The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2014-9922: The eCryptfs subsystem in the Linux kernel allowed local
users to gain privileges via a large filesystem stack that includes an
overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c
(bsc#1032340).
- CVE-2015-3288: mm/memory.c in the Linux kernel mishandled anonymous
pages, which allowed local users to gain privileges or cause a denial of
service (page tainting) via a crafted application that triggers writing
to page zero (bnc#979021).
- CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not
verify that a setkey operation has been performed on an AF_ALG socket
before an accept system call is processed, which allowed local users to
cause a denial of service (NULL pointer dereference and system crash)
via a crafted application that did not supply a key, related to the
lrw_crypt function in crypto/lrw.c (bnc#1008374 bsc#1008850).
- CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in
the Linux kernel allowed local users to gain privileges or cause a
denial of service (use-after-free) by making multiple bind system calls
without properly ascertaining whether a socket has the SOCK_ZAPPED
status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c
(bnc#1028415).
- CVE-2016-2188: The iowarrior_probe function in
drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically
proximate attackers to cause a denial of service (NULL pointer
dereference and system crash) via a crafted endpoints value in a USB
device descriptor (bnc#970956).
- CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE
setsockopt implementations in the netfilter subsystem in the Linux
kernel allow local users to gain privileges or cause a denial of service
(memory corruption) by leveraging in-container root access to provide a
crafted offset value that triggers an unintended decrement (bnc#986362).
- CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the
netfilter subsystem in the Linux kernel allowed local users to cause a
denial of service (out-of-bounds read) or possibly obtain sensitive
information from kernel heap memory by leveraging in-container root
access to provide a crafted offset value that leads to crossing a
ruleset blob boundary (bnc#986365).
- CVE-2016-5243: The tipc_nl_compat_link_dump function in
net/tipc/netlink_compat.c in the Linux kernel did not properly copy a
certain string, which allowed local users to obtain sensitive
information from kernel stack memory by reading a Netlink message
(bnc#983212).
- CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg
function in net/socket.c in the Linux kernel allowed remote attackers to
execute arbitrary code via vectors involving a recvmmsg system call that
is mishandled during error processing (bnc#1003077).
- CVE-2017-1000363: A buffer overflow in kernel commandline handling of
the "lp" parameter could be used to bypass certain secure boot settings.
(bnc#1039456).
- CVE-2017-1000364: An issue was discovered in the size of the stack guard
page on Linux, specifically a 4k stack guard page is not sufficiently
large and can be "jumped" over (the stack guard page is bypassed), this
affects Linux Kernel versions 4.11.5 and earlier (the stackguard page
was introduced in 2010) (bnc#1039348).
- CVE-2017-1000365: The Linux Kernel imposes a size restriction on the
arguments and environmental strings passed through
RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the
argument and environment pointers into account, which allowed attackers
to bypass this limitation (bnc#1039354).
- CVE-2017-1000380: sound/core/timer.c in the Linux kernel is vulnerable
to a data race in the ALSA /dev/snd/timer driver resulting in local
users being able to read information belonging to other users, i.e.,
uninitialized memory contents may be disclosed when a read and an ioctl
happen at the same time (bnc#1044125).
- CVE-2017-11176: The mq_notify function in the Linux kernel did not set
the sock pointer to NULL upon entry into the retry logic. During a
user-space close of a Netlink socket, it allowed attackers to cause a
denial of service (use-after-free) or possibly have unspecified other
impact (bnc#1048275).
- CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function
in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users
to gain privileges via a crafted ACPI table (bsc#1049603).
- CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux
kernel allowed local users to gain privileges or cause a denial of
service (double free) by setting the HDLC line discipline (bnc#1027565
bsc#1028372).
- CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local
users to gain privileges or cause a denial of service (NULL pointer
dereference and system crash) via vectors involving a NULL value for a
certain match field, related to the keyring_search_iterator function in
keyring.c (bnc#1030593).
- CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux
kernel is too late in obtaining a certain lock and consequently cannot
ensure that disconnect function calls are safe, which allowed local
users to cause a denial of service (panic) by leveraging access to the
protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003).
- CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel
did not restrict the address calculated by a certain rounding operation,
which allowed local users to map page zero, and consequently bypass a
protection mechanism that exists for the mmap system call, by making
crafted shmget and shmat system calls in a privileged context
(bnc#1026914).
- CVE-2017-5970: The ipv4_pktinfo_prepare function in
net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a
denial of service (system crash) via (1) an application that made
crafted system calls or possibly (2) IPv4 traffic with invalid IP
options (bnc#1024938).
- CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in
net/sctp/socket.c in the Linux kernel allowed local users to cause a
denial of service (assertion failure and panic) via a multithreaded
application that peels off an association in a certain buffer-full state
(bnc#1025235).
- CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c
in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures
in the LISTEN state, which allowed local users to obtain root privileges
or cause a denial of service (double free) via an application that made
an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024 bsc#1033287).
- CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the
Linux kernel allowed remote attackers to cause a denial of service
(infinite loop and soft lockup) via vectors involving a TCP packet with
the URG flag (bnc#1026722).
- CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the
Linux kernel improperly manages lock dropping, which allowed local users
to cause a denial of service (deadlock) via crafted operations on IrDA
devices (bnc#1027178).
- CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly
restrict association peel-off operations during certain wait states,
which allowed local users to cause a denial of service (invalid unlock
and double free) via a multithreaded application. NOTE: this
vulnerability exists because of an incorrect fix for CVE-2017-5986
(bnc#1027066).
- CVE-2017-6951: The keyring_search_aux function in
security/keys/keyring.c in the Linux kernel allowed local users to cause
a denial of service (NULL pointer dereference and OOPS) via a
request_key system call for the "dead" type (bnc#1029850).
- CVE-2017-7184: The xfrm_replay_verify_len function in
net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size
data after an XFRM_MSG_NEWAE update, which allowed local users to obtain
root privileges or cause a denial of service (heap-based out-of-bounds
access) by leveraging the CAP_NET_ADMIN capability, as demonstrated
during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10
linux-image-* package 4.8.0.41.52 (bnc#1030573).
- CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux
kernel allowed local users to cause a denial of service (stack-based
buffer overflow) or possibly have unspecified other impact via a large
command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds
write access in the sg_write function (bnc#1030213).
- CVE-2017-7261: The vmw_surface_define_ioctl function in
drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not
check for a zero value of certain levels data, which allowed local users
to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and
possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device
(bnc#1031052).
- CVE-2017-7294: The vmw_surface_define_ioctl function in
drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not
validate addition of certain levels data, which allowed local users to
trigger an integer overflow and out-of-bounds write, and cause a denial
of service (system hang or crash) or possibly gain privileges, via a
crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440).
- CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in
the Linux kernel did not properly validate certain block-size data,
which allowed local users to cause a denial of service (integer
signedness error and out-of-bounds write), or gain privileges (if the
CAP_NET_RAW capability is held), via crafted system calls (bnc#1031579).
- CVE-2017-7482: Fixed a potential overflow in the net/rxprc where a
padded len isn't checked in ticket decode (bsc#1046107).
- CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the
Linux kernel mishandled reference counts, which allowed local users to
cause a denial of service (use-after-free) or possibly have unspecified
other impact via a failed SIOCGIFADDR ioctl call for an IPX interface
(bnc#1038879).
- CVE-2017-7533: Race condition in the fsnotify implementation in the
Linux kernel allowed local users to gain privileges or cause a denial of
service (memory corruption) via a crafted application that leverages
simultaneous execution of the inotify_handle_event and vfs_rename
functions (bsc#1049483).
- CVE-2017-7542: The ip6_find_1stfragopt function in
net/ipv6/output_core.c in the Linux kernel allowed local users to cause
a denial of service (integer overflow and infinite loop) by leveraging
the ability to open a raw socket (bsc#1049882).
- CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind
compat syscalls in mm/mempolicy.c in the Linux kernel allowed local
users to obtain sensitive information from uninitialized stack data by
triggering failure of a certain bitmap operation (bnc#1033336).
- CVE-2017-8890: The inet_csk_clone_lock function in
net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to
cause a denial of service (double free) or possibly have unspecified
other impact by leveraging use of the accept system call (bnc#1038544).
- CVE-2017-8924: The edge_bulk_in_callback function in
drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to
obtain sensitive information (in the dmesg ringbuffer and syslog) from
uninitialized kernel memory by using a crafted USB device (posing as an
io_ti USB serial device) to trigger an integer underflow (bnc#1037182
bsc#1038982).
- CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c
in the Linux kernel allowed local users to cause a denial of service
(tty exhaustion) by leveraging reference count mishandling (bnc#1037183
bsc#1038981).
- CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel
did not consider that the nexthdr field may be associated with an
invalid option, which allowed local users to cause a denial of service
(out-of-bounds read and BUG) or possibly have unspecified other impact
via crafted socket and send system calls (bnc#1039882).
- CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c
in the Linux kernel mishandled inheritance, which allowed local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883).
- CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c
in the Linux kernel mishandled inheritance, which allowed local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885).
- CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c
in the Linux kernel mishandled inheritance, which allowed local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069).
- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c
in the Linux kernel is too late in checking whether an overwrite of an
skb data structure may occur, which allowed local users to cause a
denial of service (system crash) via crafted system calls (bnc#1041431).
The following non-security bugs were fixed:
- 8250: use callbacks to access UART_DLL/UART_DLM.
- acpi: Disable APEI error injection if securelevel is set (bsc#972891,
bsc#1023051).
- af_key: Add lock to key dump (bsc#1047653).
- af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354).
- alsa: ctxfi: Fallback DMA mask to 32bit (bsc#1045538).
- alsa: hda - Fix regression of HD-audio controller fallback modes
(bsc#1045538).
- alsa: hda/realtek - Correction of fixup codes for PB V7900 laptop
(bsc#1045538).
- alsa: hda/realtek - Fix COEF widget NID for ALC260 replacer fixup
(bsc#1045538).
- alsa: hda - using uninitialized data (bsc#1045538).
- alsa: off by one bug in snd_riptide_joystick_probe() (bsc#1045538).
- alsa: seq: Fix snd_seq_call_port_info_ioctl in compat mode (bsc#1045538).
- ath9k: fix buffer overrun for ar9287 (bsc#1045538).
- __bitmap_parselist: fix bug in empty string handling (bnc#1042633).
- blacklist.conf: Add a few inapplicable items (bsc#1045538).
- blacklist.conf: blacklisted 1fe89e1b6d27 (bnc#1046122)
- block: do not allow updates through sysfs until registration completes
(bsc#1047027).
- block: fix ext_dev_lock lockdep report (bsc#1050154).
- btrfs: Don't clear SGID when inheriting ACLs (bsc#1030552).
- cifs: backport prepath matching fix (bsc#799133).
- cifs: don't compare uniqueids in cifs_prime_dcache unless server inode
numbers are in use (bsc#1041975).
- cifs: small underflow in cnvrtDosUnixTm() (bsc#1043935).
- cifs: Timeout on SMBNegotiate request (bsc#1044913).
- clocksource: Remove "weak" from clocksource_default_clock() declaration
(bnc#1013018).
- cputime: Avoid multiplication overflow on utime scaling (bnc#938352).
