-free. A local attacker\ncould use this to cause a denial of service. (CVE-2016-2544)\n\nDmitry Vyukov discovered a race condition in the timer handling\nimplementation of the Advanced Linux Sound Architecture (ALSA)\nframework, resulting in a use-after-free. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2016-2545)\n\nDmitry Vyukov discovered race conditions in the Advanced Linux Sound\nArchitecture (ALSA) framework's timer ioctls leading to a\nuse-after-free. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2016-2546)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework's handling of high resolution timers did not properly\nmanage its data structures. A local attacker could use this to cause a\ndenial of service (system hang or crash) or possibly execute arbitrary\ncode. (CVE-2016-2547, CVE-2016-2548)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework's handling of high resolution timers could lead to a\ndeadlock condition. A local attacker could use this to cause a denial\nof service (system hang). (CVE-2016-2549).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2931-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.16-generic,\nlinux-image-3.16-generic-lpae and / or linux-image-3.16-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4312\", \"CVE-2015-8767\", \"CVE-2016-2069\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-3134\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2931-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-67-generic\", pkgver:\"3.16.0-67.87~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-67-generic-lpae\", pkgver:\"3.16.0-67.87~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-67-lowlatency\", pkgver:\"3.16.0-67.87~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.16-generic / linux-image-3.16-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:49", "description": "The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.53 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654).\n\n - CVE-2015-5707: Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request (bnc#940338).\n\n - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951).\n\n - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936).\n\n - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that was (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272 (bnc#955354).\n\n - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463).\n\n - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886).\n\n - CVE-2015-8550: Optimizations introduced by the compiler could have lead to double fetch vulnerabilities, potentially possibly leading to arbitrary code execution in backend (bsc#957988).\n\n - CVE-2015-8551: Xen PCI backend driver did not perform proper sanity checks on the device's state, allowing for DoS (bsc#957990).\n\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190).\n\n - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959399).\n\n - CVE-2015-8660: The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel attempted to merge distinct setattr operations, which allowed local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application (bnc#960281).\n\n - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509).\n\n - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765).\n\n - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500).\n\n - CVE-2016-2069: A race in invalidating paging structures that were not in use locally could have lead to disclosoure of information or arbitrary code exectution (bnc#963767).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-02-29T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:0585-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7446", "CVE-2015-0272", "CVE-2015-5707", "CVE-2015-7550", "CVE-2015-7799", "CVE-2015-8215", "CVE-2015-8539", "CVE-2015-8543", "CVE-2015-8550", "CVE-2015-8551", "CVE-2015-8569", "CVE-2015-8575", "CVE-2015-8660", "CVE-2015-8767", "CVE-2015-8785", "CVE-2016-0723", "CVE-2016-2069"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:lttng-modules", "p-cpe:/a:novell:suse_linux:lttng-modules-debugsource", "p-cpe:/a:novell:suse_linux:lttng-modules-kmp-default", "p-cpe:/a:novell:suse_linux:lttng-modules-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-0585-1.NASL", "href": "https://www.tenable.com/plugins/nessus/89022", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0585-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89022);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-7446\", \"CVE-2015-0272\", \"CVE-2015-5707\", \"CVE-2015-7550\", \"CVE-2015-7799\", \"CVE-2015-8215\", \"CVE-2015-8539\", \"CVE-2015-8543\", \"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8569\", \"CVE-2015-8575\", \"CVE-2015-8660\", \"CVE-2015-8767\", \"CVE-2015-8785\", \"CVE-2016-0723\", \"CVE-2016-2069\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:0585-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.53 to\nreceive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2013-7446: Use-after-free vulnerability in\n net/unix/af_unix.c in the Linux kernel allowed local\n users to bypass intended AF_UNIX socket permissions or\n cause a denial of service (panic) via crafted epoll_ctl\n calls (bnc#955654).\n\n - CVE-2015-5707: Integer overflow in the sg_start_req\n function in drivers/scsi/sg.c in the Linux kernel\n allowed local users to cause a denial of service or\n possibly have unspecified other impact via a large\n iov_count value in a write request (bnc#940338).\n\n - CVE-2015-7550: The keyctl_read_key function in\n security/keys/keyctl.c in the Linux kernel did not\n properly use a semaphore, which allowed local users to\n cause a denial of service (NULL pointer dereference and\n system crash) or possibly have unspecified other impact\n via a crafted application that leverages a race\n condition between keyctl_revoke and keyctl_read calls\n (bnc#958951).\n\n - CVE-2015-7799: The slhc_init function in\n drivers/net/slip/slhc.c in the Linux kernel did not\n ensure that certain slot numbers are valid, which\n allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) via a crafted\n PPPIOCSMAXCID ioctl call (bnc#949936).\n\n - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in\n the Linux kernel did not validate attempted changes to\n the MTU value, which allowed context-dependent attackers\n to cause a denial of service (packet loss) via a value\n that was (1) smaller than the minimum compliant value or\n (2) larger than the MTU of an interface, as demonstrated\n by a Router Advertisement (RA) message that is not\n validated by a daemon, a different vulnerability than\n CVE-2015-0272 (bnc#955354).\n\n - CVE-2015-8539: The KEYS subsystem in the Linux kernel\n allowed local users to gain privileges or cause a denial\n of service (BUG) via crafted keyctl commands that\n negatively instantiate a key, related to\n security/keys/encrypted-keys/encrypted.c,\n security/keys/trusted.c, and\n security/keys/user_defined.c (bnc#958463).\n\n - CVE-2015-8543: The networking implementation in the\n Linux kernel did not validate protocol identifiers for\n certain protocol families, which allowed local users to\n cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain\n privileges by leveraging CLONE_NEWUSER support to\n execute a crafted SOCK_RAW application (bnc#958886).\n\n - CVE-2015-8550: Optimizations introduced by the compiler\n could have lead to double fetch vulnerabilities,\n potentially possibly leading to arbitrary code execution\n in backend (bsc#957988).\n\n - CVE-2015-8551: Xen PCI backend driver did not perform\n proper sanity checks on the device's state, allowing for\n DoS (bsc#957990).\n\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect\n functions in drivers/net/ppp/pptp.c in the Linux kernel\n did not verify an address length, which allowed local\n users to obtain sensitive information from kernel memory\n and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n\n - CVE-2015-8575: The sco_sock_bind function in\n net/bluetooth/sco.c in the Linux kernel did not verify\n an address length, which allowed local users to obtain\n sensitive information from kernel memory and bypass the\n KASLR protection mechanism via a crafted application\n (bnc#959399).\n\n - CVE-2015-8660: The ovl_setattr function in\n fs/overlayfs/inode.c in the Linux kernel attempted to\n merge distinct setattr operations, which allowed local\n users to bypass intended access restrictions and modify\n the attributes of arbitrary overlay files via a crafted\n application (bnc#960281).\n\n - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux\n kernel did not properly manage the relationship between\n a lock and a socket, which allowed local users to cause\n a denial of service (deadlock) via a crafted sctp_accept\n call (bnc#961509).\n\n - CVE-2015-8785: The fuse_fill_write_pages function in\n fs/fuse/file.c in the Linux kernel allowed local users\n to cause a denial of service (infinite loop) via a\n writev system call that triggers a zero length for the\n first segment of an iov (bnc#963765).\n\n - CVE-2016-0723: Race condition in the tty_ioctl function\n in drivers/tty/tty_io.c in the Linux kernel allowed\n local users to obtain sensitive information from kernel\n memory or cause a denial of service (use-after-free and\n system crash) by making a TIOCGETD ioctl call during\n processing of a TIOCSETD ioctl call (bnc#961500).\n\n - CVE-2016-2069: A race in invalidating paging structures\n that were not in use locally could have lead to\n disclosoure of information or arbitrary code exectution\n (bnc#963767).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=812259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=855062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=867583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=899908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=902606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937261\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=941363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943989\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=944749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=945649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=947953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949936\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=950292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951199\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=952579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=952976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957525\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959146\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959364\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=960221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=960227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=960281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=960300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=962336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=962356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=962788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=962965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963449\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963765\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=964230\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=964821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=965344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=965840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-7446/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0272/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5707/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7550/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7799/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8215/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8539/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8550/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8551/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8569/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8575/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8660/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8767/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8785/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0723/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2069/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160585-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?45296e5e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP1 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP1-2016-329=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP1-2016-329=1\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-329=1\n\nSUSE Linux Enterprise Module for Public Cloud 12 :\n\nzypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-329=1\n\nSUSE Linux Enterprise Live Patching 12 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-2016-329=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-329=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Overlayfs Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:lttng-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:lttng-modules-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:lttng-modules-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:lttng-modules-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.53-60.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.53-60.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.53-60.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.53-60.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.53-60.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.53-60.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"lttng-modules-2.7.0-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"lttng-modules-debugsource-2.7.0-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"lttng-modules-kmp-default-2.7.0_k3.12.53_60.30-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"lttng-modules-kmp-default-debuginfo-2.7.0_k3.12.53_60.30-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.53-60.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-3.12.53-60.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-3.12.53-60.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-debuginfo-3.12.53-60.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debuginfo-3.12.53-60.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debugsource-3.12.53-60.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-devel-3.12.53-60.30.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-syms-3.12.53-60.30.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-3.12.53-60.30.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-3.12.53-60.30.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-3.12.53-60.30.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-devel-3.12.53-60.30.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-extra-3.12.53-60.30.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-3.12.53-60.30.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-syms-3.12.53-60.30.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.53-60.30.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.53-60.30.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.53-60.30.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.53-60.30.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:08", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak.\n\n - CVE-2015-7513 It was discovered that a local user permitted to use the x86 KVM subsystem could configure the PIT emulation to cause a denial of service (crash).\n\n - CVE-2015-7550 Dmitry Vyukov discovered a race condition in the keyring subsystem that allows a local user to cause a denial of service (crash).\n\n - CVE-2015-8543 It was discovered that a local user permitted to create raw sockets could cause a denial-of-service by specifying an invalid protocol number for the socket.\n The attacker must have the CAP_NET_RAW capability.\n\n - CVE-2015-8550 Felix Wilhelm of ERNW discovered that the Xen PV backend drivers may read critical data from shared memory multiple times. This flaw can be used by a guest kernel to cause a denial of service (crash) on the host, or possibly for privilege escalation.\n\n - CVE-2015-8551 / CVE-2015-8552 Konrad Rzeszutek Wilk of Oracle discovered that the Xen PCI backend driver does not adequately validate the device state when a guest configures MSIs. This flaw can be used by a guest kernel to cause a denial of service (crash or disk space exhaustion) on the host.\n\n - CVE-2015-8569 Dmitry Vyukov discovered a flaw in the PPTP sockets implementation that leads to an information leak to local users.\n\n - CVE-2015-8575 David Miller discovered a flaw in the Bluetooth SCO sockets implementation that leads to an information leak to local users.