- crypto: nx - off by one bug in nx_of_update_msc()
(fate#314588,bnc#792863).
- decompress_bunzip2: off by one in get_next_block() (git-fixes).
- devres: fix a for loop bounds check (git-fixes).
- dlm: backport "fix lvb invalidation conditions" (bsc#1005651).
- dm: fix ioctl retry termination with signal (bsc#1050154).
- drm/mgag200: Add support for G200eH3 (bnc#1044216, fate#323551)
- drm/mgag200: Add support for G200e rev 4 (bnc#995542, comment #81)
- edac, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr()
(fate#313937).
- enic: set skb->hash type properly (bsc#911105 FATE#317501).
- ext2: Don't clear SGID when inheriting ACLs (bsc#1030552).
- ext3: Don't clear SGID when inheriting ACLs (bsc#1030552).
- ext4: Don't clear SGID when inheriting ACLs (bsc#1030552).
- ext4: fix fdatasync(2) after extent manipulation operations
(bsc#1013018).
- ext4: fix mballoc breakage with 64k block size (bsc#1013018).
- ext4: fix stack memory corruption with 64k block size (bsc#1013018).
- ext4: keep existing extra fields when inode expands (bsc#1013018).
- ext4: reject inodes with negative size (bsc#1013018).
- fbdev/efifb: Fix 16 color palette entry calculation (bsc#1041762).
- firmware: fix directory creation rule matching with make 3.80
(bsc#1012422).
- firmware: fix directory creation rule matching with make 3.82
(bsc#1012422).
- fixed invalid assignment of 64bit mask to host dma_boundary for scatter
gather segment boundary limit (bsc#1042045).
- Fix soft lockup in svc_rdma_send (bsc#1044854).
- fnic: Return 'DID_IMM_RETRY' if rport is not ready (bsc#1035920).
- fnic: Using rport->dd_data to check rport online instead of rport_lookup
(bsc#1035920).
- fs/block_dev: always invalidate cleancache in invalidate_bdev()
(git-fixes).
- fs: fix data invalidation in the cleancache during direct IO (git-fixes).
- fs/xattr.c: zero out memory copied to userspace in getxattr
(bsc#1013018).
- fuse: add missing FR_FORCE (bsc#1013018).
- fuse: initialize fc->release before calling it (bsc#1013018).
- genirq: Prevent proc race against freeing of irq descriptors
(bnc#1044230).
- hrtimer: Allow concurrent hrtimer_start() for self restarting timers
(bnc#1013018).
- i40e: avoid null pointer dereference (bsc#909486 FATE#317393).
- i40e: Fix TSO with more than 8 frags per segment issue (bsc#985561).
- i40e/i40evf: Break up xmit_descriptor_count from maybe_stop_tx
(bsc#985561).
- i40e/i40evf: Fix mixed size frags and linearization (bsc#985561).
- i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per
packet (bsc#985561).
- i40e/i40evf: Rewrite logic for 8 descriptor per packet check
(bsc#985561).
- i40e: Impose a lower limit on gso size (bsc#985561).
- i40e: Limit TX descriptor count in cases where frag size is greater than
16K (bsc#985561).
- ib/mlx4: Demote mcg message from warning to debug (bsc#919382).
- ib/mlx4: Fix ib device initialization error flow (bsc#919382).
- ib/mlx4: Fix port query for 56Gb Ethernet links (bsc#919382).
- ib/mlx4: Handle well-known-gid in mad_demux processing (bsc#919382).
- ib/mlx4: Reduce SRIOV multicast cleanup warning message to debug level
(bsc#919382).
- ib/mlx4: Set traffic class in AH (bsc#919382).
- Implement an ioctl to support the USMTMC-USB488 READ_STATUS_BYTE
operation (bsc#1036288).
- initial cr0 bits (bnc#1036056, LTC#153612).
- input: cm109 - validate number of endpoints before using them
(bsc#1037193).
- input: hanwang - validate number of endpoints before using them
(bsc#1037232).
- input: yealink - validate number of endpoints before using them
(bsc#1037227).
- ipmr, ip6mr: fix scheduling while atomic and a deadlock with
ipmr_get_route (git-fixes).
- irq: Fix race condition (bsc#1042615).
- isdn/gigaset: fix NULL-deref at probe (bsc#1037356).
- isofs: Do not return EACCES for unknown filesystems (bsc#1013018).
- jbd: do not wait (forever) for stale tid caused by wraparound
(bsc#1020229).
- jbd: Fix oops in journal_remove_journal_head() (bsc#1017143).
- jsm: add support for additional Neo cards (bsc#1045615).
- kabi fix (bsc#1008893).
- kABI: mask struct xfs_icdinode change (bsc#1024788).
- kabi: Protect xfs_mount and xfs_buftarg (bsc#1024508).
- kabi:severeties: Add splice_write_to_file PASS This function is part of
an xfs-specific fix which never went upstream and is not expected to
have 3rdparty users other than xfs itself.
- kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422)
- keys: Disallow keyrings beginning with '.' to be joined as session
keyrings (bnc#1035576).
- kvm: kvm_io_bus_unregister_dev() should never fail.
- libata: fix sff host state machine locking while polling (bsc#1045525).
- libceph: NULL deref on crush_decode() error path (bsc#1044015).
- libceph: potential NULL dereference in ceph_msg_data_create()
(bsc#1051515).
- libfc: fixup locking in fc_disc_stop() (bsc#1029140).
- libfc: move 'pending' and 'requested' setting (bsc#1029140).
- libfc: only restart discovery after timeout if not already running
(bsc#1029140).
- lockd: use init_utsname for id encoding (bsc#1033804).
- lockd: use rpc client's cl_nodename for id encoding (bsc#1033804).
- locking/rtmutex: Prevent dequeue vs. unlock race (bnc#1013018).
- math64: New div64_u64_rem helper (bnc#938352).
- md: ensure md devices are freed before module is unloaded (git-fixes).
- md: fix a null dereference (bsc#1040351).
- md: flush ->event_work before stopping array (git-fixes).
- md linear: fix a race between linear_add() and linear_congested()
(bsc#1018446).
- md/linear: shutup lockdep warnning (bsc#1018446).
- md: make sure GET_ARRAY_INFO ioctl reports correct "clean" status
(git-fixes).
- md/raid0: apply base queue limits *before* disk_stack_limits (git-fixes).
- md/raid1: extend spinlock to protect raid1_end_read_request against
inconsistencies (git-fixes).
- md/raid1: fix test for 'was read error from last working device'
(git-fixes).
- md/raid5: do not record new size if resize_stripes fails (git-fixes).
- md/raid5: Fix CPU hotplug callback registration (git-fixes).
- md: use separate bio_pool for metadata writes (bsc#1040351).
- megaraid_sas: add missing curly braces in ioctl handler (bsc#1050154).
- mlx4: reduce OOM risk on arches with large pages (bsc#919382).
- mmc: core: add missing pm event in mmc_pm_notify to fix hib restore
(bsc#1045547).
- mmc: ushc: fix NULL-deref at probe (bsc#1037191).
- mm: do not collapse stack gap into THP (bnc#1039348)
- mm: enlarge stack guard gap (bnc#1039348).
- mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check (VM
Functionality, bsc#1042832).
- mm: hugetlb: call huge_pte_alloc() only if ptep is null (VM
Functionality, bsc#1042832).
- mm/memory-failure.c: use compound_head() flags for huge pages
(bnc#971975 VM -- git fixes).
- mm/mempolicy.c: do not put mempolicy before using its nodemask
(References: VM Performance, bnc#931620).
- mm, mmap: do not blow on PROT_NONE MAP_FIXED holes in the stack
(bnc#1039348, bnc#1045340, bnc#1045406).
- module: fix memory leak on early load_module() failures (bsc#1043014).
- Move nr_cpus_allowed into a hole in struct_sched_entity instead of the
one below task_struct.policy. RT fills the hole 29baa7478ba4 used, which
will screw up kABI for RT instead of curing the space needed problem in
sched_rt_entity caused by adding ff77e4685359. This leaves
nr_cpus_alowed in an odd spot, but safely allows the RT entity specific
data added by ff77e4685359 to reside where it belongs.. nr_cpus_allowed
just moves from one odd spot to another.
- mwifiex: printk() overflow with 32-byte SSIDs (bsc#1048185).
- net: avoid reference counter overflows on fib_rules in multicast
forwarding (git-fixes).
- net: ip6mr: fix static mfc/dev leaks on table destruction (git-fixes).
- net: ipmr: fix static mfc/dev leaks on table destruction (git-fixes).
- net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV
(bsc#919382).
- net/mlx4_core: Enhance the MAD_IFC wrapper to convert VF port to
physical (bsc#919382).
- net/mlx4_core: Fix VF overwrite of module param which disables DMFS on
new probed PFs (bsc#919382).
- net/mlx4_core: Fix when to save some qp context flags for dynamic VST to
VGT transitions (bsc#919382).
- net/mlx4_core: Get num_tc using netdev_get_num_tc (bsc#919382).
- net/mlx4_core: Prevent VF from changing port configuration (bsc#919382).
- net/mlx4_core: Use-after-free causes a resource leak in flow-steering
detach (bsc#919382).
- net/mlx4_core: Use cq quota in SRIOV when creating completion EQs
(bsc#919382).
- net/mlx4_en: Avoid adding steering rules with invalid ring (bsc#919382).
- net/mlx4_en: Change the error print to debug print (bsc#919382).
- net/mlx4_en: fix overflow in mlx4_en_init_timestamp() (bsc#919382).
- net/mlx4_en: Fix type mismatch for 32-bit systems (bsc#919382).
- net/mlx4_en: Resolve dividing by zero in 32-bit system (bsc#919382).
- net/mlx4_en: Wake TX queues only when there's enough room (bsc#1039258).
- net/mlx4: Fix the check in attaching steering rules (bsc#919382).
- net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode
to device managed flow steering (bsc#919382).
- net: wimax/i2400m: fix NULL-deref at probe (bsc#1037358).
- netxen_nic: set rcode to the return status from the call to
netxen_issue_cmd (bnc#784815 FATE#313898).
- nfs: Avoid getting confused by confused server (bsc#1045416).
- nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670).
- nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670).
- nfsd: do not risk using duplicate owner/file/delegation ids
(bsc#1029212).
- nfsd: Don't use state id of 0 - it is reserved (bsc#1049688 bsc#1051770).
- nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670).
- nfs: Fix another OPEN_DOWNGRADE bug (git-next).
- nfs: fix nfs_size_to_loff_t (git-fixes).
- nfs: Fix size of NFSACL SETACL operations (git-fixes).
- nfs: Make nfs_readdir revalidate less often (bsc#1048232).
- nfs: tidy up nfs_show_mountd_netid (git-fixes).
- nfsv4: Do not call put_rpccred() under the rcu_read_lock() (git-fixes).
- nfsv4: Fix another bug in the close/open_downgrade code (git-fixes).
- nfsv4: fix getacl head length estimation (git-fixes).
- nfsv4: Fix problems with close in the presence of a delegation
(git-fixes).
- nfsv4: Fix the underestimation of delegation XDR space reservation
(git-fixes).
- ocfs2: do not write error flag to user structure we cannot copy from/to
(bsc#1013018).
- ocfs2: Don't clear SGID when inheriting ACLs (bsc#1030552).
- ocfs2: fix crash caused by stale lvb with fsdlm plugin (bsc#1013800).
- ocfs2: fix error return code in ocfs2_info_handle_freefrag()
(bsc#1013018).
- ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with
ocfs2_unblock_lock (bsc#962257).
- ocfs2: null deref on allocation error (bsc#1013018).
- pci: Allow access to VPD attributes with size 0 (bsc#1018074).
- pciback: only check PF if actually dealing with a VF (bsc#999245).
- pciback: use pci_physfn() (bsc#999245).
- pci: Fix devfn for VPD access through function 0 (bnc#943786 git-fixes).
- perf/core: Correct event creation with PERF_FORMAT_GROUP (bnc#1013018).
- perf/core: Fix event inheritance on fork() (bnc#1013018).
- posix-timers: Fix stack info leak in timer_create() (bnc#1013018).
- powerpc,cpuidle: Dont toggle CPUIDLE_FLAG_IGNORE while setting
smt_snooze_delay (bsc#1023163).
- powerpc: Drop support for pre-POWER4 cpus (fate#322495, bsc#1032471).
- powerpc/fadump: Fix the race in crash_fadump() (bsc#1022971).
- powerpc/fadump: Reserve memory at an offset closer to bottom of RAM
(bsc#1032141).
- powerpc/fadump: Update fadump documentation (bsc#1032141).
- powerpc/mm: Do not alias user region to other regions below PAGE_OFFSET
(bsc#928138,fate#319026).
- powerpc/mm/hash: Check for non-kernel address in get_kernel_vsid()
(fate#322495, bsc#1032471).
- powerpc/mm/hash: Convert mask to unsigned long (fate#322495,
bsc#1032471).
- powerpc/mm/hash: Increase VA range to 128TB (fate#322495, bsc#1032471).
- powerpc/mm/hash: Properly mask the ESID bits when building proto VSID
(fate#322495, bsc#1032471).
- powerpc/mm/hash: Support 68 bit VA (fate#322495, bsc#1032471).
- powerpc/mm/hash: Use context ids 1-4 for the kernel (fate#322495,
bsc#1032471).
- powerpc/mm: Remove checks that TASK_SIZE_USER64 is too small
(fate#322495, bsc#1032471).
- powerpc/mm/slice: Convert slice_mask high slice to a bitmap
(fate#322495, bsc#1032471).
- powerpc/mm/slice: Fix off-by-1 error when computing slice mask
(fate#322495, bsc#1032471).
- powerpc/mm/slice: Move slice_mask struct definition to slice.c
(fate#322495, bsc#1032471).
- powerpc/mm/slice: Update slice mask printing to use bitmap printing
(fate#322495, bsc#1032471).
- powerpc/mm/slice: Update the function prototype (fate#322495,
bsc#1032471).
- powerpc/mm: use macro PGTABLE_EADDR_SIZE instead of digital
(fate#322495, bsc#1032471).
- powerpc/nvram: Fix an incorrect partition merge (bsc#1016489).
- powerpc/pseries: Release DRC when configure_connector fails
(bsc#1035777, Pending Base Kernel Fixes).
- powerpc: Remove STAB code (fate#322495, bsc#1032471).
- powerpc/vdso64: Use double word compare on pointers (bsc#1016489).
- raid1: avoid unnecessary spin locks in I/O barrier code
(bsc#982783,bsc#1026260).
- random32: fix off-by-one in seeding requirement (git-fixes).
- rcu: Call out dangers of expedited RCU primitives (bsc#1008893).
- rcu: Direct algorithmic SRCU implementation (bsc#1008893).
- rcu: Flip ->completed only once per SRCU grace period (bsc#1008893).
- rcu: Implement a variant of Peter's SRCU algorithm (bsc#1008893).
- rcu: Increment upper bit only for srcu_read_lock() (bsc#1008893).
- rcu: Remove fast check path from __synchronize_srcu() (bsc#1008893).
- reiserfs: Don't clear SGID when inheriting ACLs (bsc#1030552).
- reiserfs: don't preallocate blocks for extended attributes (bsc#990682).
- Remove patches causing regression (bsc#1043234)
- Remove superfluous make flags (bsc#1012422)
- Return short read or 0 at end of a raw device, not EIO (bsc#1039594).
- Revert "kabi:severeties: Add splice_write_to_file PASS" This reverts
commit 05ecf7ab16b2ea555fadd1ce17d8177394de88f2.
- Revert "math64: New div64_u64_rem helper" (bnc#938352).
- Revert "xfs: fix up xfs_swap_extent_forks inline extent handling
(bsc#1023888)." I was baing my assumption of SLE11-SP4 needing this
patch on an old kernel build (3.0.101-63). Re-testing with the latest
one 3.0.101-94 shows that the issue is not present. Furthermore this one
was causing some crashes. This reverts commit
16ceeac70f7286b6232861c3170ed32e39dcc68c.
- rfkill: fix rfkill_fop_read wait_event usage (bsc#1046192).
- s390/kmsg: add missing kmsg descriptions (bnc#1025702, LTC#151573).
- s390/qdio: clear DSCI prior to scanning multiple input queues
(bnc#1046715, LTC#156234).
- s390/qeth: no ETH header for outbound AF_IUCV (bnc#1046715, LTC#156276).
- s390/qeth: size calculation outbound buffers (bnc#1046715, LTC#156276).
- s390/vmlogrdr: fix IUCV buffer allocation (bnc#1025702, LTC#152144).
- s390/zcrypt: Introduce CEX6 toleration (FATE#321782, LTC#147505).
- sched: Always initialize cpu-power (bnc#1013018).
- sched: Avoid cputime scaling overflow (bnc#938352).
- sched: Avoid prev->stime underflow (bnc#938352).
- sched/core: Fix TASK_DEAD race in finish_task_switch() (bnc#1013018).
- sched/core: Remove false-positive warning from wake_up_process()
(bnc#1044882).
- sched/cputime: Do not scale when utime == 0 (bnc#938352).
- sched/debug: Print the scheduler topology group mask (bnc#1013018).
- sched: Do not account bogus utime (bnc#938352).
- sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1013018).
- sched/fair: Fix min_vruntime tracking (bnc#1013018).
- sched: Fix domain iteration (bnc#1013018).
- sched: Fix SD_OVERLAP (bnc#1013018).
- sched/loadavg: Fix loadavg artifacts on fully idle and on fully loaded
systems (bnc#1013018).
- sched: Lower chances of cputime scaling overflow (bnc#938352).
- sched: Move nr_cpus_allowed out of 'struct sched_rt_entity'
(bnc#1013018). Prep for b60205c7c558 sched/fair: Fix min_vruntime
tracking
- sched: Rename a misleading variable in build_overlap_sched_groups()
(bnc#1013018).
- sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1013018). Prep
for b60205c7c558 sched/fair: Fix min_vruntime tracking
- sched/topology: Fix building of overlapping sched-groups (bnc#1013018).
- sched/topology: Fix overlapping sched_group_capacity (bnc#1013018).
- sched/topology: Fix overlapping sched_group_mask (bnc#1013018).
- sched/topology: Move comment about asymmetric node setups (bnc#1013018).
- sched/topology: Optimize build_group_mask() (bnc#1013018).
- sched/topology: Refactor function build_overlap_sched_groups()
(bnc#1013018).
- sched/topology: Remove FORCE_SD_OVERLAP (bnc#1013018).
- sched/topology: Simplify build_overlap_sched_groups() (bnc#1013018).
- sched/topology: Verify the first group matches the child domain
(bnc#1013018).
- sched: Use swap() macro in scale_stime() (bnc#938352).
- scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221).
- scsi: fix race between simultaneous decrements of ->host_failed
(bsc#1050154).
- scsi: fnic: Correcting rport check location in fnic_queuecommand_lck
(bsc#1035920).
- scsi: mvsas: fix command_active typo (bsc#1050154).
- scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init
(bsc#1050154).
- scsi: virtio_scsi: fix memory leak on full queue condition (bsc#1028880).
- scsi: zfcp: do not trace pure benign residual HBA responses at default
level (bnc#1025702, LTC#151317).
- scsi: zfcp: fix rport unblock race with LUN recovery (bnc#1025702,
LTC#151319).
- scsi: zfcp: fix use-after-free by not tracing WKA port open/close on
failed send (bnc#1025702, LTC#151365).
- scsi: zfcp: fix use-after-"free" in FC ingress path after TMF
(bnc#1025702, LTC#151312).
- sfc: do not device_attach if a reset is pending (bsc#909618 FATE#317521).
- sfc: reduce severity of PIO buffer alloc failures (bsc#1019168).
- smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154).
- splice: Stub splice_write_to_file (bsc#1043234).
- sunrpc: Clean up the slot table allocation (bsc#1013862).
- sunrpc: Fix a memory leak in the backchannel code (git-fixes).
- sunrpc: Initalise the struct xprt upon allocation (bsc#1013862).
- svcrdma: Fix send_reply() scatter/gather set-up (git-fixes).
- target/iscsi: Fix double free in lio_target_tiqn_addtpg() (bsc#1050154).
- tcp: abort orphan sockets stalling on zero window probes (bsc#1021913).
- tracing: Fix syscall_*regfunc() vs copy_process() race (bnc#1042687).
- tracing/kprobes: Enforce kprobes teardown after testing (bnc#1013018).
- udf: Fix deadlock between writeback and udf_setsize() (bsc#1013018).
- udf: Fix races with i_size changes during readpage (bsc#1013018).
- Update metadata for serial fixes (bsc#1013070)
- Update patches.fixes/nfs-svc-rdma.fix (bsc#1044854).
- usb: cdc-acm: fix broken runtime suspend (bsc#1033771).
- usb: cdc-acm: fix open and suspend race (bsc#1033771).
- usb: cdc-acm: fix potential urb leak and PM imbalance in write
(bsc#1033771).
- usb: cdc-acm: fix runtime PM for control messages (bsc#1033771).
- usb: cdc-acm: fix runtime PM imbalance at shutdown (bsc#1033771).
- usb: cdc-acm: fix shutdown and suspend race (bsc#1033771).
- usb: cdc-acm: fix write and resume race (bsc#1033771).
- usb: cdc-acm: fix write and suspend race (bsc#1033771).
- usb: class: usbtmc.c: Cleaning up uninitialized variables (bsc#1036288).
- usb: class: usbtmc: do not print error when allocating urb fails
(bsc#1036288).
- usb: class: usbtmc: do not print on ENOMEM (bsc#1036288).
- usb: hub: Fix crash after failure to read BOS descriptor (FATE#317453).
- usb: iowarrior: fix info ioctl on big-endian hosts (bsc#1037441).
- usb: iowarrior: fix NULL-deref in write (bsc#1037359).
- usb: r8a66597-hcd: select a different endpoint on timeout (bsc#1047053).
- usb: serial: ark3116: fix register-accessor error handling (git-fixes).
- usb: serial: ch341: fix open error handling (bsc#1037441).
- usb: serial: cp210x: fix tiocmget error handling (bsc#1037441).
- usb: serial: ftdi_sio: fix line-status over-reporting (bsc#1037441).
- usb: serial: io_edgeport: fix epic-descriptor handling (bsc#1037441).