\n\n - CVE-2015-8709 Jann Horn discovered a flaw in the permission checks for use of the ptrace feature. A local user who has the CAP_SYS_PTRACE capability within their own user namespace could use this flaw for privilege escalation if a more privileged process ever enters that user namespace. This affects at least the LXC system.\n\nIn addition, this update fixes some regressions in the previous update :\n\n - #808293 A regression in the UDP implementation prevented freeradius and some other applications from receiving data.\n\n - #808602 / #808953\n\n A regression in the USB XHCI driver prevented use of some devices in USB 3 SuperSpeed ports.\n\n - #808973\n\n A fix to the radeon driver interacted with an existing bug to cause a crash at boot when using some AMD/ATI graphics cards. This issue only affects wheezy.", "cvss3": {}, "published": "2016-01-06T00:00:00", "type": "nessus", "title": "Debian DSA-3434-1 : linux - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7513", "CVE-2015-7550", "CVE-2015-8543", "CVE-2015-8550", "CVE-2015-8551", "CVE-2015-8552", "CVE-2015-8569", "CVE-2015-8575", "CVE-2015-8709"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3434.NASL", "href": "https://www.tenable.com/plugins/nessus/87741", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3434. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87741);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7513\", \"CVE-2015-7550\", \"CVE-2015-8543\", \"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\", \"CVE-2015-8569\", \"CVE-2015-8575\", \"CVE-2015-8709\");\n script_xref(name:\"DSA\", value:\"3434\");\n\n script_name(english:\"Debian DSA-3434-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleak.\n\n - CVE-2015-7513\n It was discovered that a local user permitted to use the\n x86 KVM subsystem could configure the PIT emulation to\n cause a denial of service (crash).\n\n - CVE-2015-7550\n Dmitry Vyukov discovered a race condition in the keyring\n subsystem that allows a local user to cause a denial of\n service (crash).\n\n - CVE-2015-8543\n It was discovered that a local user permitted to create\n raw sockets could cause a denial-of-service by\n specifying an invalid protocol number for the socket.\n The attacker must have the CAP_NET_RAW capability.\n\n - CVE-2015-8550\n Felix Wilhelm of ERNW discovered that the Xen PV backend\n drivers may read critical data from shared memory\n multiple times. This flaw can be used by a guest kernel\n to cause a denial of service (crash) on the host, or\n possibly for privilege escalation.\n\n - CVE-2015-8551 / CVE-2015-8552\n Konrad Rzeszutek Wilk of Oracle discovered that the Xen\n PCI backend driver does not adequately validate the\n device state when a guest configures MSIs. This flaw can\n be used by a guest kernel to cause a denial of service\n (crash or disk space exhaustion) on the host.\n\n - CVE-2015-8569\n Dmitry Vyukov discovered a flaw in the PPTP sockets\n implementation that leads to an information leak to\n local users.\n\n - CVE-2015-8575\n David Miller discovered a flaw in the Bluetooth SCO\n sockets implementation that leads to an information leak\n to local users.\n\n - CVE-2015-8709\n Jann Horn discovered a flaw in the permission checks for\n use of the ptrace feature. A local user who has the\n CAP_SYS_PTRACE capability within their own user\n namespace could use this flaw for privilege escalation\n if a more privileged process ever enters that user\n namespace. This affects at least the LXC system.\n\nIn addition, this update fixes some regressions in the previous update\n:\n\n - #808293\n A regression in the UDP implementation prevented\n freeradius and some other applications from receiving\n data.\n\n - #808602 / #808953\n\n A regression in the USB XHCI driver prevented use of\n some devices in USB 3 SuperSpeed ports.\n\n - #808973\n\n A fix to the radeon driver interacted with an existing\n bug to cause a crash at boot when using some AMD/ATI\n graphics cards. This issue only affects wheezy.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808293\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7513\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8709\"\n );\n # https://bugs.debian.org/808293\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808293\"\n );\n # https://bugs.debian.org/808602\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808602\"\n );\n # https://bugs.debian.org/808953\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808953\"\n );\n # https://bugs.debian.org/808973\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3434\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 3.2.73-2+deb7u2. The oldstable distribution (wheezy)\nis not affected by CVE-2015-8709.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 3.16.7-ckt20-1+deb8u2. CVE-2015-8543 was already fixed in\nversion 3.16.7-ckt20-1+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"linux\", reference:\"3.2.73-2+deb7u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-arm\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-x86\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-x86\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-3.16\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-586\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-686-pae\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-amd64\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armel\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armhf\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-i386\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-amd64\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp-lpae\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-common\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-ixp4xx\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-kirkwood\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-orion5x\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-versatile\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-586\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae-dbg\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64-dbg\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp-lpae\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-ixp4xx\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-kirkwood\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-orion5x\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-versatile\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-libc-dev\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-3.16\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-3.16\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-3.16.0-9\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-linux-system-3.16.0-9-amd64\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:45", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4145 advisory.\n\n - Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor. (CVE-2016-2384)\n\n - The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f. (CVE-2018-1000199)\n\n - System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. (CVE-2018-3665)\n\n - The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call. (CVE-2016-2543)\n\n - sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call. (CVE-2016-2549)\n\n - Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time. (CVE-2016-2544)\n\n - The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call. (CVE-2016-2545)\n\n - sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after- free, and system crash) via a crafted ioctl call. (CVE-2016-2547)\n\n - sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions. (CVE-2016-2548)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2018-06-18T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4145)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2018-1000199", "CVE-2018-3665"], "modified": "2021-09-08T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2018-4145.NASL", "href": "https://www.tenable.com/plugins/nessus/110585", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2018-4145.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110585);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2016-2384\",\n \"CVE-2016-2543\",\n \"CVE-2016-2544\",\n \"CVE-2016-2545\",\n \"CVE-2016-2547\",\n \"CVE-2016-2548\",\n \"CVE-2016-2549\",\n \"CVE-2018-3665\",\n \"CVE-2018-1000199\"\n );\n script_xref(name:\"IAVA\", value:\"2018-A-0196-S\");\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4145)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2018-4145 advisory.\n\n - Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel\n before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have\n unspecified other impact via vectors involving an invalid USB descriptor. (CVE-2016-2384)\n\n - The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint()\n that can result in crash and possibly memory corruption. This attack appear to be exploitable via local\n code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit\n f67b15037a7a50c57f72e69a6d59941ad90a0f0f. (CVE-2018-1000199)\n\n - System software utilizing Lazy FP state restore technique on systems using Intel Core-based\n microprocessors may potentially allow a local process to infer data from another process through a\n speculative execution side channel. (CVE-2018-3665)\n\n - The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before\n 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to\n cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call. (CVE-2016-2543)\n\n - sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which\n allows local users to cause a denial of service (deadlock) via a crafted ioctl call. (CVE-2016-2549)\n\n - Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1\n allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call\n at a certain time. (CVE-2016-2544)\n\n - The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly\n maintain a certain linked list, which allows local users to cause a denial of service (race condition and\n system crash) via a crafted ioctl call. (CVE-2016-2545)\n\n - sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider\n slave timer instances, which allows local users to cause a denial of service (race condition, use-after-\n free, and system crash) via a crafted ioctl call. (CVE-2016-2547)\n\n - sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop\n action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call,\n related to the (1) snd_timer_close and (2) _snd_timer_stop functions. (CVE-2016-2548)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2018-4145.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-3665\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.39-400.299.3.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2018-4145');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.39-400.299.3.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.299.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.299.3.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.299.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.299.3.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.299.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.299.3.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.299.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.299.3.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.299.3.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:11", "description": "Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events.\nA local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134)\n\nIt was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. (CVE-2013-4312)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7566)\n\nRalf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833)\n\nIt was discovered that a race condition existed when handling heartbeat- timeout events in the SCTP implementation of the Linux kernel. A remote attacker could use this to cause a denial of service.\n(CVE-2015-8767)\n\nIt was discovered that a race condition existed in the ioctl handler for the TTY driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2016-0723)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's translation lookaside buffer (TLB) handling of flush events. A local attacker could use this to cause a denial of service or possibly leak sensitive information. (CVE-2016-2069)\n\nAndrey Konovalov discovered that the ALSA USB MIDI driver incorrectly performed a double-free. A local attacker with physical access could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-2384)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework did not verify that a FIFO was attached to a client before attempting to clear it. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2543)\n\nDmitry Vyukov discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) framework between timer setup and closing of the client, resulting in a use-after-free. A local attacker could use this to cause a denial of service. (CVE-2016-2544)\n\nDmitry Vyukov discovered a race condition in the timer handling implementation of the Advanced Linux Sound Architecture (ALSA) framework, resulting in a use-after-free. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2545)\n\nDmitry Vyukov discovered race conditions in the Advanced Linux Sound Architecture (ALSA) framework's timer ioctls leading to a use-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2016-2546)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers did not properly manage its data structures. A local attacker could use this to cause a denial of service (system hang or crash) or possibly execute arbitrary code. (CVE-2016-2547, CVE-2016-2548)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers could lead to a deadlock condition. A local attacker could use this to cause a denial of service (system hang). (CVE-2016-2549)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2016-2782).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-03-15T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-2932-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-7566", "CVE-2015-7833", "CVE-2015-8767", "CVE-2016-0723", "CVE-2016-2069", "CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2016-2782", "CVE-2016-3134"], "modified": "2023-01-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2932-1.NASL", "href": "https://www.tenable.com/plugins/nessus/89937", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2932-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89937);\n script_version(\"2.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2015-8767\", \"CVE-2016-0723\", \"CVE-2016-2069\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-3134\");\n script_xref(name:\"USN\", value:\"2932-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-2932-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ben Hawkes discovered that the Linux netfilter implementation did not\ncorrectly perform validation when handling IPT_SO_SET_REPLACE events.\nA local unprivileged attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code with\nadministrative privileges. (CVE-2016-3134)\n\nIt was discovered that the Linux kernel did not properly enforce\nrlimits for file descriptors sent over UNIX domain sockets. A local\nattacker could use this to cause a denial of service. (CVE-2013-4312)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2015-7566)\n\nRalf Spenneberg discovered that the usbvision driver in the Linux\nkernel did not properly sanity check the interfaces and endpoints\nreported by the device. An attacker with physical access could cause a\ndenial of service (system crash). (CVE-2015-7833)\n\nIt was discovered that a race condition existed when handling\nheartbeat- timeout events in the SCTP implementation of the Linux\nkernel. A remote attacker could use this to cause a denial of service.\n(CVE-2015-8767)\n\nIt was discovered that a race condition existed in the ioctl handler\nfor the TTY driver in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or expose sensitive\ninformation. (CVE-2016-0723)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's\ntranslation lookaside buffer (TLB) handling of flush events. A local\nattacker could use this to cause a denial of service or possibly leak\nsensitive information. (CVE-2016-2069)\n\nAndrey Konovalov discovered that the ALSA USB MIDI driver incorrectly\nperformed a double-free. A local attacker with physical access could\nuse this to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-2384)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework did not verify that a FIFO was attached to a client\nbefore attempting to clear it. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-2543)\n\nDmitry Vyukov discovered that a race condition existed in the Advanced\nLinux Sound Architecture (ALSA) framework between timer setup and\nclosing of the client, resulting in a use-after-free. A local attacker\ncould use this to cause a denial of service. (CVE-2016-2544)\n\nDmitry Vyukov discovered a race condition in the timer handling\nimplementation of the Advanced Linux Sound Architecture (ALSA)\nframework, resulting in a use-after-free. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2016-2545)\n\nDmitry Vyukov discovered race conditions in the Advanced Linux Sound\nArchitecture (ALSA) framework's timer ioctls leading to a\nuse-after-free. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2016-2546)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework's handling of high resolution timers did not properly\nmanage its data structures. A local attacker could use this to cause a\ndenial of service (system hang or crash) or possibly execute arbitrary\ncode. (CVE-2016-2547, CVE-2016-2548)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework's handling of high resolution timers could lead to a\ndeadlock condition. A local attacker could use this to cause a denial\nof service (system hang). (CVE-2016-2549)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2016-2782).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2932-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.19-generic,\nlinux-image-3.19-generic-lpae and / or linux-image-3.19-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4312\", \"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2015-8767\", \"CVE-2016-0723\", \"CVE-2016-2069\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-3134\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2932-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-56-generic\", pkgver:\"3.19.0-56.62~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-56-generic-lpae\", pkgver:\"3.19.0-56.62~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-56-lowlatency\", pkgver:\"3.19.0-56.62~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.19-generic / linux-image-3.19-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:04:16", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leak or data loss.\n\n - CVE-2013-4312, CVE-2016-2847 Tetsuo Handa discovered that users can use pipes queued on local (Unix) sockets to allocate an unfair share of kernel memory, leading to denial-of-service (resource exhaustion).\n\n This issue was previously mitigated for the stable suite by limiting the total number of files queued by each user on local sockets. The new kernel version in both suites includes that mitigation plus limits on the total size of pipe buffers allocated for each user.\n\n - CVE-2015-7566 Ralf Spenneberg of OpenSource Security reported that the visor driver crashes when a specially crafted USB device without bulk-out endpoint is detected.\n\n - CVE-2015-8767 An SCTP denial-of-service was discovered which can be triggered by a local attacker during a heartbeat timeout event after the 4-way handshake.\n\n - CVE-2015-8785 It was discovered that local users permitted to write to a file on a FUSE filesystem could cause a denial of service (unkillable loop in the kernel).\n\n - CVE-2015-8812 A flaw was found in the iw_cxgb3 Infiniband driver.\n Whenever it could not send a packet because the network was congested, it would free the packet buffer but later attempt to send the packet again. This use-after-free could result in a denial of service (crash or hang), data loss or privilege escalation.\n\n - CVE-2015-8816 A use-after-free vulnerability was discovered in the USB hub driver. This may be used by a physically present user for privilege escalation.\n\n - CVE-2015-8830 Ben Hawkes of Google Project Zero reported that the AIO interface permitted reading or writing 2 GiB of data or more in a single chunk, which could lead to an integer overflow when applied to certain filesystems, socket or device types. The full security impact has not been evaluated.\n\n - CVE-2016-0723 A use-after-free vulnerability was discovered in the TIOCGETD ioctl. A local attacker could use this flaw for denial-of-service.\n\n - CVE-2016-0774 It was found that the fix for CVE-2015-1805 in kernel versions older than Linux 3.16 did not correctly handle the case of a partially failed atomic read. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space.\n\n - CVE-2016-2069 Andy Lutomirski discovered a race condition in flushing of the TLB when switching tasks on an x86 system. On an SMP system this could possibly lead to a crash, information leak or privilege escalation.\n\n - CVE-2016-2384 Andrey Konovalov found that a crafted USB MIDI device with an invalid USB descriptor could trigger a double-free. This may be used by a physically present user for privilege escalation.\n\n - CVE-2016-2543 Dmitry Vyukov found that the core sound sequencer driver (snd-seq) lacked a necessary check for a NULL pointer, allowing a user with access to a sound sequencer device to cause a denial-of service (crash).\n\n - CVE-2016-2544, CVE-2016-2546, CVE-2016-2547, CVE-2016-2548\n\n Dmitry Vyukov found various race conditions in the sound subsystem (ALSA)'s management of timers. A user with access to sound devices could use these to cause a denial-of-service (crash or hang) or possibly for privilege escalation.\n\n - CVE-2016-2545 Dmitry Vyukov found a flaw in list manipulation in the sound subsystem (ALSA)'s management of timers. A user with access to sound devices could use this to cause a denial-of-service (crash or hang) or possibly for privilege escalation.\n\n - CVE-2016-2549 Dmitry Vyukov found a potential deadlock in the sound subsystem (ALSA)'s use of high resolution timers. A user with access to sound devices could use this to cause a denial-of-service (hang).\n\n - CVE-2016-2550 The original mitigation of CVE-2013-4312, limiting the total number of files a user could queue on local sockets, was flawed. A user given a local socket opened by another user, for example through the systemd socket activation mechanism, could make use of the other user's quota, again leading to a denial-of-service (resource exhaustion). This is fixed by accounting queued files to the sender rather than the socket opener.", "cvss3": {}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "Debian DSA-3503-1 : linux - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-1805", "CVE-2015-7566", "CVE-2015-8767", "CVE-2015-8785", "CVE-2015-8812", "CVE-2015-8816", "CVE-2015-8830", "CVE-2016-0723", "CVE-2016-0774", "CVE-2016-2069", "CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2016-2550", "CVE-2016-2847"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3503.NASL", "href": "https://www.tenable.com/plugins/nessus/89122", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3503. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89122);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-7566\", \"CVE-2015-8767\", \"CVE-2015-8785\", \"CVE-2015-8812\", \"CVE-2015-8816\", \"CVE-2015-8830\", \"CVE-2016-0723\", \"CVE-2016-0774\", \"CVE-2016-2069\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2550\", \"CVE-2016-2847\");\n script_xref(name:\"DSA\", value:\"3503\");\n\n script_name(english:\"Debian DSA-3503-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service, information\nleak or data loss.\n\n - CVE-2013-4312, CVE-2016-2847\n Tetsuo Handa discovered that users can use pipes queued\n on local (Unix) sockets to allocate an unfair share of\n kernel memory, leading to denial-of-service (resource\n exhaustion).\n\n This issue was previously mitigated for the stable suite by limiting\n the total number of files queued by each user on local sockets. The\n new kernel version in both suites includes that mitigation plus\n limits on the total size of pipe buffers allocated for each user.\n\n - CVE-2015-7566\n Ralf Spenneberg of OpenSource Security reported that the\n visor driver crashes when a specially crafted USB device\n without bulk-out endpoint is detected.\n\n - CVE-2015-8767\n An SCTP denial-of-service was discovered which can be\n triggered by a local attacker during a heartbeat timeout\n event after the 4-way handshake.\n\n - CVE-2015-8785\n It was discovered that local users permitted to write to\n a file on a FUSE filesystem could cause a denial of\n service (unkillable loop in the kernel).\n\n - CVE-2015-8812\n A flaw was found in the iw_cxgb3 Infiniband driver.\n Whenever it could not send a packet because the network\n was congested, it would free the packet buffer but later\n attempt to send the packet again. This use-after-free\n could result in a denial of service (crash or hang),\n data loss or privilege escalation.\n\n - CVE-2015-8816\n A use-after-free vulnerability was discovered in the USB\n hub driver. This may be used by a physically present\n user for privilege escalation.\n\n - CVE-2015-8830\n Ben Hawkes of Google Project Zero reported that the AIO\n interface permitted reading or writing 2 GiB of data or\n more in a single chunk, which could lead to an integer\n overflow when applied to certain filesystems, socket or\n device types. The full security impact has not been\n evaluated.\n\n - CVE-2016-0723\n A use-after-free vulnerability was discovered in the\n TIOCGETD ioctl. A local attacker could use this flaw for\n denial-of-service.\n\n - CVE-2016-0774\n It was found that the fix for CVE-2015-1805 in kernel\n versions older than Linux 3.16 did not correctly handle\n the case of a partially failed atomic read. A local,\n unprivileged user could use this flaw to crash the\n system or leak kernel memory to user space.\n\n - CVE-2016-2069\n Andy Lutomirski discovered a race condition in flushing\n of the TLB when switching tasks on an x86 system. On an\n SMP system this could possibly lead to a crash,\n information leak or privilege escalation.\n\n - CVE-2016-2384\n Andrey Konovalov found that a crafted USB MIDI device\n with an invalid USB descriptor could trigger a\n double-free. This may be used by a physically present\n user for privilege escalation.\n\n - CVE-2016-2543\n Dmitry Vyukov found that the core sound sequencer driver\n (snd-seq) lacked a necessary check for a NULL pointer,\n allowing a user with access to a sound sequencer device\n to cause a denial-of service (crash).\n\n - CVE-2016-2544, CVE-2016-2546, CVE-2016-2547,\n CVE-2016-2548\n\n Dmitry Vyukov found various race conditions in the sound\n subsystem (ALSA)'s management of timers. A user with\n access to sound devices could use these to cause a\n denial-of-service (crash or hang) or possibly for\n privilege escalation.\n\n - CVE-2016-2545\n Dmitry Vyukov found a flaw in list manipulation in the\n sound subsystem (ALSA)'s management of timers. A user\n with access to sound devices could use this to cause a\n denial-of-service (crash or hang) or possibly for\n privilege escalation.\n\n - CVE-2016-2549\n Dmitry Vyukov found a potential deadlock in the sound\n subsystem (ALSA)'s use of high resolution timers. A user\n with access to sound devices could use this to cause a\n denial-of-service (hang).\n\n - CVE-2016-2550\n The original mitigation of CVE-2013-4312, limiting the\n total number of files a user could queue on local\n sockets, was flawed. A user given a local socket opened\n by another user, for example through the systemd socket\n activation mechanism, could make use of the other user's\n quota, again leading to a denial-of-service (resource\n exhaustion). This is fixed by accounting queued files to\n the sender rather than the socket opener.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8785\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-0723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-0774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-0723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-0774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3503\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 3.2.73-2+deb7u3. The oldstable distribution (wheezy)\nis not affected by CVE-2015-8830.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 3.16.7-ckt20-1+deb8u4. CVE-2013-4312, CVE-2015-7566,\nCVE-2015-8767 and CVE-2016-0723 were already fixed in DSA-3448-1.\nCVE-2016-0774 does not affect the stable distribution.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"linux\", reference:\"3.2.73-2+deb7u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-arm\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-x86\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-x86\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-3.16\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-586\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-686-pae\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-amd64\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armel\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armhf\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-i386\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-amd64\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp-lpae\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-common\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-ixp4xx\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-kirkwood\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-orion5x\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-versatile\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-586\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae-dbg\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64-dbg\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp-lpae\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-ixp4xx\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-kirkwood\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-orion5x\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-versatile\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-libc-dev\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-3.16\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-3.16\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-3.16.0-9\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-linux-system-3.16.0-9-amd64\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:13", "description": "The SUSE Linux Enterprise 12 kernel was updated to 3.12.55 to receive various security and bugfixes.\n\nFeatures added :\n\n - A improved XEN blkfront module was added, which allows more I/O bandwidth. (FATE#320625) It is called xen-blkfront in PV, and xen-vbd-upstream in HVM mode.\n\nThe following security bugs were fixed :\n\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654).\n\n - CVE-2015-5707: Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request (bnc#940338).\n\n - CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and gid mappings, which allowed local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states 'there is no kernel bug here' (bnc#959709 bnc#960561).\n\n - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509).\n\n - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765).\n\n - CVE-2015-8812: A use-after-free flaw was found in the CXGB3 kernel driver when the network was considered to be congested. This could be used by local attackers to cause machine crashes or potentially code executuon (bsc#966437).\n\n - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500).\n\n - CVE-2016-0774: A pipe buffer state corruption after unsuccessful atomic read from pipe was fixed (bsc#964730).\n\n - CVE-2016-2069: Race conditions in TLB syncing was fixed which could leak to information leaks (bnc#963767).\n\n - CVE-2016-2384: A double-free triggered by invalid USB descriptor in ALSA usb-audio was fixed, which could be exploited by physical local attackers to crash the kernel or gain code execution (bnc#966693).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-03-17T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:0785-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7446", "CVE-2015-5707", "CVE-2015-8709", "CVE-2015-8767", "CVE-2015-8785", "CVE-2015-8812", "CVE-2016-0723", "CVE-2016-0774", "CVE-2016-2069", "CVE-2016-2384"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-0785-1.NASL", "href": "https://www.tenable.com/plugins/nessus/89993", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0785-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89993);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-7446\", \"CVE-2015-5707\", \"CVE-2015-8709\", \"CVE-2015-8767\", \"CVE-2015-8785\", \"CVE-2015-8812\", \"CVE-2016-0723\", \"CVE-2016-0774\", \"CVE-2016-2069\", \"CVE-2016-2384\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:0785-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 kernel was updated to 3.12.55 to receive\nvarious security and bugfixes.\n\nFeatures added :\n\n - A improved XEN blkfront module was added, which allows\n more I/O bandwidth. (FATE#320625) It is called\n xen-blkfront in PV, and xen-vbd-upstream in HVM mode.\n\nThe following security bugs were fixed :\n\n - CVE-2013-7446: Use-after-free vulnerability in\n net/unix/af_unix.c in the Linux kernel allowed local\n users to bypass intended AF_UNIX socket permissions or\n cause a denial of service (panic) via crafted epoll_ctl\n calls (bnc#955654).