- usb: serial: io_ti: fix information leak in completion handler
(git-fixes).
- usb: serial: iuu_phoenix: fix NULL-deref at open (bsc#1033794).
- usb: serial: kl5kusb105: fix line-state error handling (bsc#1021256).
- usb: serial: mos7720: fix NULL-deref at open (bsc#1033816).
- usb: serial: mos7720: fix parallel probe (bsc#1033816).
- usb: serial: mos7720: fix parport use-after-free on probe errors
(bsc#1033816).
- usb: serial: mos7720: fix use-after-free on probe errors (bsc#1033816).
- usb: serial: mos7840: fix another NULL-deref at open (bsc#1034026).
- usb: serial: mos7840: fix NULL-deref at open (bsc#1034026).
- usb: serial: oti6858: fix NULL-deref at open (bsc#1037441).
- usb: serial: sierra: fix bogus alternate-setting assumption
(bsc#1037441).
- usb: serial: spcp8x5: fix NULL-deref at open (bsc#1037441).
- usbtmc: remove redundant braces (bsc#1036288).
- usbtmc: remove trailing spaces (bsc#1036288).
- usb: usbip: fix nonconforming hub descriptor (bsc#1047487).
- usb: usbtmc: add device quirk for Rigol DS6104 (bsc#1036288).
- usb: usbtmc: Add flag rigol_quirk to usbtmc_device_data (bsc#1036288).
- usb: usbtmc: add missing endpoint sanity check (bsc#1036288).
- usb: usbtmc: Change magic number to constant (bsc#1036288).
- usb: usbtmc: fix big-endian probe of Rigol devices (bsc#1036288).
- usb: usbtmc: fix DMA on stack (bsc#1036288).
- usb: usbtmc: fix probe error path (bsc#1036288).
- usb: usbtmc: Set rigol_quirk if device is listed (bsc#1036288).
- usb: usbtmc: TMC request code segregated from usbtmc_read (bsc#1036288).
- usb: usbtmc: usbtmc_read sends multiple TMC header based on rigol_quirk
(bsc#1036288).
- usbvision: fix NULL-deref at probe (bsc#1050431).
- usb: xhci-mem: use passed in GFP flags instead of GFP_KERNEL
(bsc#1023014).
- Use make --output-sync feature when available (bsc#1012422). The mesages
in make output can interleave making it impossible to extract warnings
reliably. Since version 4 GNU Make supports --output-sync flag that
prints output of each sub-command atomically preventing this issue.
Detect the flag and use it if available. SLE11 has make 3.81 so it is
required to include make 4 in the kernel OBS projects to take advantege
of this.
- Use PF_LESS_THROTTLE in loop device thread (bsc#1027101).
- uwb: hwa-rc: fix NULL-deref at probe (bsc#1037233).
- uwb: i1480-dfu: fix NULL-deref at probe (bsc#1036629).
- vb2: Fix an off by one error in 'vb2_plane_vaddr' (bsc#1050431).
- vfs: split generic splice code from i_mutex locking (bsc#1024788).
- vmxnet3: avoid calling pskb_may_pull with interrupts disabled
(bsc#1045356).
- vmxnet3: fix checks for dma mapping errors (bsc#1045356).
- vmxnet3: fix lock imbalance in vmxnet3_tq_xmit() (bsc#1045356).
- vmxnet3: segCnt can be 1 for LRO packets (bsc#988065, bsc#1029770).
- x86, mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates
(bsc#948562).
- x86/pci-calgary: Fix iommu_free() comparison of unsigned expression >= 0
(bsc#1051478).
- xen: avoid deadlock in xenbus (bnc#1047523).
- xen-blkfront: correct maximum segment accounting (bsc#1018263).
- xen-blkfront: do not call talk_to_blkback when already connected to
blkback.
- xen-blkfront: free resources if xlvbd_alloc_gendisk fails.
- xen/PCI-MSI: fix sysfs teardown in DomU (bsc#986924).
- xfrm: dst_entries_init() per-net dst_ops (bsc#1030814).
- xfrm: NULL dereference on allocation failure (bsc#1047343).
- xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653).
- xfs_dmapi: fix the debug compilation of xfs_dmapi (bsc#989056).
- xfs: do not assert fail on non-async buffers on ioacct decrement
(bsc#1024508).
- xfs: exclude never-released buffers from buftarg I/O accounting
(bsc#1024508).
- xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056).
- xfs: Fix lock ordering in splice write (bsc#1024788).
- xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888).
- xfs: kill xfs_itruncate_start (bsc#1024788).
- xfs: Make xfs_icdinode->di_dmstate atomic_t (bsc#1024788).
- xfs: remove the i_new_size field in struct xfs_inode (bsc#1024788).
- xfs: remove the i_size field in struct xfs_inode (bsc#1024788).
- xfs: remove xfs_itruncate_data (bsc#1024788).
- xfs: replace global xfslogd wq with per-mount wq (bsc#1024508).
- xfs: split xfs_itruncate_finish (bsc#1024788).
- xfs: split xfs_setattr (bsc#1024788).
- xfs: Synchronize xfs_buf disposal routines (bsc#1041160).
- xfs: track and serialize in-flight async buffers against unmount
(bsc#1024508).
- xfs: use ->b_state to fix buffer I/O accounting release race
(bsc#1041160).
- xprtrdma: Free the pd if ib_query_qp() fails (git-fixes).
{"id": "SUSE-SU-2017:2342-1", "type": "suse", "bulletinFamily": "unix", "title": "Security update for the Linux Kernel (important)", "description": "The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various\n security and bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2014-9922: The eCryptfs subsystem in the Linux kernel allowed local\n users to gain privileges via a large filesystem stack that includes an\n overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c\n (bsc#1032340).\n - CVE-2015-3288: mm/memory.c in the Linux kernel mishandled anonymous\n pages, which allowed local users to gain privileges or cause a denial of\n service (page tainting) via a crafted application that triggers writing\n to page zero (bnc#979021).\n - CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not\n verify that a setkey operation has been performed on an AF_ALG socket\n before an accept system call is processed, which allowed local users to\n cause a denial of service (NULL pointer dereference and system crash)\n via a crafted application that did not supply a key, related to the\n lrw_crypt function in crypto/lrw.c (bnc#1008374 bsc#1008850).\n - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in\n the Linux kernel allowed local users to gain privileges or cause a\n denial of service (use-after-free) by making multiple bind system calls\n without properly ascertaining whether a socket has the SOCK_ZAPPED\n status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c\n (bnc#1028415).\n - CVE-2016-2188: The iowarrior_probe function in\n drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints value in a USB\n device descriptor (bnc#970956).\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE\n setsockopt implementations in the netfilter subsystem in the Linux\n kernel allow local users to gain privileges or cause a denial of service\n (memory corruption) by leveraging in-container root access to provide a\n crafted offset value that triggers an unintended decrement (bnc#986362).\n - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the\n netfilter subsystem in the Linux kernel allowed local users to cause a\n denial of service (out-of-bounds read) or possibly obtain sensitive\n information from kernel heap memory by leveraging in-container root\n access to provide a crafted offset value that leads to crossing a\n ruleset blob boundary (bnc#986365).\n - CVE-2016-5243: The tipc_nl_compat_link_dump function in\n net/tipc/netlink_compat.c in the Linux kernel did not properly copy a\n certain string, which allowed local users to obtain sensitive\n information from kernel stack memory by reading a Netlink message\n (bnc#983212).\n - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg\n function in net/socket.c in the Linux kernel allowed remote attackers to\n execute arbitrary code via vectors involving a recvmmsg system call that\n is mishandled during error processing (bnc#1003077).\n - CVE-2017-1000363: A buffer overflow in kernel commandline handling of\n the "lp" parameter could be used to bypass certain secure boot settings.\n (bnc#1039456).\n - CVE-2017-1000364: An issue was discovered in the size of the stack guard\n page on Linux, specifically a 4k stack guard page is not sufficiently\n large and can be "jumped" over (the stack guard page is bypassed), this\n affects Linux Kernel versions 4.11.5 and earlier (the stackguard page\n was introduced in 2010) (bnc#1039348).\n - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the\n argument and environment pointers into account, which allowed attackers\n to bypass this limitation (bnc#1039354).\n - CVE-2017-1000380: sound/core/timer.c in the Linux kernel is vulnerable\n to a data race in the ALSA /dev/snd/timer driver resulting in local\n users being able to read information belonging to other users, i.e.,\n uninitialized memory contents may be disclosed when a read and an ioctl\n happen at the same time (bnc#1044125).\n - CVE-2017-11176: The mq_notify function in the Linux kernel did not set\n the sock pointer to NULL upon entry into the retry logic. During a\n user-space close of a Netlink socket, it allowed attackers to cause a\n denial of service (use-after-free) or possibly have unspecified other\n impact (bnc#1048275).\n - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function\n in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users\n to gain privileges via a crafted ACPI table (bsc#1049603).\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux\n kernel allowed local users to gain privileges or cause a denial of\n service (double free) by setting the HDLC line discipline (bnc#1027565\n bsc#1028372).\n - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local\n users to gain privileges or cause a denial of service (NULL pointer\n dereference and system crash) via vectors involving a NULL value for a\n certain match field, related to the keyring_search_iterator function in\n keyring.c (bnc#1030593).\n - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux\n kernel is too late in obtaining a certain lock and consequently cannot\n ensure that disconnect function calls are safe, which allowed local\n users to cause a denial of service (panic) by leveraging access to the\n protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003).\n - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel\n did not restrict the address calculated by a certain rounding operation,\n which allowed local users to map page zero, and consequently bypass a\n protection mechanism that exists for the mmap system call, by making\n crafted shmget and shmat system calls in a privileged context\n (bnc#1026914).\n - CVE-2017-5970: The ipv4_pktinfo_prepare function in\n net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a\n denial of service (system crash) via (1) an application that made\n crafted system calls or possibly (2) IPv4 traffic with invalid IP\n options (bnc#1024938).\n - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in\n net/sctp/socket.c in the Linux kernel allowed local users to cause a\n denial of service (assertion failure and panic) via a multithreaded\n application that peels off an association in a certain buffer-full state\n (bnc#1025235).\n - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c\n in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures\n in the LISTEN state, which allowed local users to obtain root privileges\n or cause a denial of service (double free) via an application that made\n an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024 bsc#1033287).\n - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the\n Linux kernel allowed remote attackers to cause a denial of service\n (infinite loop and soft lockup) via vectors involving a TCP packet with\n the URG flag (bnc#1026722).\n - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the\n Linux kernel improperly manages lock dropping, which allowed local users\n to cause a denial of service (deadlock) via crafted operations on IrDA\n devices (bnc#1027178).\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly\n restrict association peel-off operations during certain wait states,\n which allowed local users to cause a denial of service (invalid unlock\n and double free) via a multithreaded application. NOTE: this\n vulnerability exists because of an incorrect fix for CVE-2017-5986\n (bnc#1027066).\n - CVE-2017-6951: The keyring_search_aux function in\n security/keys/keyring.c in the Linux kernel allowed local users to cause\n a denial of service (NULL pointer dereference and OOPS) via a\n request_key system call for the "dead" type (bnc#1029850).\n - CVE-2017-7184: The xfrm_replay_verify_len function in\n net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size\n data after an XFRM_MSG_NEWAE update, which allowed local users to obtain\n root privileges or cause a denial of service (heap-based out-of-bounds\n access) by leveraging the CAP_NET_ADMIN capability, as demonstrated\n during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10\n linux-image-* package 4.8.0.41.52 (bnc#1030573).\n - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux\n kernel allowed local users to cause a denial of service (stack-based\n buffer overflow) or possibly have unspecified other impact via a large\n command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds\n write access in the sg_write function (bnc#1030213).\n - CVE-2017-7261: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not\n check for a zero value of certain levels data, which allowed local users\n to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and\n possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device\n (bnc#1031052).\n - CVE-2017-7294: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not\n validate addition of certain levels data, which allowed local users to\n trigger an integer overflow and out-of-bounds write, and cause a denial\n of service (system hang or crash) or possibly gain privileges, via a\n crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440).\n - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in\n the Linux kernel did not properly validate certain block-size data,\n which allowed local users to cause a denial of service (integer\n signedness error and out-of-bounds write), or gain privileges (if the\n CAP_NET_RAW capability is held), via crafted system calls (bnc#1031579).\n - CVE-2017-7482: Fixed a potential overflow in the net/rxprc where a\n padded len isn't checked in ticket decode (bsc#1046107).\n - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the\n Linux kernel mishandled reference counts, which allowed local users to\n cause a denial of service (use-after-free) or possibly have unspecified\n other impact via a failed SIOCGIFADDR ioctl call for an IPX interface\n (bnc#1038879).\n - CVE-2017-7533: Race condition in the fsnotify implementation in the\n Linux kernel allowed local users to gain privileges or cause a denial of\n service (memory corruption) via a crafted application that leverages\n simultaneous execution of the inotify_handle_event and vfs_rename\n functions (bsc#1049483).\n - CVE-2017-7542: The ip6_find_1stfragopt function in\n net/ipv6/output_core.c in the Linux kernel allowed local users to cause\n a denial of service (integer overflow and infinite loop) by leveraging\n the ability to open a raw socket (bsc#1049882).\n - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind\n compat syscalls in mm/mempolicy.c in the Linux kernel allowed local\n users to obtain sensitive information from uninitialized stack data by\n triggering failure of a certain bitmap operation (bnc#1033336).\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to\n cause a denial of service (double free) or possibly have unspecified\n other impact by leveraging use of the accept system call (bnc#1038544).\n - CVE-2017-8924: The edge_bulk_in_callback function in\n drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to\n obtain sensitive information (in the dmesg ringbuffer and syslog) from\n uninitialized kernel memory by using a crafted USB device (posing as an\n io_ti USB serial device) to trigger an integer underflow (bnc#1037182\n bsc#1038982).\n - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c\n in the Linux kernel allowed local users to cause a denial of service\n (tty exhaustion) by leveraging reference count mishandling (bnc#1037183\n bsc#1038981).\n - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel\n did not consider that the nexthdr field may be associated with an\n invalid option, which allowed local users to cause a denial of service\n (out-of-bounds read and BUG) or possibly have unspecified other impact\n via crafted socket and send system calls (bnc#1039882).\n - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883).\n - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885).\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069).\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c\n in the Linux kernel is too late in checking whether an overwrite of an\n skb data structure may occur, which allowed local users to cause a\n denial of service (system crash) via crafted system calls (bnc#1041431).\n\n The following non-security bugs were fixed:\n\n - 8250: use callbacks to access UART_DLL/UART_DLM.\n - acpi: Disable APEI error injection if securelevel is set (bsc#972891,\n bsc#1023051).\n - af_key: Add lock to key dump (bsc#1047653).\n - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354).\n - alsa: ctxfi: Fallback DMA mask to 32bit (bsc#1045538).\n - alsa: hda - Fix regression of HD-audio controller fallback modes\n (bsc#1045538).\n - alsa: hda/realtek - Correction of fixup codes for PB V7900 laptop\n (bsc#1045538).\n - alsa: hda/realtek - Fix COEF widget NID for ALC260 replacer fixup\n (bsc#1045538).\n - alsa: hda - using uninitialized data (bsc#1045538).\n - alsa: off by one bug in snd_riptide_joystick_probe() (bsc#1045538).\n - alsa: seq: Fix snd_seq_call_port_info_ioctl in compat mode (bsc#1045538).\n - ath9k: fix buffer overrun for ar9287 (bsc#1045538).\n - __bitmap_parselist: fix bug in empty string handling (bnc#1042633).\n - blacklist.conf: Add a few inapplicable items (bsc#1045538).\n - blacklist.conf: blacklisted 1fe89e1b6d27 (bnc#1046122)\n - block: do not allow updates through sysfs until registration completes\n (bsc#1047027).\n - block: fix ext_dev_lock lockdep report (bsc#1050154).\n - btrfs: Don't clear SGID when inheriting ACLs (bsc#1030552).\n - cifs: backport prepath matching fix (bsc#799133).\n - cifs: don't compare uniqueids in cifs_prime_dcache unless server inode\n numbers are in use (bsc#1041975).\n - cifs: small underflow in cnvrtDosUnixTm() (bsc#1043935).\n - cifs: Timeout on SMBNegotiate request (bsc#1044913).\n - clocksource: Remove "weak" from clocksource_default_clock() declaration\n (bnc#1013018).\n - cputime: Avoid multiplication overflow on utime scaling (bnc#938352).\n - crypto: nx - off by one bug in nx_of_update_msc()\n (fate#314588,bnc#792863).\n - decompress_bunzip2: off by one in get_next_block() (git-fixes).\n - devres: fix a for loop bounds check (git-fixes).\n - dlm: backport "fix lvb invalidation conditions" (bsc#1005651).\n - dm: fix ioctl retry termination with signal (bsc#1050154).\n - drm/mgag200: Add support for G200eH3 (bnc#1044216, fate#323551)\n - drm/mgag200: Add support for G200e rev 4 (bnc#995542, comment #81)\n - edac, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr()\n (fate#313937).\n - enic: set skb->hash type properly (bsc#911105 FATE#317501).\n - ext2: Don't clear SGID when inheriting ACLs (bsc#1030552).\n - ext3: Don't clear SGID when inheriting ACLs (bsc#1030552).\n - ext4: Don't clear SGID when inheriting ACLs (bsc#1030552).\n - ext4: fix fdatasync(2) after extent manipulation operations\n (bsc#1013018).\n - ext4: fix mballoc breakage with 64k block size (bsc#1013018).\n - ext4: fix stack memory corruption with 64k block size (bsc#1013018).\n - ext4: keep existing extra fields when inode expands (bsc#1013018).\n - ext4: reject inodes with negative size (bsc#1013018).\n - fbdev/efifb: Fix 16 color palette entry calculation (bsc#1041762).\n - firmware: fix directory creation rule matching with make 3.80\n (bsc#1012422).\n - firmware: fix directory creation rule matching with make 3.82\n (bsc#1012422).\n - fixed invalid assignment of 64bit mask to host dma_boundary for scatter\n gather segment boundary limit (bsc#1042045).\n - Fix soft lockup in svc_rdma_send (bsc#1044854).\n - fnic: Return 'DID_IMM_RETRY' if rport is not ready (bsc#1035920).\n - fnic: Using rport->dd_data to check rport online instead of rport_lookup\n (bsc#1035920).\n - fs/block_dev: always invalidate cleancache in invalidate_bdev()\n (git-fixes).\n - fs: fix data invalidation in the cleancache during direct IO (git-fixes).\n - fs/xattr.c: zero out memory copied to userspace in getxattr\n (bsc#1013018).\n - fuse: add missing FR_FORCE (bsc#1013018).\n - fuse: initialize fc->release before calling it (bsc#1013018).\n - genirq: Prevent proc race against freeing of irq descriptors\n (bnc#1044230).\n - hrtimer: Allow concurrent hrtimer_start() for self restarting timers\n (bnc#1013018).\n - i40e: avoid null pointer dereference (bsc#909486 FATE#317393).\n - i40e: Fix TSO with more than 8 frags per segment issue (bsc#985561).\n - i40e/i40evf: Break up xmit_descriptor_count from maybe_stop_tx\n (bsc#985561).\n - i40e/i40evf: Fix mixed size frags and linearization (bsc#985561).