\n\n - CVE-2015-5707: Integer overflow in the sg_start_req\n function in drivers/scsi/sg.c in the Linux kernel\n allowed local users to cause a denial of service or\n possibly have unspecified other impact via a large\n iov_count value in a write request (bnc#940338).\n\n - CVE-2015-8709: kernel/ptrace.c in the Linux kernel\n mishandled uid and gid mappings, which allowed local\n users to gain privileges by establishing a user\n namespace, waiting for a root process to enter that\n namespace with an unsafe uid or gid, and then using the\n ptrace system call. NOTE: the vendor states 'there is no\n kernel bug here' (bnc#959709 bnc#960561).\n\n - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux\n kernel did not properly manage the relationship between\n a lock and a socket, which allowed local users to cause\n a denial of service (deadlock) via a crafted sctp_accept\n call (bnc#961509).\n\n - CVE-2015-8785: The fuse_fill_write_pages function in\n fs/fuse/file.c in the Linux kernel allowed local users\n to cause a denial of service (infinite loop) via a\n writev system call that triggers a zero length for the\n first segment of an iov (bnc#963765).\n\n - CVE-2015-8812: A use-after-free flaw was found in the\n CXGB3 kernel driver when the network was considered to\n be congested. This could be used by local attackers to\n cause machine crashes or potentially code executuon\n (bsc#966437).\n\n - CVE-2016-0723: Race condition in the tty_ioctl function\n in drivers/tty/tty_io.c in the Linux kernel allowed\n local users to obtain sensitive information from kernel\n memory or cause a denial of service (use-after-free and\n system crash) by making a TIOCGETD ioctl call during\n processing of a TIOCSETD ioctl call (bnc#961500).\n\n - CVE-2016-0774: A pipe buffer state corruption after\n unsuccessful atomic read from pipe was fixed\n (bsc#964730).\n\n - CVE-2016-2069: Race conditions in TLB syncing was fixed\n which could leak to information leaks (bnc#963767).\n\n - CVE-2016-2384: A double-free triggered by invalid USB\n descriptor in ALSA usb-audio was fixed, which could be\n exploited by physical local attackers to crash the\n kernel or gain code execution (bnc#966693).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=812259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=816099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=855062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=867583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=884701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=899908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=941363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943989\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=945219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=947953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=950292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957525\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957986\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959146\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=960174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=960227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=960458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=960561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=960629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=962336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=962356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=962788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=962965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963449\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963765\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963960\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=964201\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=964730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=965199\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=965344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=965830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=965840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=965891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968230\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-7446/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5707/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8709/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8767/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8785/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8812/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0723/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0774/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2069/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2384/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160785-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c1ef02b6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12 :\n\nzypper in -t patch SUSE-SLE-WE-12-2016-460=1\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2016-460=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2016-460=1\n\nSUSE Linux Enterprise Module for Public Cloud 12 :\n\nzypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-460=1\n\nSUSE Linux Enterprise Live Patching 12 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-2016-460=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-460=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.55-52.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.55-52.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.55-52.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.55-52.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.55-52.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.55-52.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.55-52.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-3.12.55-52.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-3.12.55-52.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-debuginfo-3.12.55-52.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debuginfo-3.12.55-52.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debugsource-3.12.55-52.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-devel-3.12.55-52.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-syms-3.12.55-52.42.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-3.12.55-52.42.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-3.12.55-52.42.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-3.12.55-52.42.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-devel-3.12.55-52.42.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-extra-3.12.55-52.42.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-3.12.55-52.42.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-syms-3.12.55-52.42.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.55-52.42.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.55-52.42.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.55-52.42.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.55-52.42.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-30T14:59:07", "description": "It was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. (CVE-2013-4312)\n\nRalf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7515)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7566)\n\nRalf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833)\n\nIt was discovered that a race condition existed when handling heartbeat- timeout events in the SCTP implementation of the Linux kernel. A remote attacker could use this to cause a denial of service.\n(CVE-2015-8767)\n\nVenkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2015-8812)\n\nIt was discovered that a race condition existed in the ioctl handler for the TTY driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2016-0723)\n\nIt was discovered that the Linux kernel did not keep accurate track of pipe buffer details when error conditions occurred, due to an incomplete fix for CVE-2015-1805. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-0774)\n\nZach Riggle discovered that the Linux kernel's list poison feature did not take into account the mmap_min_addr value. A local attacker could use this to bypass the kernel's poison-pointer protection mechanism while attempting to exploit an existing kernel vulnerability.\n(CVE-2016-0821)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's translation lookaside buffer (TLB) handling of flush events. A local attacker could use this to cause a denial of service or possibly leak sensitive information. (CVE-2016-2069)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework did not verify that a FIFO was attached to a client before attempting to clear it. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2543)\n\nDmitry Vyukov discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) framework between timer setup and closing of the client, resulting in a use-after-free. A local attacker could use this to cause a denial of service. (CVE-2016-2544)\n\nDmitry Vyukov discovered a race condition in the timer handling implementation of the Advanced Linux Sound Architecture (ALSA) framework, resulting in a use-after-free. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2545)\n\nDmitry Vyukov discovered race conditions in the Advanced Linux Sound Architecture (ALSA) framework's timer ioctls leading to a use-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2016-2546)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers did not properly manage its data structures. A local attacker could use this to cause a denial of service (system hang or crash) or possibly execute arbitrary code. (CVE-2016-2547, CVE-2016-2548)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers could lead to a deadlock condition. A local attacker could use this to cause a denial of service (system hang). (CVE-2016-2549)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2016-2782)\n\nIt was discovered that the Linux kernel did not enforce limits on the amount of data allocated to buffer pipes. A local attacker could use this to cause a denial of service (resource exhaustion).\n(CVE-2016-2847).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-05-12T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux vulnerabilities (USN-2967-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-1805", "CVE-2015-7515", "CVE-2015-7566", "CVE-2015-7833", "CVE-2015-8767", "CVE-2015-8812", "CVE-2016-0723", "CVE-2016-0774", "CVE-2016-0821", "CVE-2016-2069", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2016-2782", "CVE-2016-2847"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2967-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91087", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2967-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91087);\n script_version(\"2.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-1805\", \"CVE-2015-7515\", \"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2015-8767\", \"CVE-2015-8812\", \"CVE-2016-0723\", \"CVE-2016-0774\", \"CVE-2016-0821\", \"CVE-2016-2069\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-2847\");\n script_xref(name:\"USN\", value:\"2967-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerabilities (USN-2967-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the Linux kernel did not properly enforce\nrlimits for file descriptors sent over UNIX domain sockets. A local\nattacker could use this to cause a denial of service. (CVE-2013-4312)\n\nRalf Spenneberg discovered that the Aiptek Tablet USB device driver in\nthe Linux kernel did not properly sanity check the endpoints reported\nby the device. An attacker with physical access could cause a denial\nof service (system crash). (CVE-2015-7515)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2015-7566)\n\nRalf Spenneberg discovered that the usbvision driver in the Linux\nkernel did not properly sanity check the interfaces and endpoints\nreported by the device. An attacker with physical access could cause a\ndenial of service (system crash). (CVE-2015-7833)\n\nIt was discovered that a race condition existed when handling\nheartbeat- timeout events in the SCTP implementation of the Linux\nkernel. A remote attacker could use this to cause a denial of service.\n(CVE-2015-8767)\n\nVenkatesh Pottem discovered a use-after-free vulnerability in the\nLinux kernel's CXGB3 driver. A local attacker could use this to cause\na denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2015-8812)\n\nIt was discovered that a race condition existed in the ioctl handler\nfor the TTY driver in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or expose sensitive\ninformation. (CVE-2016-0723)\n\nIt was discovered that the Linux kernel did not keep accurate track of\npipe buffer details when error conditions occurred, due to an\nincomplete fix for CVE-2015-1805. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode with administrative privileges. (CVE-2016-0774)\n\nZach Riggle discovered that the Linux kernel's list poison feature did\nnot take into account the mmap_min_addr value. A local attacker could\nuse this to bypass the kernel's poison-pointer protection mechanism\nwhile attempting to exploit an existing kernel vulnerability.\n(CVE-2016-0821)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's\ntranslation lookaside buffer (TLB) handling of flush events. A local\nattacker could use this to cause a denial of service or possibly leak\nsensitive information. (CVE-2016-2069)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework did not verify that a FIFO was attached to a client\nbefore attempting to clear it. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-2543)\n\nDmitry Vyukov discovered that a race condition existed in the Advanced\nLinux Sound Architecture (ALSA) framework between timer setup and\nclosing of the client, resulting in a use-after-free. A local attacker\ncould use this to cause a denial of service. (CVE-2016-2544)\n\nDmitry Vyukov discovered a race condition in the timer handling\nimplementation of the Advanced Linux Sound Architecture (ALSA)\nframework, resulting in a use-after-free. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2016-2545)\n\nDmitry Vyukov discovered race conditions in the Advanced Linux Sound\nArchitecture (ALSA) framework's timer ioctls leading to a\nuse-after-free. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2016-2546)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework's handling of high resolution timers did not properly\nmanage its data structures. A local attacker could use this to cause a\ndenial of service (system hang or crash) or possibly execute arbitrary\ncode. (CVE-2016-2547, CVE-2016-2548)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework's handling of high resolution timers could lead to a\ndeadlock condition. A local attacker could use this to cause a denial\nof service (system hang). (CVE-2016-2549)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2016-2782)\n\nIt was discovered that the Linux kernel did not enforce limits on the\namount of data allocated to buffer pipes. A local attacker could use\nthis to cause a denial of service (resource exhaustion).\n(CVE-2016-2847).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2967-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4312\", \"CVE-2015-1805\", \"CVE-2015-7515\", \"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2015-8767\", \"CVE-2015-8812\", \"CVE-2016-0723\", \"CVE-2016-0774\", \"CVE-2016-0821\", \"CVE-2016-2069\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-2847\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2967-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-102-generic\", pkgver:\"3.2.0-102.142\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-102-generic-pae\", pkgver:\"3.2.0-102.142\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-102-highbank\", pkgver:\"3.2.0-102.142\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-102-virtual\", pkgver:\"3.2.0-102.142\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2-generic / linux-image-3.2-generic-pae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:08", "description": "Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events.\nA local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134)\n\nIt was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. (CVE-2013-4312)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7566)\n\nRalf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833)\n\nIt was discovered that a race condition existed in the ioctl handler for the TTY driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2016-0723)\n\nAndrey Konovalov discovered that the ALSA USB MIDI driver incorrectly performed a double-free. A local attacker with physical access could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-2384)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework did not verify that a FIFO was attached to a client before attempting to clear it. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2543)\n\nDmitry Vyukov discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) framework between timer setup and closing of the client, resulting in a use-after-free. A local attacker could use this to cause a denial of service. (CVE-2016-2544)\n\nDmitry Vyukov discovered a race condition in the timer handling implementation of the Advanced Linux Sound Architecture (ALSA) framework, resulting in a use-after-free. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2545)\n\nDmitry Vyukov discovered race conditions in the Advanced Linux Sound Architecture (ALSA) framework's timer ioctls leading to a use-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2016-2546)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers did not properly manage its data structures. A local attacker could use this to cause a denial of service (system hang or crash) or possibly execute arbitrary code. (CVE-2016-2547, CVE-2016-2548)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers could lead to a deadlock condition. A local attacker could use this to cause a denial of service (system hang). (CVE-2016-2549)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2016-2782).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-03-15T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-2929-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-7566", "CVE-2015-7833", "CVE-2016-0723", "CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2016-2782", "CVE-2016-3134"], "modified": "2023-01-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2929-1.NASL", "href": "https://www.tenable.com/plugins/nessus/89932", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2929-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89932);\n script_version(\"2.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2016-0723\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-3134\");\n script_xref(name:\"USN\", value:\"2929-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-2929-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ben Hawkes discovered that the Linux netfilter implementation did not\ncorrectly perform validation when handling IPT_SO_SET_REPLACE events.\nA local unprivileged attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code with\nadministrative privileges. (CVE-2016-3134)\n\nIt was discovered that the Linux kernel did not properly enforce\nrlimits for file descriptors sent over UNIX domain sockets. A local\nattacker could use this to cause a denial of service. (CVE-2013-4312)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2015-7566)\n\nRalf Spenneberg discovered that the usbvision driver in the Linux\nkernel did not properly sanity check the interfaces and endpoints\nreported by the device. An attacker with physical access could cause a\ndenial of service (system crash). (CVE-2015-7833)\n\nIt was discovered that a race condition existed in the ioctl handler\nfor the TTY driver in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or expose sensitive\ninformation. (CVE-2016-0723)\n\nAndrey Konovalov discovered that the ALSA USB MIDI driver incorrectly\nperformed a double-free. A local attacker with physical access could\nuse this to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-2384)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework did not verify that a FIFO was attached to a client\nbefore attempting to clear it. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-2543)\n\nDmitry Vyukov discovered that a race condition existed in the Advanced\nLinux Sound Architecture (ALSA) framework between timer setup and\nclosing of the client, resulting in a use-after-free. A local attacker\ncould use this to cause a denial of service. (CVE-2016-2544)\n\nDmitry Vyukov discovered a race condition in the timer handling\nimplementation of the Advanced Linux Sound Architecture (ALSA)\nframework, resulting in a use-after-free. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2016-2545)\n\nDmitry Vyukov discovered race conditions in the Advanced Linux Sound\nArchitecture (ALSA) framework's timer ioctls leading to a\nuse-after-free. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2016-2546)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework's handling of high resolution timers did not properly\nmanage its data structures. A local attacker could use this to cause a\ndenial of service (system hang or crash) or possibly execute arbitrary\ncode. (CVE-2016-2547, CVE-2016-2548)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework's handling of high resolution timers could lead to a\ndeadlock condition. A local attacker could use this to cause a denial\nof service (system hang). (CVE-2016-2549)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2016-2782).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2929-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.13-generic,\nlinux-image-3.13-generic-lpae and / or linux-image-3.13-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4312\", \"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2016-0723\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-3134\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2929-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-83-generic\", pkgver:\"3.13.0-83.127\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-83-generic-lpae\", pkgver:\"3.13.0-83.127\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-83-lowlatency\", pkgver:\"3.13.0-83.127\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:05:29", "description": "Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events.\nA local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134)\n\nIt was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. (CVE-2013-4312)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7566)\n\nRalf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833)\n\nIt was discovered that a race condition existed in the ioctl handler for the TTY driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2016-0723)\n\nAndrey Konovalov discovered that the ALSA USB MIDI driver incorrectly performed a double-free. A local attacker with physical access could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-2384)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework did not verify that a FIFO was attached to a client before attempting to clear it. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2543)\n\nDmitry Vyukov discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) framework between timer setup and closing of the client, resulting in a use-after-free. A local attacker could use this to cause a denial of service. (CVE-2016-2544)\n\nDmitry Vyukov discovered a race condition in the timer handling implementation of the Advanced Linux Sound Architecture (ALSA) framework, resulting in a use-after-free. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2545)\n\nDmitry Vyukov discovered race conditions in the Advanced Linux Sound Architecture (ALSA) framework's timer ioctls leading to a use-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2016-2546)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers did not properly manage its data structures. A local attacker could use this to cause a denial of service (system hang or crash) or possibly execute arbitrary code. (CVE-2016-2547, CVE-2016-2548)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers could lead to a deadlock condition. A local attacker could use this to cause a denial of service (system hang). (CVE-2016-2549)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2016-2782).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-03-15T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2929-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-7566", "CVE-2015-7833", "CVE-2016-0723", "CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2016-2782", "CVE-2016-3134"], "modified": "2023-01-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2929-2.NASL", "href": "https://www.tenable.com/plugins/nessus/89933", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2929-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89933);\n script_version(\"2.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2016-0723\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-3134\");\n script_xref(name:\"USN\", value:\"2929-2\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2929-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ben Hawkes discovered that the Linux netfilter implementation did not\ncorrectly perform validation when handling IPT_SO_SET_REPLACE events.\nA local unprivileged attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code with\nadministrative privileges. (CVE-2016-3134)\n\nIt was discovered that the Linux kernel did not properly enforce\nrlimits for file descriptors sent over UNIX domain sockets. A local\nattacker could use this to cause a denial of service. (CVE-2013-4312)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2015-7566)\n\nRalf Spenneberg discovered that the usbvision driver in the Linux\nkernel did not properly sanity check the interfaces and endpoints\nreported by the device. An attacker with physical access could cause a\ndenial of service (system crash). (CVE-2015-7833)\n\nIt was discovered that a race condition existed in the ioctl handler\nfor the TTY driver in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or expose sensitive\ninformation. (CVE-2016-0723)\n\nAndrey Konovalov discovered that the ALSA USB MIDI driver incorrectly\nperformed a double-free. A local attacker with physical access could\nuse this to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-2384)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework did not verify that a FIFO was attached to a client\nbefore attempting to clear it. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-2543)\n\nDmitry Vyukov discovered that a race condition existed in the Advanced\nLinux Sound Architecture (ALSA) framework between timer setup and\nclosing of the client, resulting in a use-after-free. A local attacker\ncould use this to cause a denial of service. (CVE-2016-2544)\n\nDmitry Vyukov discovered a race condition in the timer handling\nimplementation of the Advanced Linux Sound Architecture (ALSA)\nframework, resulting in a use-after-free. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2016-2545)\n\nDmitry Vyukov discovered race conditions in the Advanced Linux Sound\nArchitecture (ALSA) framework's timer ioctls leading to a\nuse-after-free. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2016-2546)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework's handling of high resolution timers did not properly\nmanage its data structures. A local attacker could use this to cause a\ndenial of service (system hang or crash) or possibly execute arbitrary\ncode. (CVE-2016-2547, CVE-2016-2548)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework's handling of high resolution timers could lead to a\ndeadlock condition. A local attacker could use this to cause a denial\nof service (system hang). (CVE-2016-2549)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2016-2782).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2929-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.13-generic and / or\nlinux-image-3.13-generic-lpae packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4312\", \"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2016-0723\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-3134\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2929-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-83-generic\", pkgver:\"3.13.0-83.127~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-83-generic-lpae\", pkgver:\"3.13.0-83.127~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:47", "description": "The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654).\n\n - CVE-2015-7509: fs/ext4/namei.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015 (bnc#956707).\n\n - CVE-2015-7515: An out of bounds memory access in the aiptek USB driver could be used by physical local attackers to crash the kernel (bnc#956708).\n\n - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951).\n\n - CVE-2015-7566: A malicious USB device could cause kernel crashes in the visor device driver (bnc#961512).\n\n - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936).\n\n - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product (bnc#955354).\n\n - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463).\n\n - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886).\n\n - CVE-2015-8550: Optimizations introduced by the compiler could have lead to double fetch vulnerabilities, potentially possibly leading to arbitrary code execution in backend (bsc#957988). (bsc#957988 XSA-155).\n\n - CVE-2015-8551: The PCI backend driver in Xen, when running on an x86 system and using Linux as the driver domain, allowed local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka 'Linux pciback missing sanity checks (bnc#957990).\n\n - CVE-2015-8552: The PCI backend driver in Xen, when running on an x86 system and using Linux as the driver domain, allowed local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka 'Linux pciback missing sanity checks (bnc#957990).\n\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel do not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190).\n\n - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959399).\n\n - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509).\n\n - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765).\n\n - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the network was considered congested. The kernel would incorrectly misinterpret the congestion as an error condition and incorrectly free/clean up the skb. When the device would then send the skb's queued, these structures would be referenced and may panic the system or allow an attacker to escalate privileges in a use-after-free scenario.(bsc#966437).\n\n - CVE-2015-8816: A malicious USB device could cause kernel crashes in the in hub_activate() function (bnc#968010).\n\n - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500).\n\n - CVE-2016-2069: A race in invalidating paging structures that were not in use locally could have lead to disclosoure of information or arbitrary code exectution (bnc#963767).\n\n - CVE-2016-2143: On zSeries a fork of a large process could have caused memory corruption due to incorrect page table handling. (bnc#970504, LTC#138810).\n\n - CVE-2016-2184: A malicious USB device could cause kernel crashes in the alsa usb-audio device driver (bsc#971125).\n\n - CVE-2016-2185: A malicious USB device could cause kernel crashes in the usb_driver_claim_interface function (bnc#971124).\n\n - CVE-2016-2186: A malicious USB device could cause kernel crashes in the powermate device driver (bnc#970958).\n\n - CVE-2016-2384: A double free on the ALSA umidi object was fixed. (bsc#966693).\n\n - CVE-2016-2543: A missing NULL check at remove_events ioctl in the ALSA seq driver was fixed. (bsc#967972).\n\n - CVE-2016-2544: Fix race at timer setup and close in the ALSA seq driver was fixed. (bsc#967973).\n\n - CVE-2016-2545: A double unlink of active_list in the ALSA timer driver was fixed. (bsc#967974).\n\n - CVE-2016-2546: A race among ALSA timer ioctls was fixed (bsc#967975).\n\n - CVE-2016-2547,CVE-2016-2548: The ALSA slave timer list handling was hardened against hangs and races.\n (CVE-2016-2547,CVE-2016-2548,bsc#968011,bsc#968012).\n\n - CVE-2016-2549: A stall in ALSA hrtimer handling was fixed (bsc#968013).\n\n - CVE-2016-2782: A malicious USB device could cause kernel crashes in the visor device driver (bnc#968670).\n\n - CVE-2016-3137: A malicious USB device could cause kernel crashes in the cypress_m8 device driver (bnc#970970).\n\n - CVE-2016-3139: A malicious USB device could cause kernel crashes in the wacom device driver (bnc#970909).\n\n - CVE-2016-3140: A malicious USB device could cause kernel crashes in the digi_acceleport device driver (bnc#970892).\n\n - CVE-2016-3156: A quadratic algorithm could lead to long kernel ipv4 hangs when removing a device with a large number of addresses. (bsc#971360).\n\n - CVE-2016-3955: A remote buffer overflow in the usbip driver could be used by authenticated attackers to crash the kernel. (bsc#975945)\n\n - CVE-2016-2847: A local user could exhaust kernel memory by pushing lots of data into pipes. (bsc#970948).\n\n - CVE-2016-2188: A malicious USB device could cause kernel crashes in the iowarrior device driver (bnc#970956).\n\n - CVE-2016-3138: A malicious USB device could cause kernel crashes in the cdc-acm device driver (bnc#970911).