\n - i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per\n packet (bsc#985561).\n - i40e/i40evf: Rewrite logic for 8 descriptor per packet check\n (bsc#985561).\n - i40e: Impose a lower limit on gso size (bsc#985561).\n - i40e: Limit TX descriptor count in cases where frag size is greater than\n 16K (bsc#985561).\n - ib/mlx4: Demote mcg message from warning to debug (bsc#919382).\n - ib/mlx4: Fix ib device initialization error flow (bsc#919382).\n - ib/mlx4: Fix port query for 56Gb Ethernet links (bsc#919382).\n - ib/mlx4: Handle well-known-gid in mad_demux processing (bsc#919382).\n - ib/mlx4: Reduce SRIOV multicast cleanup warning message to debug level\n (bsc#919382).\n - ib/mlx4: Set traffic class in AH (bsc#919382).\n - Implement an ioctl to support the USMTMC-USB488 READ_STATUS_BYTE\n operation (bsc#1036288).\n - initial cr0 bits (bnc#1036056, LTC#153612).\n - input: cm109 - validate number of endpoints before using them\n (bsc#1037193).\n - input: hanwang - validate number of endpoints before using them\n (bsc#1037232).\n - input: yealink - validate number of endpoints before using them\n (bsc#1037227).\n - ipmr, ip6mr: fix scheduling while atomic and a deadlock with\n ipmr_get_route (git-fixes).\n - irq: Fix race condition (bsc#1042615).\n - isdn/gigaset: fix NULL-deref at probe (bsc#1037356).\n - isofs: Do not return EACCES for unknown filesystems (bsc#1013018).\n - jbd: do not wait (forever) for stale tid caused by wraparound\n (bsc#1020229).\n - jbd: Fix oops in journal_remove_journal_head() (bsc#1017143).\n - jsm: add support for additional Neo cards (bsc#1045615).\n - kabi fix (bsc#1008893).\n - kABI: mask struct xfs_icdinode change (bsc#1024788).\n - kabi: Protect xfs_mount and xfs_buftarg (bsc#1024508).\n - kabi:severeties: Add splice_write_to_file PASS This function is part of\n an xfs-specific fix which never went upstream and is not expected to\n have 3rdparty users other than xfs itself.\n - kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422)\n - keys: Disallow keyrings beginning with '.' to be joined as session\n keyrings (bnc#1035576).\n - kvm: kvm_io_bus_unregister_dev() should never fail.\n - libata: fix sff host state machine locking while polling (bsc#1045525).\n - libceph: NULL deref on crush_decode() error path (bsc#1044015).\n - libceph: potential NULL dereference in ceph_msg_data_create()\n (bsc#1051515).\n - libfc: fixup locking in fc_disc_stop() (bsc#1029140).\n - libfc: move 'pending' and 'requested' setting (bsc#1029140).\n - libfc: only restart discovery after timeout if not already running\n (bsc#1029140).\n - lockd: use init_utsname for id encoding (bsc#1033804).\n - lockd: use rpc client's cl_nodename for id encoding (bsc#1033804).\n - locking/rtmutex: Prevent dequeue vs. unlock race (bnc#1013018).\n - math64: New div64_u64_rem helper (bnc#938352).\n - md: ensure md devices are freed before module is unloaded (git-fixes).\n - md: fix a null dereference (bsc#1040351).\n - md: flush ->event_work before stopping array (git-fixes).\n - md linear: fix a race between linear_add() and linear_congested()\n (bsc#1018446).\n - md/linear: shutup lockdep warnning (bsc#1018446).\n - md: make sure GET_ARRAY_INFO ioctl reports correct "clean" status\n (git-fixes).\n - md/raid0: apply base queue limits *before* disk_stack_limits (git-fixes).\n - md/raid1: extend spinlock to protect raid1_end_read_request against\n inconsistencies (git-fixes).\n - md/raid1: fix test for 'was read error from last working device'\n (git-fixes).\n - md/raid5: do not record new size if resize_stripes fails (git-fixes).\n - md/raid5: Fix CPU hotplug callback registration (git-fixes).\n - md: use separate bio_pool for metadata writes (bsc#1040351).\n - megaraid_sas: add missing curly braces in ioctl handler (bsc#1050154).\n - mlx4: reduce OOM risk on arches with large pages (bsc#919382).\n - mmc: core: add missing pm event in mmc_pm_notify to fix hib restore\n (bsc#1045547).\n - mmc: ushc: fix NULL-deref at probe (bsc#1037191).\n - mm: do not collapse stack gap into THP (bnc#1039348)\n - mm: enlarge stack guard gap (bnc#1039348).\n - mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check (VM\n Functionality, bsc#1042832).\n - mm: hugetlb: call huge_pte_alloc() only if ptep is null (VM\n Functionality, bsc#1042832).\n - mm/memory-failure.c: use compound_head() flags for huge pages\n (bnc#971975 VM -- git fixes).\n - mm/mempolicy.c: do not put mempolicy before using its nodemask\n (References: VM Performance, bnc#931620).\n - mm, mmap: do not blow on PROT_NONE MAP_FIXED holes in the stack\n (bnc#1039348, bnc#1045340, bnc#1045406).\n - module: fix memory leak on early load_module() failures (bsc#1043014).\n - Move nr_cpus_allowed into a hole in struct_sched_entity instead of the\n one below task_struct.policy. RT fills the hole 29baa7478ba4 used, which\n will screw up kABI for RT instead of curing the space needed problem in\n sched_rt_entity caused by adding ff77e4685359. This leaves\n nr_cpus_alowed in an odd spot, but safely allows the RT entity specific\n data added by ff77e4685359 to reside where it belongs.. nr_cpus_allowed\n just moves from one odd spot to another.\n - mwifiex: printk() overflow with 32-byte SSIDs (bsc#1048185).\n - net: avoid reference counter overflows on fib_rules in multicast\n forwarding (git-fixes).\n - net: ip6mr: fix static mfc/dev leaks on table destruction (git-fixes).\n - net: ipmr: fix static mfc/dev leaks on table destruction (git-fixes).\n - net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV\n (bsc#919382).\n - net/mlx4_core: Enhance the MAD_IFC wrapper to convert VF port to\n physical (bsc#919382).\n - net/mlx4_core: Fix VF overwrite of module param which disables DMFS on\n new probed PFs (bsc#919382).\n - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to\n VGT transitions (bsc#919382).\n - net/mlx4_core: Get num_tc using netdev_get_num_tc (bsc#919382).\n - net/mlx4_core: Prevent VF from changing port configuration (bsc#919382).\n - net/mlx4_core: Use-after-free causes a resource leak in flow-steering\n detach (bsc#919382).\n - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs\n (bsc#919382).\n - net/mlx4_en: Avoid adding steering rules with invalid ring (bsc#919382).\n - net/mlx4_en: Change the error print to debug print (bsc#919382).\n - net/mlx4_en: fix overflow in mlx4_en_init_timestamp() (bsc#919382).\n - net/mlx4_en: Fix type mismatch for 32-bit systems (bsc#919382).\n - net/mlx4_en: Resolve dividing by zero in 32-bit system (bsc#919382).\n - net/mlx4_en: Wake TX queues only when there's enough room (bsc#1039258).\n - net/mlx4: Fix the check in attaching steering rules (bsc#919382).\n - net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode\n to device managed flow steering (bsc#919382).\n - net: wimax/i2400m: fix NULL-deref at probe (bsc#1037358).\n - netxen_nic: set rcode to the return status from the call to\n netxen_issue_cmd (bnc#784815 FATE#313898).\n - nfs: Avoid getting confused by confused server (bsc#1045416).\n - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670).\n - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670).\n - nfsd: do not risk using duplicate owner/file/delegation ids\n (bsc#1029212).\n - nfsd: Don't use state id of 0 - it is reserved (bsc#1049688 bsc#1051770).\n - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670).\n - nfs: Fix another OPEN_DOWNGRADE bug (git-next).\n - nfs: fix nfs_size_to_loff_t (git-fixes).\n - nfs: Fix size of NFSACL SETACL operations (git-fixes).\n - nfs: Make nfs_readdir revalidate less often (bsc#1048232).\n - nfs: tidy up nfs_show_mountd_netid (git-fixes).\n - nfsv4: Do not call put_rpccred() under the rcu_read_lock() (git-fixes).\n - nfsv4: Fix another bug in the close/open_downgrade code (git-fixes).\n - nfsv4: fix getacl head length estimation (git-fixes).\n - nfsv4: Fix problems with close in the presence of a delegation\n (git-fixes).\n - nfsv4: Fix the underestimation of delegation XDR space reservation\n (git-fixes).\n - ocfs2: do not write error flag to user structure we cannot copy from/to\n (bsc#1013018).\n - ocfs2: Don't clear SGID when inheriting ACLs (bsc#1030552).\n - ocfs2: fix crash caused by stale lvb with fsdlm plugin (bsc#1013800).\n - ocfs2: fix error return code in ocfs2_info_handle_freefrag()\n (bsc#1013018).\n - ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with\n ocfs2_unblock_lock (bsc#962257).\n - ocfs2: null deref on allocation error (bsc#1013018).\n - pci: Allow access to VPD attributes with size 0 (bsc#1018074).\n - pciback: only check PF if actually dealing with a VF (bsc#999245).\n - pciback: use pci_physfn() (bsc#999245).\n - pci: Fix devfn for VPD access through function 0 (bnc#943786 git-fixes).\n - perf/core: Correct event creation with PERF_FORMAT_GROUP (bnc#1013018).\n - perf/core: Fix event inheritance on fork() (bnc#1013018).\n - posix-timers: Fix stack info leak in timer_create() (bnc#1013018).\n - powerpc,cpuidle: Dont toggle CPUIDLE_FLAG_IGNORE while setting\n smt_snooze_delay (bsc#1023163).\n - powerpc: Drop support for pre-POWER4 cpus (fate#322495, bsc#1032471).\n - powerpc/fadump: Fix the race in crash_fadump() (bsc#1022971).\n - powerpc/fadump: Reserve memory at an offset closer to bottom of RAM\n (bsc#1032141).\n - powerpc/fadump: Update fadump documentation (bsc#1032141).\n - powerpc/mm: Do not alias user region to other regions below PAGE_OFFSET\n (bsc#928138,fate#319026).\n - powerpc/mm/hash: Check for non-kernel address in get_kernel_vsid()\n (fate#322495, bsc#1032471).\n - powerpc/mm/hash: Convert mask to unsigned long (fate#322495,\n bsc#1032471).\n - powerpc/mm/hash: Increase VA range to 128TB (fate#322495, bsc#1032471).\n - powerpc/mm/hash: Properly mask the ESID bits when building proto VSID\n (fate#322495, bsc#1032471).\n - powerpc/mm/hash: Support 68 bit VA (fate#322495, bsc#1032471).\n - powerpc/mm/hash: Use context ids 1-4 for the kernel (fate#322495,\n bsc#1032471).\n - powerpc/mm: Remove checks that TASK_SIZE_USER64 is too small\n (fate#322495, bsc#1032471).\n - powerpc/mm/slice: Convert slice_mask high slice to a bitmap\n (fate#322495, bsc#1032471).\n - powerpc/mm/slice: Fix off-by-1 error when computing slice mask\n (fate#322495, bsc#1032471).\n - powerpc/mm/slice: Move slice_mask struct definition to slice.c\n (fate#322495, bsc#1032471).\n - powerpc/mm/slice: Update slice mask printing to use bitmap printing\n (fate#322495, bsc#1032471).\n - powerpc/mm/slice: Update the function prototype (fate#322495,\n bsc#1032471).