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-05-04T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2016:1203-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2015", "CVE-2013-7446", "CVE-2015-0272", "CVE-2015-7509", "CVE-2015-7515", "CVE-2015-7550", "CVE-2015-7566", "CVE-2015-7799", "CVE-2015-8215", "CVE-2015-8539", "CVE-2015-8543", "CVE-2015-8550", "CVE-2015-8551", "CVE-2015-8552", "CVE-2015-8569", "CVE-2015-8575", "CVE-2015-8767", "CVE-2015-8785", "CVE-2015-8812", "CVE-2015-8816", "CVE-2016-0723", "CVE-2016-2069", "CVE-2016-2143", "CVE-2016-2184", "CVE-2016-2185", "CVE-2016-2186", "CVE-2016-2188", "CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2016-2782", "CVE-2016-2847", "CVE-2016-3137", "CVE-2016-3138", "CVE-2016-3139", "CVE-2016-3140", "CVE-2016-3156", "CVE-2016-3955"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-bigsmp", "p-cpe:/a:novell:suse_linux:kernel-bigsmp-base", "p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-1203-1.NASL", "href": "https://www.tenable.com/plugins/nessus/90884", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1203-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90884);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-2015\", \"CVE-2013-7446\", \"CVE-2015-0272\", \"CVE-2015-7509\", \"CVE-2015-7515\", \"CVE-2015-7550\", \"CVE-2015-7566\", \"CVE-2015-7799\", \"CVE-2015-8215\", \"CVE-2015-8539\", \"CVE-2015-8543\", \"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\", \"CVE-2015-8569\", \"CVE-2015-8575\", \"CVE-2015-8767\", \"CVE-2015-8785\", \"CVE-2015-8812\", \"CVE-2015-8816\", \"CVE-2016-0723\", \"CVE-2016-2069\", \"CVE-2016-2143\", \"CVE-2016-2184\", \"CVE-2016-2185\", \"CVE-2016-2186\", \"CVE-2016-2188\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-2847\", \"CVE-2016-3137\", \"CVE-2016-3138\", \"CVE-2016-3139\", \"CVE-2016-3140\", \"CVE-2016-3156\", \"CVE-2016-3955\");\n script_bugtraq_id(59512);\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2016:1203-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2013-7446: Use-after-free vulnerability in\n net/unix/af_unix.c in the Linux kernel allowed local\n users to bypass intended AF_UNIX socket permissions or\n cause a denial of service (panic) via crafted epoll_ctl\n calls (bnc#955654).\n\n - CVE-2015-7509: fs/ext4/namei.c in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (system crash) via a crafted no-journal\n filesystem, a related issue to CVE-2013-2015\n (bnc#956707).\n\n - CVE-2015-7515: An out of bounds memory access in the\n aiptek USB driver could be used by physical local\n attackers to crash the kernel (bnc#956708).\n\n - CVE-2015-7550: The keyctl_read_key function in\n security/keys/keyctl.c in the Linux kernel did not\n properly use a semaphore, which allowed local users to\n cause a denial of service (NULL pointer dereference and\n system crash) or possibly have unspecified other impact\n via a crafted application that leverages a race\n condition between keyctl_revoke and keyctl_read calls\n (bnc#958951).\n\n - CVE-2015-7566: A malicious USB device could cause kernel\n crashes in the visor device driver (bnc#961512).\n\n - CVE-2015-7799: The slhc_init function in\n drivers/net/slip/slhc.c in the Linux kernel did not\n ensure that certain slot numbers are valid, which\n allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) via a crafted\n PPPIOCSMAXCID ioctl call (bnc#949936).\n\n - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in\n the Linux kernel did not validate attempted changes to\n the MTU value, which allowed context-dependent attackers\n to cause a denial of service (packet loss) via a value\n that is (1) smaller than the minimum compliant value or\n (2) larger than the MTU of an interface, as demonstrated\n by a Router Advertisement (RA) message that is not\n validated by a daemon, a different vulnerability than\n CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is\n limited to the NetworkManager product (bnc#955354).\n\n - CVE-2015-8539: The KEYS subsystem in the Linux kernel\n allowed local users to gain privileges or cause a denial\n of service (BUG) via crafted keyctl commands that\n negatively instantiate a key, related to\n security/keys/encrypted-keys/encrypted.c,\n security/keys/trusted.c, and\n security/keys/user_defined.c (bnc#958463).\n\n - CVE-2015-8543: The networking implementation in the\n Linux kernel did not validate protocol identifiers for\n certain protocol families, which allowed local users to\n cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain\n privileges by leveraging CLONE_NEWUSER support to\n execute a crafted SOCK_RAW application (bnc#958886).\n\n - CVE-2015-8550: Optimizations introduced by the compiler\n could have lead to double fetch vulnerabilities,\n potentially possibly leading to arbitrary code execution\n in backend (bsc#957988). (bsc#957988 XSA-155).\n\n - CVE-2015-8551: The PCI backend driver in Xen, when\n running on an x86 system and using Linux as the driver\n domain, allowed local guest administrators to hit BUG\n conditions and cause a denial of service (NULL pointer\n dereference and host OS crash) by leveraging a system\n with access to a passed-through MSI or MSI-X capable\n physical PCI device and a crafted sequence of\n XEN_PCI_OP_* operations, aka 'Linux pciback missing\n sanity checks (bnc#957990).\n\n - CVE-2015-8552: The PCI backend driver in Xen, when\n running on an x86 system and using Linux as the driver\n domain, allowed local guest administrators to generate a\n continuous stream of WARN messages and cause a denial of\n service (disk consumption) by leveraging a system with\n access to a passed-through MSI or MSI-X capable physical\n PCI device and XEN_PCI_OP_enable_msi operations, aka\n 'Linux pciback missing sanity checks (bnc#957990).\n\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect\n functions in drivers/net/ppp/pptp.c in the Linux kernel\n do not verify an address length, which allowed local\n users to obtain sensitive information from kernel memory\n and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n\n - CVE-2015-8575: The sco_sock_bind function in\n net/bluetooth/sco.c in the Linux kernel did not verify\n an address length, which allowed local users to obtain\n sensitive information from kernel memory and bypass the\n KASLR protection mechanism via a crafted application\n (bnc#959399).\n\n - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux\n kernel did not properly manage the relationship between\n a lock and a socket, which allowed local users to cause\n a denial of service (deadlock) via a crafted sctp_accept\n call (bnc#961509).\n\n - CVE-2015-8785: The fuse_fill_write_pages function in\n fs/fuse/file.c in the Linux kernel allowed local users\n to cause a denial of service (infinite loop) via a\n writev system call that triggers a zero length for the\n first segment of an iov (bnc#963765).\n\n - CVE-2015-8812: A flaw was found in the CXGB3 kernel\n driver when the network was considered congested. The\n kernel would incorrectly misinterpret the congestion as\n an error condition and incorrectly free/clean up the\n skb. When the device would then send the skb's queued,\n these structures would be referenced and may panic the\n system or allow an attacker to escalate privileges in a\n use-after-free scenario.(bsc#966437).\n\n - CVE-2015-8816: A malicious USB device could cause kernel\n crashes in the in hub_activate() function (bnc#968010).\n\n - CVE-2016-0723: Race condition in the tty_ioctl function\n in drivers/tty/tty_io.c in the Linux kernel allowed\n local users to obtain sensitive information from kernel\n memory or cause a denial of service (use-after-free and\n system crash) by making a TIOCGETD ioctl call during\n processing of a TIOCSETD ioctl call (bnc#961500).\n\n - CVE-2016-2069: A race in invalidating paging structures\n that were not in use locally could have lead to\n disclosoure of information or arbitrary code exectution\n (bnc#963767).\n\n - CVE-2016-2143: On zSeries a fork of a large process\n could have caused memory corruption due to incorrect\n page table handling. (bnc#970504, LTC#138810).\n\n - CVE-2016-2184: A malicious USB device could cause kernel\n crashes in the alsa usb-audio device driver\n (bsc#971125).\n\n - CVE-2016-2185: A malicious USB device could cause kernel\n crashes in the usb_driver_claim_interface function\n (bnc#971124).\n\n - CVE-2016-2186: A malicious USB device could cause kernel\n crashes in the powermate device driver (bnc#970958).\n\n - CVE-2016-2384: A double free on the ALSA umidi object\n was fixed. (bsc#966693).\n\n - CVE-2016-2543: A missing NULL check at remove_events\n ioctl in the ALSA seq driver was fixed. (bsc#967972).\n\n - CVE-2016-2544: Fix race at timer setup and close in the\n ALSA seq driver was fixed. (bsc#967973).\n\n - CVE-2016-2545: A double unlink of active_list in the\n ALSA timer driver was fixed. (bsc#967974).\n\n - CVE-2016-2546: A race among ALSA timer ioctls was fixed\n (bsc#967975).\n\n - CVE-2016-2547,CVE-2016-2548: The ALSA slave timer list\n handling was hardened against hangs and races.\n (CVE-2016-2547,CVE-2016-2548,bsc#968011,bsc#968012).\n\n - CVE-2016-2549: A stall in ALSA hrtimer handling was\n fixed (bsc#968013).\n\n - CVE-2016-2782: A malicious USB device could cause kernel\n crashes in the visor device driver (bnc#968670).\n\n - CVE-2016-3137: A malicious USB device could cause kernel\n crashes in the cypress_m8 device driver (bnc#970970).\n\n - CVE-2016-3139: A malicious USB device could cause kernel\n crashes in the wacom device driver (bnc#970909).\n\n - CVE-2016-3140: A malicious USB device could cause kernel\n crashes in the digi_acceleport device driver\n (bnc#970892).\n\n - CVE-2016-3156: A quadratic algorithm could lead to long\n kernel ipv4 hangs when removing a device with a large\n number of addresses. (bsc#971360).\n\n - CVE-2016-3955: A remote buffer overflow in the usbip\n driver could be used by authenticated attackers to crash\n the kernel. (bsc#975945)\n\n - CVE-2016-2847: A local user could exhaust kernel memory\n by pushing lots of data into pipes. (bsc#970948).\n\n - CVE-2016-2188: A malicious USB device could cause kernel\n crashes in the iowarrior device driver (bnc#970956).\n\n - CVE-2016-3138: A malicious USB device could cause kernel\n crashes in the cdc-acm device driver (bnc#970911).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=758040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=781018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=879378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=879381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=904035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=934787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935123\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=939955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=941514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=946122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=947128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=948330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949298\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949936\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=950750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=950998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=952976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956949\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=960857\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963765\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=964201\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=965319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=965923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968012\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971124\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=974646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=975945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-7446/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7509/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7515/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7550/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7566/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7799/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8215/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8539/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8550/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8551/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8552/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8569/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8575/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8767/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8785/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8812/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8816/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0723/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2069/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2143/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2184/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2185/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2186/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2188/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2384/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2544/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2545/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2546/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2547/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2548/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2549/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2782/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2847/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3137/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3138/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3139/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3140/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3156/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3955/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161203-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ef8495a0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 5 :\n\nzypper in -t patch sleclo50sp3-kernel-20160414-12537=1\n\nSUSE Manager Proxy 2.1 :\n\nzypper in -t patch slemap21-kernel-20160414-12537=1\n\nSUSE Manager 2.1 :\n\nzypper in -t patch sleman21-kernel-20160414-12537=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS :\n\nzypper in -t patch slessp3-kernel-20160414-12537=1\n\nSUSE Linux Enterprise Server 11-EXTRA :\n\nzypper in -t patch slexsp3-kernel-20160414-12537=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-kernel-20160414-12537=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-base-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-devel-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-base-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-devel-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-source-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-syms-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-base-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-devel-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-0.47.79.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:36", "description": "halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges.\n(CVE-2016-1576)\n\nhalfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs.\nA local unprivileged attacker could use this to gain privileges.\n(CVE-2016-1575)\n\nIt was discovered that the Linux kernel keyring subsystem contained a race between read and revoke operations. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7550)\n\nGuoyong Gang discovered that the Linux kernel networking implementation did not validate protocol identifiers for certain protocol families, A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges.\n(CVE-2015-8543)\n\nDmitry Vyukov discovered that the pptp implementation in the Linux kernel did not verify an address length when setting up a socket. A local attacker could use this to craft an application that exposed sensitive information from kernel memory. (CVE-2015-8569)\n\nDavid Miller discovered that the Bluetooth implementation in the Linux kernel did not properly validate the socket address length for Synchronous Connection-Oriented (SCO) sockets. A local attacker could use this to expose sensitive information. (CVE-2015-8575)\n\nIt was discovered that the Linux kernel's Filesystem in Userspace (FUSE) implementation did not handle initial zero length segments properly. A local attacker could use this to cause a denial of service (unkillable task). (CVE-2015-8785).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-02-23T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-2907-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7550", "CVE-2015-8543", "CVE-2015-8569", "CVE-2015-8575", "CVE-2015-8785", "CVE-2016-1575", "CVE-2016-1576"], "modified": "2023-01-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2907-1.NASL", "href": "https://www.tenable.com/plugins/nessus/88895", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2907-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88895);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2015-7550\", \"CVE-2015-8543\", \"CVE-2015-8569\", \"CVE-2015-8575\", \"CVE-2015-8785\", \"CVE-2016-1575\", \"CVE-2016-1576\");\n script_xref(name:\"USN\", value:\"2907-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-2907-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"halfdog discovered that OverlayFS, when mounting on top of a FUSE\nmount, incorrectly propagated file attributes, including setuid. A\nlocal unprivileged attacker could use this to gain privileges.\n(CVE-2016-1576)\n\nhalfdog discovered that OverlayFS in the Linux kernel incorrectly\npropagated security sensitive extended attributes, such as POSIX ACLs.\nA local unprivileged attacker could use this to gain privileges.\n(CVE-2016-1575)\n\nIt was discovered that the Linux kernel keyring subsystem contained a\nrace between read and revoke operations. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2015-7550)\n\nGuoyong Gang discovered that the Linux kernel networking\nimplementation did not validate protocol identifiers for certain\nprotocol families, A local attacker could use this to cause a denial\nof service (system crash) or possibly gain administrative privileges.\n(CVE-2015-8543)\n\nDmitry Vyukov discovered that the pptp implementation in the Linux\nkernel did not verify an address length when setting up a socket. A\nlocal attacker could use this to craft an application that exposed\nsensitive information from kernel memory. (CVE-2015-8569)\n\nDavid Miller discovered that the Bluetooth implementation in the Linux\nkernel did not properly validate the socket address length for\nSynchronous Connection-Oriented (SCO) sockets. A local attacker could\nuse this to expose sensitive information. (CVE-2015-8575)\n\nIt was discovered that the Linux kernel's Filesystem in Userspace\n(FUSE) implementation did not handle initial zero length segments\nproperly. A local attacker could use this to cause a denial of service\n(unkillable task). (CVE-2015-8785).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2907-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.13-generic,\nlinux-image-3.13-generic-lpae and / or linux-image-3.13-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-7550\", \"CVE-2015-8543\", \"CVE-2015-8569\", \"CVE-2015-8575\", \"CVE-2015-8785\", \"CVE-2016-1575\", \"CVE-2016-1576\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2907-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-79-generic\", pkgver:\"3.13.0-79.123\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-79-generic-lpae\", pkgver:\"3.13.0-79.123\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-79-lowlatency\", pkgver:\"3.13.0-79.123\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:39", "description": "USN-2910-1 fixed vulnerabilities in the Ubuntu 15.04 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubuntu 15.04 backport kernel within VMware virtual machines. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nhalfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges.\n(CVE-2016-1576)\n\nhalfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1575)\n\nIt was discovered that the Linux kernel keyring subsystem contained a race between read and revoke operations. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7550)\n\nGuoyong Gang discovered that the Linux kernel networking implementation did not validate protocol identifiers for certain protocol families, A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2015-8543)\n\nDmitry Vyukov discovered that the pptp implementation in the Linux kernel did not verify an address length when setting up a socket. A local attacker could use this to craft an application that exposed sensitive information from kernel memory. (CVE-2015-8569)\n\nDavid Miller discovered that the Bluetooth implementation in the Linux kernel did not properly validate the socket address length for Synchronous Connection-Oriented (SCO) sockets. A local attacker could use this to expose sensitive information. (CVE-2015-8575)\n\nIt was discovered that the Linux kernel's Filesystem in Userspace (FUSE) implementation did not handle initial zero length segments properly. A local attacker could use this to cause a denial of service (unkillable task). (CVE-2015-8785).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-02-29T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-vivid regression (USN-2910-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7550", "CVE-2015-8543", "CVE-2015-8569", "CVE-2015-8575", "CVE-2015-8785", "CVE-2016-1575", "CVE-2016-1576"], "modified": "2023-01-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2910-2.NASL", "href": "https://www.tenable.com/plugins/nessus/89026", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2910-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89026);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2015-7550\", \"CVE-2015-8543\", \"CVE-2015-8569\", \"CVE-2015-8575\", \"CVE-2015-8785\", \"CVE-2016-1575\", \"CVE-2016-1576\");\n script_xref(name:\"USN\", value:\"2910-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-vivid regression (USN-2910-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-2910-1 fixed vulnerabilities in the Ubuntu 15.04 Linux kernel\nbackported to Ubuntu 14.04 LTS. An incorrect locking fix caused a\nregression that broke graphics displays for Ubuntu 14.04 LTS guests\nrunning the Ubuntu 15.04 backport kernel within VMware virtual\nmachines. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nhalfdog discovered that OverlayFS, when mounting on top of a FUSE\nmount, incorrectly propagated file attributes, including setuid. A\nlocal unprivileged attacker could use this to gain privileges.\n(CVE-2016-1576)\n\nhalfdog discovered that OverlayFS in the Linux kernel\nincorrectly propagated security sensitive extended\nattributes, such as POSIX ACLs. A local unprivileged\nattacker could use this to gain privileges. (CVE-2016-1575)\n\nIt was discovered that the Linux kernel keyring subsystem\ncontained a race between read and revoke operations. A local\nattacker could use this to cause a denial of service (system\ncrash). (CVE-2015-7550)\n\nGuoyong Gang discovered that the Linux kernel networking\nimplementation did not validate protocol identifiers for\ncertain protocol families, A local attacker could use this\nto cause a denial of service (system crash) or possibly gain\nadministrative privileges. (CVE-2015-8543)\n\nDmitry Vyukov discovered that the pptp implementation in the\nLinux kernel did not verify an address length when setting\nup a socket. A local attacker could use this to craft an\napplication that exposed sensitive information from kernel\nmemory. (CVE-2015-8569)\n\nDavid Miller discovered that the Bluetooth implementation in\nthe Linux kernel did not properly validate the socket\naddress length for Synchronous Connection-Oriented (SCO)\nsockets. A local attacker could use this to expose sensitive\ninformation. (CVE-2015-8575)\n\nIt was discovered that the Linux kernel's Filesystem in\nUserspace (FUSE) implementation did not handle initial zero\nlength segments properly. A local attacker could use this to\ncause a denial of service (unkillable task). (CVE-2015-8785).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2910-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.19-generic,\nlinux-image-3.19-generic-lpae and / or linux-image-3.19-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-7550\", \"CVE-2015-8543\", \"CVE-2015-8569\", \"CVE-2015-8575\", \"CVE-2015-8785\", \"CVE-2016-1575\", \"CVE-2016-1576\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2910-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-51-generic\", pkgver:\"3.19.0-51.58~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-51-generic-lpae\", pkgver:\"3.19.0-51.58~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-51-lowlatency\", pkgver:\"3.19.0-51.58~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.19-generic / linux-image-3.19-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:35", "description": "halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges.\n(CVE-2016-1576)\n\nhalfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs.\nA local unprivileged attacker could use this to gain privileges.\n(CVE-2016-1575)\n\nIt was discovered that the Linux kernel keyring subsystem contained a race between read and revoke operations. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7550)\n\nGuoyong Gang discovered that the Linux kernel networking implementation did not validate protocol identifiers for certain protocol families, A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges.\n(CVE-2015-8543)\n\nDmitry Vyukov discovered that the pptp implementation in the Linux kernel did not verify an address length when setting up a socket. A local attacker could use this to craft an application that exposed sensitive information from kernel memory. (CVE-2015-8569)\n\nDavid Miller discovered that the Bluetooth implementation in the Linux kernel did not properly validate the socket address length for Synchronous Connection-Oriented (SCO) sockets. A local attacker could use this to expose sensitive information. (CVE-2015-8575)\n\nIt was discovered that the Linux kernel's Filesystem in Userspace (FUSE) implementation did not handle initial zero length segments properly. A local attacker could use this to cause a denial of service (unkillable task). (CVE-2015-8785).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-02-23T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-2910-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7550", "CVE-2015-8543", "CVE-2015-8569", "CVE-2015-8575", "CVE-2015-8785", "CVE-2016-1575", "CVE-2016-1576"], "modified": "2023-01-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2910-1.NASL", "href": "https://www.tenable.com/plugins/nessus/88901", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2910-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88901);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2015-7550\", \"CVE-2015-8543\", \"CVE-2015-8569\", \"CVE-2015-8575\", \"CVE-2015-8785\", \"CVE-2016-1575\", \"CVE-2016-1576\");\n script_xref(name:\"USN\", value:\"2910-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-2910-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"halfdog discovered that OverlayFS, when mounting on top of a FUSE\nmount, incorrectly propagated file attributes, including setuid. A\nlocal unprivileged attacker could use this to gain privileges.\n(CVE-2016-1576)\n\nhalfdog discovered that OverlayFS in the Linux kernel incorrectly\npropagated security sensitive extended attributes, such as POSIX ACLs.\nA local unprivileged attacker could use this to gain privileges.\n(CVE-2016-1575)\n\nIt was discovered that the Linux kernel keyring subsystem contained a\nrace between read and revoke operations. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2015-7550)\n\nGuoyong Gang discovered that the Linux kernel networking\nimplementation did not validate protocol identifiers for certain\nprotocol families, A local attacker could use this to cause a denial\nof service (system crash) or possibly gain administrative privileges.\n(CVE-2015-8543)\n\nDmitry Vyukov discovered that the pptp implementation in the Linux\nkernel did not verify an address length when setting up a socket. A\nlocal attacker could use this to craft an application that exposed\nsensitive information from kernel memory. (CVE-2015-8569)\n\nDavid Miller discovered that the Bluetooth implementation in the Linux\nkernel did not properly validate the socket address length for\nSynchronous Connection-Oriented (SCO) sockets. A local attacker could\nuse this to expose sensitive information. (CVE-2015-8575)\n\nIt was discovered that the Linux kernel's Filesystem in Userspace\n(FUSE) implementation did not handle initial zero length segments\nproperly. A local attacker could use this to cause a denial of service\n(unkillable task). (CVE-2015-8785).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2910-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.19-generic,\nlinux-image-3.19-generic-lpae and / or linux-image-3.19-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-7550\", \"CVE-2015-8543\", \"CVE-2015-8569\", \"CVE-2015-8575\", \"CVE-2015-8785\", \"CVE-2016-1575\", \"CVE-2016-1576\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2910-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-51-generic\", pkgver:\"3.19.0-51.57~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-51-generic-lpae\", pkgver:\"3.19.0-51.57~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-51-lowlatency\", pkgver:\"3.19.0-51.57~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.19-generic / linux-image-3.19-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:36", "description": "halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges.\n(CVE-2016-1576)\n\nhalfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs.\nA local unprivileged attacker could use this to gain privileges.\n(CVE-2016-1575)\n\nIt was discovered that the Linux kernel keyring subsystem contained a race between read and revoke operations. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7550)\n\nGuoyong Gang discovered that the Linux kernel networking implementation did not validate protocol identifiers for certain protocol families, A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges.\n(CVE-2015-8543)\n\nDmitry Vyukov discovered that the pptp implementation in the Linux kernel did not verify an address length when setting up a socket. A local attacker could use this to craft an application that exposed sensitive information from kernel memory. (CVE-2015-8569)\n\nDavid Miller discovered that the Bluetooth implementation in the Linux kernel did not properly validate the socket address length for Synchronous Connection-Oriented (SCO) sockets. A local attacker could use this to expose sensitive information. (CVE-2015-8575)\n\nIt was discovered that the Linux kernel's Filesystem in Userspace (FUSE) implementation did not handle initial zero length segments properly. A local attacker could use this to cause a denial of service (unkillable task). (CVE-2015-8785).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-02-23T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2907-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7550", "CVE-2015-8543", "CVE-2015-8569", "CVE-2015-8575", "CVE-2015-8785", "CVE-2016-1575", "CVE-2016-1576"], "modified": "2023-01-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2907-2.NASL", "href": "https://www.tenable.com/plugins/nessus/88896", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2907-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88896);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2015-7550\", \"CVE-2015-8543\", \"CVE-2015-8569\", \"CVE-2015-8575\", \"CVE-2015-8785\", \"CVE-2016-1575\", \"CVE-2016-1576\");\n script_xref(name:\"USN\", value:\"2907-2\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2907-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"halfdog discovered that OverlayFS, when mounting on top of a FUSE\nmount, incorrectly propagated file attributes, including setuid. A\nlocal unprivileged attacker could use this to gain privileges.\n(CVE-2016-1576)\n\nhalfdog discovered that OverlayFS in the Linux kernel incorrectly\npropagated security sensitive extended attributes, such as POSIX ACLs.\nA local unprivileged attacker could use this to gain privileges.\n(CVE-2016-1575)\n\nIt was discovered that the Linux kernel keyring subsystem contained a\nrace between read and revoke operations. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2015-7550)\n\nGuoyong Gang discovered that the Linux kernel networking\nimplementation did not validate protocol identifiers for certain\nprotocol families, A local attacker could use this to cause a denial\nof service (system crash) or possibly gain administrative privileges.\n(CVE-2015-8543)\n\nDmitry Vyukov discovered that the pptp implementation in the Linux\nkernel did not verify an address length when setting up a socket. A\nlocal attacker could use this to craft an application that exposed\nsensitive information from kernel memory. (CVE-2015-8569)\n\nDavid Miller discovered that the Bluetooth implementation in the Linux\nkernel did not properly validate the socket address length for\nSynchronous Connection-Oriented (SCO) sockets. A local attacker could\nuse this to expose sensitive information. (CVE-2015-8575)\n\nIt was discovered that the Linux kernel's Filesystem in Userspace\n(FUSE) implementation did not handle initial zero length segments\nproperly. A local attacker could use this to cause a denial of service\n(unkillable task). (CVE-2015-8785).