\n - powerpc/mm: use macro PGTABLE_EADDR_SIZE instead of digital\n (fate#322495, bsc#1032471).\n - powerpc/nvram: Fix an incorrect partition merge (bsc#1016489).\n - powerpc/pseries: Release DRC when configure_connector fails\n (bsc#1035777, Pending Base Kernel Fixes).\n - powerpc: Remove STAB code (fate#322495, bsc#1032471).\n - powerpc/vdso64: Use double word compare on pointers (bsc#1016489).\n - raid1: avoid unnecessary spin locks in I/O barrier code\n (bsc#982783,bsc#1026260).\n - random32: fix off-by-one in seeding requirement (git-fixes).\n - rcu: Call out dangers of expedited RCU primitives (bsc#1008893).\n - rcu: Direct algorithmic SRCU implementation (bsc#1008893).\n - rcu: Flip ->completed only once per SRCU grace period (bsc#1008893).\n - rcu: Implement a variant of Peter's SRCU algorithm (bsc#1008893).\n - rcu: Increment upper bit only for srcu_read_lock() (bsc#1008893).\n - rcu: Remove fast check path from __synchronize_srcu() (bsc#1008893).\n - reiserfs: Don't clear SGID when inheriting ACLs (bsc#1030552).\n - reiserfs: don't preallocate blocks for extended attributes (bsc#990682).\n - Remove patches causing regression (bsc#1043234)\n - Remove superfluous make flags (bsc#1012422)\n - Return short read or 0 at end of a raw device, not EIO (bsc#1039594).\n - Revert "kabi:severeties: Add splice_write_to_file PASS" This reverts\n commit 05ecf7ab16b2ea555fadd1ce17d8177394de88f2.\n - Revert "math64: New div64_u64_rem helper" (bnc#938352).\n - Revert "xfs: fix up xfs_swap_extent_forks inline extent handling\n (bsc#1023888)." I was baing my assumption of SLE11-SP4 needing this\n patch on an old kernel build (3.0.101-63). Re-testing with the latest\n one 3.0.101-94 shows that the issue is not present. Furthermore this one\n was causing some crashes. This reverts commit\n 16ceeac70f7286b6232861c3170ed32e39dcc68c.\n - rfkill: fix rfkill_fop_read wait_event usage (bsc#1046192).\n - s390/kmsg: add missing kmsg descriptions (bnc#1025702, LTC#151573).\n - s390/qdio: clear DSCI prior to scanning multiple input queues\n (bnc#1046715, LTC#156234).\n - s390/qeth: no ETH header for outbound AF_IUCV (bnc#1046715, LTC#156276).\n - s390/qeth: size calculation outbound buffers (bnc#1046715, LTC#156276).\n - s390/vmlogrdr: fix IUCV buffer allocation (bnc#1025702, LTC#152144).\n - s390/zcrypt: Introduce CEX6 toleration (FATE#321782, LTC#147505).\n - sched: Always initialize cpu-power (bnc#1013018).\n - sched: Avoid cputime scaling overflow (bnc#938352).\n - sched: Avoid prev->stime underflow (bnc#938352).\n - sched/core: Fix TASK_DEAD race in finish_task_switch() (bnc#1013018).\n - sched/core: Remove false-positive warning from wake_up_process()\n (bnc#1044882).\n - sched/cputime: Do not scale when utime == 0 (bnc#938352).\n - sched/debug: Print the scheduler topology group mask (bnc#1013018).\n - sched: Do not account bogus utime (bnc#938352).\n - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1013018).\n - sched/fair: Fix min_vruntime tracking (bnc#1013018).\n - sched: Fix domain iteration (bnc#1013018).\n - sched: Fix SD_OVERLAP (bnc#1013018).\n - sched/loadavg: Fix loadavg artifacts on fully idle and on fully loaded\n systems (bnc#1013018).\n - sched: Lower chances of cputime scaling overflow (bnc#938352).\n - sched: Move nr_cpus_allowed out of 'struct sched_rt_entity'\n (bnc#1013018). Prep for b60205c7c558 sched/fair: Fix min_vruntime\n tracking\n - sched: Rename a misleading variable in build_overlap_sched_groups()\n (bnc#1013018).\n - sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1013018). Prep\n for b60205c7c558 sched/fair: Fix min_vruntime tracking\n - sched/topology: Fix building of overlapping sched-groups (bnc#1013018).\n - sched/topology: Fix overlapping sched_group_capacity (bnc#1013018).\n - sched/topology: Fix overlapping sched_group_mask (bnc#1013018).\n - sched/topology: Move comment about asymmetric node setups (bnc#1013018).\n - sched/topology: Optimize build_group_mask() (bnc#1013018).\n - sched/topology: Refactor function build_overlap_sched_groups()\n (bnc#1013018).\n - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1013018).\n - sched/topology: Simplify build_overlap_sched_groups() (bnc#1013018).\n - sched/topology: Verify the first group matches the child domain\n (bnc#1013018).\n - sched: Use swap() macro in scale_stime() (bnc#938352).\n - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221).\n - scsi: fix race between simultaneous decrements of ->host_failed\n (bsc#1050154).\n - scsi: fnic: Correcting rport check location in fnic_queuecommand_lck\n (bsc#1035920).\n - scsi: mvsas: fix command_active typo (bsc#1050154).\n - scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init\n (bsc#1050154).\n - scsi: virtio_scsi: fix memory leak on full queue condition (bsc#1028880).\n - scsi: zfcp: do not trace pure benign residual HBA responses at default\n level (bnc#1025702, LTC#151317).\n - scsi: zfcp: fix rport unblock race with LUN recovery (bnc#1025702,\n LTC#151319).\n - scsi: zfcp: fix use-after-free by not tracing WKA port open/close on\n failed send (bnc#1025702, LTC#151365).\n - scsi: zfcp: fix use-after-"free" in FC ingress path after TMF\n (bnc#1025702, LTC#151312).\n - sfc: do not device_attach if a reset is pending (bsc#909618 FATE#317521).\n - sfc: reduce severity of PIO buffer alloc failures (bsc#1019168).\n - smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154).\n - splice: Stub splice_write_to_file (bsc#1043234).\n - sunrpc: Clean up the slot table allocation (bsc#1013862).\n - sunrpc: Fix a memory leak in the backchannel code (git-fixes).\n - sunrpc: Initalise the struct xprt upon allocation (bsc#1013862).\n - svcrdma: Fix send_reply() scatter/gather set-up (git-fixes).\n - target/iscsi: Fix double free in lio_target_tiqn_addtpg() (bsc#1050154).\n - tcp: abort orphan sockets stalling on zero window probes (bsc#1021913).\n - tracing: Fix syscall_*regfunc() vs copy_process() race (bnc#1042687).\n - tracing/kprobes: Enforce kprobes teardown after testing (bnc#1013018).\n - udf: Fix deadlock between writeback and udf_setsize() (bsc#1013018).\n - udf: Fix races with i_size changes during readpage (bsc#1013018).\n - Update metadata for serial fixes (bsc#1013070)\n - Update patches.fixes/nfs-svc-rdma.fix (bsc#1044854).\n - usb: cdc-acm: fix broken runtime suspend (bsc#1033771).\n - usb: cdc-acm: fix open and suspend race (bsc#1033771).\n - usb: cdc-acm: fix potential urb leak and PM imbalance in write\n (bsc#1033771).\n - usb: cdc-acm: fix runtime PM for control messages (bsc#1033771).\n - usb: cdc-acm: fix runtime PM imbalance at shutdown (bsc#1033771).\n - usb: cdc-acm: fix shutdown and suspend race (bsc#1033771).\n - usb: cdc-acm: fix write and resume race (bsc#1033771).\n - usb: cdc-acm: fix write and suspend race (bsc#1033771).\n - usb: class: usbtmc.c: Cleaning up uninitialized variables (bsc#1036288).\n - usb: class: usbtmc: do not print error when allocating urb fails\n (bsc#1036288).\n - usb: class: usbtmc: do not print on ENOMEM (bsc#1036288).\n - usb: hub: Fix crash after failure to read BOS descriptor (FATE#317453).\n - usb: iowarrior: fix info ioctl on big-endian hosts (bsc#1037441).\n - usb: iowarrior: fix NULL-deref in write (bsc#1037359).\n - usb: r8a66597-hcd: select a different endpoint on timeout (bsc#1047053).\n - usb: serial: ark3116: fix register-accessor error handling (git-fixes).\n - usb: serial: ch341: fix open error handling (bsc#1037441).\n - usb: serial: cp210x: fix tiocmget error handling (bsc#1037441).\n - usb: serial: ftdi_sio: fix line-status over-reporting (bsc#1037441).\n - usb: serial: io_edgeport: fix epic-descriptor handling (bsc#1037441).\n - usb: serial: io_ti: fix information leak in completion handler\n (git-fixes).\n - usb: serial: iuu_phoenix: fix NULL-deref at open (bsc#1033794).\n - usb: serial: kl5kusb105: fix line-state error handling (bsc#1021256).\n - usb: serial: mos7720: fix NULL-deref at open (bsc#1033816).\n - usb: serial: mos7720: fix parallel probe (bsc#1033816).\n - usb: serial: mos7720: fix parport use-after-free on probe errors\n (bsc#1033816).\n - usb: serial: mos7720: fix use-after-free on probe errors (bsc#1033816).\n - usb: serial: mos7840: fix another NULL-deref at open (bsc#1034026).\n - usb: serial: mos7840: fix NULL-deref at open (bsc#1034026).\n - usb: serial: oti6858: fix NULL-deref at open (bsc#1037441).\n - usb: serial: sierra: fix bogus alternate-setting assumption\n (bsc#1037441).\n - usb: serial: spcp8x5: fix NULL-deref at open (bsc#1037441).\n - usbtmc: remove redundant braces (bsc#1036288).\n - usbtmc: remove trailing spaces (bsc#1036288).\n - usb: usbip: fix nonconforming hub descriptor (bsc#1047487).\n - usb: usbtmc: add device quirk for Rigol DS6104 (bsc#1036288).\n - usb: usbtmc: Add flag rigol_quirk to usbtmc_device_data (bsc#1036288).\n - usb: usbtmc: add missing endpoint sanity check (bsc#1036288).\n - usb: usbtmc: Change magic number to constant (bsc#1036288).\n - usb: usbtmc: fix big-endian probe of Rigol devices (bsc#1036288).\n - usb: usbtmc: fix DMA on stack (bsc#1036288).\n - usb: usbtmc: fix probe error path (bsc#1036288).\n - usb: usbtmc: Set rigol_quirk if device is listed (bsc#1036288).\n - usb: usbtmc: TMC request code segregated from usbtmc_read (bsc#1036288).\n - usb: usbtmc: usbtmc_read sends multiple TMC header based on rigol_quirk\n (bsc#1036288).\n - usbvision: fix NULL-deref at probe (bsc#1050431).\n - usb: xhci-mem: use passed in GFP flags instead of GFP_KERNEL\n (bsc#1023014).\n - Use make --output-sync feature when available (bsc#1012422). The mesages\n in make output can interleave making it impossible to extract warnings\n reliably. Since version 4 GNU Make supports --output-sync flag that\n prints output of each sub-command atomically preventing this issue.\n Detect the flag and use it if available. SLE11 has make 3.81 so it is\n required to include make 4 in the kernel OBS projects to take advantege\n of this.\n - Use PF_LESS_THROTTLE in loop device thread (bsc#1027101).\n - uwb: hwa-rc: fix NULL-deref at probe (bsc#1037233).\n - uwb: i1480-dfu: fix NULL-deref at probe (bsc#1036629).\n - vb2: Fix an off by one error in 'vb2_plane_vaddr' (bsc#1050431).\n - vfs: split generic splice code from i_mutex locking (bsc#1024788).\n - vmxnet3: avoid calling pskb_may_pull with interrupts disabled\n (bsc#1045356).\n - vmxnet3: fix checks for dma mapping errors (bsc#1045356).\n - vmxnet3: fix lock imbalance in vmxnet3_tq_xmit() (bsc#1045356).\n - vmxnet3: segCnt can be 1 for LRO packets (bsc#988065, bsc#1029770).