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2907-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.13-generic and / or\nlinux-image-3.13-generic-lpae packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-7550\", \"CVE-2015-8543\", \"CVE-2015-8569\", \"CVE-2015-8575\", \"CVE-2015-8785\", \"CVE-2016-1575\", \"CVE-2016-1576\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2907-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-79-generic\", pkgver:\"3.13.0-79.123~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-79-generic-lpae\", pkgver:\"3.13.0-79.123~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:19", "description": "Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. (CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device's state. An attacker could exploit this flaw to cause a denial of service (NULL dereference) on the host.\n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device's state. An attacker could exploit this flaw to cause a denial of service by flooding the logging system with WARN() messages causing the initial domain to exhaust disk space.\n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux kernel. The namespace owner could potentially exploit this flaw by ptracing a root owned process entering the user namespace to elevate its privileges and potentially gain access outside of the namespace.\n(http://bugs.launchpad.net/bugs/1527374)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-12-21T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-2854-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8550", "CVE-2015-8551", "CVE-2015-8552"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2854-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87537", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2854-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87537);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\");\n script_xref(name:\"USN\", value:\"2854-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-2854-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Felix Wilhelm discovered a race condition in the Xen paravirtualized\ndrivers which can cause double fetch vulnerabilities. An attacker in\nthe paravirtualized guest could exploit this flaw to cause a denial of\nservice (crash the host) or potentially execute arbitrary code on the\nhost. (CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service (NULL dereference) on the host.\n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service by flooding the logging system\nwith WARN() messages causing the initial domain to exhaust disk space.\n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux\nkernel. The namespace owner could potentially exploit this flaw by\nptracing a root owned process entering the user namespace to elevate\nits privileges and potentially gain access outside of the namespace.\n(http://bugs.launchpad.net/bugs/1527374)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2854-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.19-generic,\nlinux-image-3.19-generic-lpae and / or linux-image-3.19-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2854-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-42-generic\", pkgver:\"3.19.0-42.48~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-42-generic-lpae\", pkgver:\"3.19.0-42.48~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-42-lowlatency\", pkgver:\"3.19.0-42.48~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.19-generic / linux-image-3.19-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:19", "description": "Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. (CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device's state. An attacker could exploit this flaw to cause a denial of service (NULL dereference) on the host.\n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device's state. An attacker could exploit this flaw to cause a denial of service by flooding the logging system with WARN() messages causing the initial domain to exhaust disk space.\n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux kernel. The namespace owner could potentially exploit this flaw by ptracing a root owned process entering the user namespace to elevate its privileges and potentially gain access outside of the namespace.\n(http://bugs.launchpad.net/bugs/1527374)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-12-21T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2849-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8550", "CVE-2015-8551", "CVE-2015-8552"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2849-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87532", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2849-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87532);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\");\n script_xref(name:\"USN\", value:\"2849-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2849-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Felix Wilhelm discovered a race condition in the Xen paravirtualized\ndrivers which can cause double fetch vulnerabilities. An attacker in\nthe paravirtualized guest could exploit this flaw to cause a denial of\nservice (crash the host) or potentially execute arbitrary code on the\nhost. (CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service (NULL dereference) on the host.\n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service by flooding the logging system\nwith WARN() messages causing the initial domain to exhaust disk space.\n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux\nkernel. The namespace owner could potentially exploit this flaw by\nptracing a root owned process entering the user namespace to elevate\nits privileges and potentially gain access outside of the namespace.\n(http://bugs.launchpad.net/bugs/1527374)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2849-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.16-generic,\nlinux-image-3.16-generic-lpae and / or linux-image-3.16-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2849-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-57-generic\", pkgver:\"3.16.0-57.77~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-57-generic-lpae\", pkgver:\"3.16.0-57.77~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-57-lowlatency\", pkgver:\"3.16.0-57.77~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.16-generic / linux-image-3.16-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:09", "description": "Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. (CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device's state. An attacker could exploit this flaw to cause a denial of service (NULL dereference) on the host.\n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device's state. An attacker could exploit this flaw to cause a denial of service by flooding the logging system with WARN() messages causing the initial domain to exhaust disk space.\n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux kernel. The namespace owner could potentially exploit this flaw by ptracing a root owned process entering the user namespace to elevate its privileges and potentially gain access outside of the namespace.\n(http://bugs.launchpad.net/bugs/1527374)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-12-21T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-2848-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8550", "CVE-2015-8551", "CVE-2015-8552"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2848-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87531", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2848-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87531);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\");\n script_xref(name:\"USN\", value:\"2848-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-2848-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Felix Wilhelm discovered a race condition in the Xen paravirtualized\ndrivers which can cause double fetch vulnerabilities. An attacker in\nthe paravirtualized guest could exploit this flaw to cause a denial of\nservice (crash the host) or potentially execute arbitrary code on the\nhost. (CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service (NULL dereference) on the host.\n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service by flooding the logging system\nwith WARN() messages causing the initial domain to exhaust disk space.\n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux\nkernel. The namespace owner could potentially exploit this flaw by\nptracing a root owned process entering the user namespace to elevate\nits privileges and potentially gain access outside of the namespace.\n(http://bugs.launchpad.net/bugs/1527374)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2848-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.13-generic,\nlinux-image-3.13-generic-lpae and / or linux-image-3.13-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2848-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-74-generic\", pkgver:\"3.13.0-74.118\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-74-generic-lpae\", pkgver:\"3.13.0-74.118\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-74-lowlatency\", pkgver:\"3.13.0-74.118\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:19", "description": "Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. (CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device's state. An attacker could exploit this flaw to cause a denial of service (NULL dereference) on the host.\n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device's state. An attacker could exploit this flaw to cause a denial of service by flooding the logging system with WARN() messages causing the initial domain to exhaust disk space.\n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux kernel. The namespace owner could potentially exploit this flaw by ptracing a root owned process entering the user namespace to elevate its privileges and potentially gain access outside of the namespace.\n(http://bugs.launchpad.net/bugs/1527374)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-12-21T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-wily vulnerabilities (USN-2853-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8550", "CVE-2015-8551", "CVE-2015-8552"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2853-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87536", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2853-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87536);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\");\n script_xref(name:\"USN\", value:\"2853-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-wily vulnerabilities (USN-2853-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Felix Wilhelm discovered a race condition in the Xen paravirtualized\ndrivers which can cause double fetch vulnerabilities. An attacker in\nthe paravirtualized guest could exploit this flaw to cause a denial of\nservice (crash the host) or potentially execute arbitrary code on the\nhost. (CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service (NULL dereference) on the host.\n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service by flooding the logging system\nwith WARN() messages causing the initial domain to exhaust disk space.\n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux\nkernel. The namespace owner could potentially exploit this flaw by\nptracing a root owned process entering the user namespace to elevate\nits privileges and potentially gain access outside of the namespace.\n(http://bugs.launchpad.net/bugs/1527374)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2853-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-4.2-generic,\nlinux-image-4.2-generic-lpae and / or linux-image-4.2-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2853-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.2.0-22-generic\", pkgver:\"4.2.0-22.27~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.2.0-22-generic-lpae\", pkgver:\"4.2.0-22.27~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.2.0-22-lowlatency\", pkgver:\"4.2.0-22.27~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.2-generic / linux-image-4.2-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:24", "description": "Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. (CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device's state. An attacker could exploit this flaw to cause a denial of service (NULL dereference) on the host.\n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device's state. An attacker could exploit this flaw to cause a denial of service by flooding the logging system with WARN() messages causing the initial domain to exhaust disk space.\n(CVE-2015-8552).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-12-21T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux vulnerabilities (USN-2846-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8550", "CVE-2015-8551", "CVE-2015-8552"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2846-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87529", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2846-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87529);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\");\n script_xref(name:\"USN\", value:\"2846-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerabilities (USN-2846-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Felix Wilhelm discovered a race condition in the Xen paravirtualized\ndrivers which can cause double fetch vulnerabilities. An attacker in\nthe paravirtualized guest could exploit this flaw to cause a denial of\nservice (crash the host) or potentially execute arbitrary code on the\nhost. (CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service (NULL dereference) on the host.\n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service by flooding the logging system\nwith WARN() messages causing the initial domain to exhaust disk space.\n(CVE-2015-8552).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2846-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2846-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-97-generic\", pkgver:\"3.2.0-97.137\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-97-generic-pae\", pkgver:\"3.2.0-97.137\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-97-highbank\", pkgver:\"3.2.0-97.137\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-97-virtual\", pkgver:\"3.2.0-97.137\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2-generic / linux-image-3.2-generic-pae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:18:17", "description": "Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. (CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device's state. An attacker could exploit this flaw to cause a denial of service (NULL dereference) on the host.\n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device's state. An attacker could exploit this flaw to cause a denial of service by flooding the logging system with WARN() messages causing the initial domain to exhaust disk space.\n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux kernel. The namespace owner could potentially exploit this flaw by ptracing a root owned process entering the user namespace to elevate its privileges and potentially gain access outside of the namespace.\n(http://bugs.launchpad.net/bugs/1527374)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-12-21T00:00:00", "type": "nessus", "title": "Ubuntu 15.04 : linux vulnerabilities (USN-2850-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8550", "CVE-2015-8551", "CVE-2015-8552"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-lowlatency", "cpe:/o:canonical:ubuntu_linux:15.04"], "id": "UBUNTU_USN-2850-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87533", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2850-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87533);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\");\n script_xref(name:\"USN\", value:\"2850-1\");\n\n script_name(english:\"Ubuntu 15.04 : linux vulnerabilities (USN-2850-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Felix Wilhelm discovered a race condition in the Xen paravirtualized\ndrivers which can cause double fetch vulnerabilities. An attacker in\nthe paravirtualized guest could exploit this flaw to cause a denial of\nservice (crash the host) or potentially execute arbitrary code on the\nhost. (CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service (NULL dereference) on the host.\n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service by flooding the logging system\nwith WARN() messages causing the initial domain to exhaust disk space.\n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux\nkernel. The namespace owner could potentially exploit this flaw by\nptracing a root owned process entering the user namespace to elevate\nits privileges and potentially gain access outside of the namespace.\n(http://bugs.launchpad.net/bugs/1527374)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2850-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.19-generic,\nlinux-image-3.19-generic-lpae and / or linux-image-3.19-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/U
Security update for the Linux Kernel (important)