\n - x86, mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates\n (bsc#948562).\n - x86/pci-calgary: Fix iommu_free() comparison of unsigned expression >= 0\n (bsc#1051478).\n - xen: avoid deadlock in xenbus (bnc#1047523).\n - xen-blkfront: correct maximum segment accounting (bsc#1018263).\n - xen-blkfront: do not call talk_to_blkback when already connected to\n blkback.\n - xen-blkfront: free resources if xlvbd_alloc_gendisk fails.\n - xen/PCI-MSI: fix sysfs teardown in DomU (bsc#986924).\n - xfrm: dst_entries_init() per-net dst_ops (bsc#1030814).\n - xfrm: NULL dereference on allocation failure (bsc#1047343).\n - xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653).\n - xfs_dmapi: fix the debug compilation of xfs_dmapi (bsc#989056).\n - xfs: do not assert fail on non-async buffers on ioacct decrement\n (bsc#1024508).\n - xfs: exclude never-released buffers from buftarg I/O accounting\n (bsc#1024508).\n - xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056).\n - xfs: Fix lock ordering in splice write (bsc#1024788).\n - xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888).\n - xfs: kill xfs_itruncate_start (bsc#1024788).\n - xfs: Make xfs_icdinode->di_dmstate atomic_t (bsc#1024788).\n - xfs: remove the i_new_size field in struct xfs_inode (bsc#1024788).\n - xfs: remove the i_size field in struct xfs_inode (bsc#1024788).\n - xfs: remove xfs_itruncate_data (bsc#1024788).\n - xfs: replace global xfslogd wq with per-mount wq (bsc#1024508).\n - xfs: split xfs_itruncate_finish (bsc#1024788).\n - xfs: split xfs_setattr (bsc#1024788).\n - xfs: Synchronize xfs_buf disposal routines (bsc#1041160).\n - xfs: track and serialize in-flight async buffers against unmount\n (bsc#1024508).\n - xfs: use ->b_state to fix buffer I/O accounting release race\n (bsc#1041160).\n - xprtrdma: Free the pd if ib_query_qp() fails (git-fixes).\n\n", "published": "2017-09-04T21:11:06", "modified": "2017-09-04T21:11:06", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2017-09/msg00009.html", "reporter": "Suse", "references": ["https://bugzilla.suse.com/1028880", "https://bugzilla.suse.com/1049603", "https://bugzilla.suse.com/970956", "https://bugzilla.suse.com/1037227", "https://bugzilla.suse.com/1036288", "https://bugzilla.suse.com/1012422", "https://bugzilla.suse.com/1042832", "https://bugzilla.suse.com/1051478", "https://bugzilla.suse.com/799133", "https://bugzilla.suse.com/1048232", "https://bugzilla.suse.com/1037359", "https://bugzilla.suse.com/1027178", "https://bugzilla.suse.com/1042633", "https://bugzilla.suse.com/999245", "https://bugzilla.suse.com/1040069", "https://bugzilla.suse.com/1039456", "https://bugzilla.suse.com/1037232", "https://bugzilla.suse.com/1037356", "https://bugzilla.suse.com/1023014", "https://bugzilla.suse.com/1047487", "https://bugzilla.suse.com/1028415", "https://bugzilla.suse.com/1033771", "https://bugzilla.suse.com/1008850", "https://bugzilla.suse.com/995542", "https://bugzilla.suse.com/1027565", "https://bugzilla.suse.com/870618", "https://bugzilla.suse.com/971975", "https://bugzilla.suse.com/989056", "https://bugzilla.suse.com/1037183", "https://bugzilla.suse.com/1027066", "https://bugzilla.suse.com/1029850", "https://bugzilla.suse.com/1013018", "https://bugzilla.suse.com/1048185", "https://bugzilla.suse.com/1034026", "https://bugzilla.suse.com/1050154", "https://bugzilla.suse.com/1041160", "https://bugzilla.suse.com/1044913", "https://bugzilla.suse.com/1041431", "https://bugzilla.suse.com/1030573", "https://bugzilla.suse.com/1016489", "https://bugzilla.suse.com/1018263", "https://bugzilla.suse.com/1045406", "https://bugzilla.suse.com/1042687", "https://bugzilla.suse.com/1046107", "https://bugzilla.suse.com/1049882", "https://bugzilla.suse.com/1013800", "https://bugzilla.suse.com/1045525", "https://bugzilla.suse.com/1039348", "https://bugzilla.suse.com/988065", "https://bugzilla.suse.com/1037441", "https://bugzilla.suse.com/1050431", "https://bugzilla.suse.com/1047523", "https://bugzilla.suse.com/1019168", "https://bugzilla.suse.com/1022971", "https://bugzilla.suse.com/1039258", "https://bugzilla.suse.com/1024788", "https://bugzilla.suse.com/1029140", "https://bugzilla.suse.com/931620", "https://bugzilla.suse.com/1035920", "https://bugzilla.suse.com/1035777", "https://bugzilla.suse.com/1031003", "https://bugzilla.suse.com/1043234", "https://bugzilla.suse.com/1051515", "https://bugzilla.suse.com/1036629", "https://bugzilla.suse.com/1044854", "https://bugzilla.suse.com/982783", "https://bugzilla.suse.com/1045154", "https://bugzilla.suse.com/1026024", "https://bugzilla.suse.com/1047053", "https://bugzilla.suse.com/1040351", "https://bugzilla.suse.com/1033336", "https://bugzilla.suse.com/1047354", "https://bugzilla.suse.com/1048221", "https://bugzilla.suse.com/1047343", "https://bugzilla.suse.com/1003077", "https://bugzilla.suse.com/1033804", "https://bugzilla.suse.com/1044015", "https://bugzilla.suse.com/1039354", "https://bugzilla.suse.com/1039594", "https://bugzilla.suse.com/1037191", "https://bugzilla.suse.com/962257", "https://bugzilla.suse.com/1049483", "https://bugzilla.suse.com/1026260", "https://bugzilla.suse.com/1033816", "https://bugzilla.suse.com/1042615", "https://bugzilla.suse.com/1037358", "https://bugzilla.suse.com/1045416", "https://bugzilla.suse.com/1044230", "https://bugzilla.suse.com/1041975", "https://bugzilla.suse.com/943786", "https://bugzilla.suse.com/986365", "https://bugzilla.suse.com/1032471", "https://bugzilla.suse.com/1044882", "https://bugzilla.suse.com/1037182", "https://bugzilla.suse.com/1023888", "https://bugzilla.suse.com/986362", "https://bugzilla.suse.com/1039883", "https://bugzilla.suse.com/990682", "https://bugzilla.suse.com/1043935", "https://bugzilla.suse.com/1049688", "https://bugzilla.suse.com/1045340", "https://bugzilla.suse.com/1021256", "https://bugzilla.suse.com/909486", "https://bugzilla.suse.com/1005651", "https://bugzilla.suse.com/985561", "https://bugzilla.suse.com/1024938", "https://bugzilla.suse.com/1051770", "https://bugzilla.suse.com/972891", "https://bugzilla.suse.com/1023163", "https://bugzilla.suse.com/1030213", "https://bugzilla.suse.com/1023051", "https://bugzilla.suse.com/1044216", "https://bugzilla.suse.com/1032340", "https://bugzilla.suse.com/1013862", "https://bugzilla.suse.com/1027101", "https://bugzilla.suse.com/1033794", "https://bugzilla.suse.com/1045615", "https://bugzilla.suse.com/1018074", "https://bugzilla.suse.com/1037233", "https://bugzilla.suse.com/983212", "https://bugzilla.suse.com/1026722", "https://bugzilla.suse.com/948562", "https://bugzilla.suse.com/1029770", "https://bugzilla.suse.com/1026914", "https://bugzilla.suse.com/1034670", "https://bugzilla.suse.com/911105", "https://bugzilla.suse.com/1047653", "https://bugzilla.suse.com/979021", "https://bugzilla.suse.com/1031052", "https://bugzilla.suse.com/1029212", "https://bugzilla.suse.com/1043014", "https://bugzilla.suse.com/1045547", "https://bugzilla.suse.com/1044125", "https://bugzilla.suse.com/1041762", "https://bugzilla.suse.com/1020229", "https://bugzilla.suse.com/1046715", "https://bugzilla.suse.com/1037193", "https://bugzilla.suse.com/991651", "https://bugzilla.suse.com/1033287", "https://bugzilla.suse.com/1047027", "https://bugzilla.suse.com/1018446", "https://bugzilla.suse.com/792863", "https://bugzilla.suse.com/919382", "https://bugzilla.suse.com/1042200", "https://bugzilla.suse.com/1017143", "https://bugzilla.suse.com/1045356", "https://bugzilla.suse.com/1021913", "https://bugzilla.suse.com/1048275", "https://bugzilla.suse.com/1031440", "https://bugzilla.suse.com/928138", "https://bugzilla.suse.com/1008374", "https://bugzilla.suse.com/938352", "https://bugzilla.suse.com/1046122", "https://bugzilla.suse.com/1038982", "https://bugzilla.suse.com/1035576", "https://bugzilla.suse.com/1030593", "https://bugzilla.suse.com/1025702", "https://bugzilla.suse.com/1036056", "https://bugzilla.suse.com/784815", "https://bugzilla.suse.com/1046192", "https://bugzilla.suse.com/909618", "https://bugzilla.suse.com/1013070", "https://bugzilla.suse.com/1030552", "https://bugzilla.suse.com/1028372", "https://bugzilla.suse.com/1045538", "https://bugzilla.suse.com/1039882", "https://bugzilla.suse.com/1030814", "https://bugzilla.suse.com/1008893", "https://bugzilla.suse.com/1025235", "https://bugzilla.suse.com/1044985", "https://bugzilla.suse.com/1031579", "https://bugzilla.suse.com/1038879", "https://bugzilla.suse.com/1038981", "https://bugzilla.suse.com/1038544", "https://bugzilla.suse.com/1042045", "https://bugzilla.suse.com/1032141", "https://bugzilla.suse.com/1039885", "https://bugzilla.suse.com/986924", "https://bugzilla.suse.com/1024508"], "cvelist": ["CVE-2017-11176", "CVE-2017-7261", "CVE-2017-7184", "CVE-2017-1000380", "CVE-2017-6074", "CVE-2016-7117", "CVE-2017-7616", "CVE-2015-3288", "CVE-2017-9074", "CVE-2017-9242", "CVE-2017-5970", "CVE-2016-10200", "CVE-2017-2636", "CVE-2017-2671", "CVE-2017-11473", "CVE-2017-9075", "CVE-2017-7533", "CVE-2017-7294", "CVE-2017-6348", "CVE-2017-8924", "CVE-2015-8970", "CVE-2016-5243", "CVE-2017-6214", "CVE-2017-1000364", "CVE-2017-7482", "CVE-2014-9922", "CVE-2016-4997", "CVE-2017-7308", "CVE-2017-5669", "CVE-2017-6951", "CVE-2017-2647", "CVE-2017-8925", "CVE-2017-5986", "CVE-2017-6353", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-7187", "CVE-2017-9077", "CVE-2017-7542", "CVE-2017-1000365", "CVE-2017-8890", "CVE-2016-4998", "CVE-2016-2188"], "immutableFields": [], "lastseen": "2017-09-05T00:36:41", "viewCount": 830, "enchantments": {"score": {"value": 3.9, "vector": "NONE"}, "dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2016-694", "ALAS-2016-718", "ALAS-2016-726", "ALAS-2017-805", "ALAS-2017-811", "ALAS-2017-814", "ALAS-2017-828", "ALAS-2017-845", "ALAS-2017-846", "ALAS-2017-868", "ALAS-2017-870"]}, {"type": "android", "idList": ["ANDROID:CVE-2015-3288", "ANDROID:CVE-2016-10200", "ANDROID:CVE-2016-7117", "ANDROID:CVE-2017-8890"]}, {"type": "androidsecurity", "idList": ["ANDROID:2016-09-01", "ANDROID:2016-10-01", "ANDROID:2017-01-01", "ANDROID:2017-03-01", "ANDROID:2017-04-01", "ANDROID:2017-05-01", "ANDROID:2017-07-01", "ANDROID:2017-09-01", "ANDROID:2017-10-01", "ANDROID:2017-11-01", "ANDROID:2017-12-01"]}, {"type": "archlinux", "idList": ["ASA-201702-17", "ASA-201702-18", "ASA-201703-13", "ASA-201703-6", "ASA-201703-7", "ASA-201703-8", "ASA-201706-28", "ASA-201706-30", "ASA-201706-31"]}, {"type": "avleonov", "idList": ["AVLEONOV:258C4C7C6D4C10965793FFCDA8860939", "AVLEONOV:B1FBE34AF90D9EFE8FB00EA97D833417"]}, {"type": "centos", "idList": ["CESA-2015:2152", "CESA-2016:1847", "CESA-2016:2962", "CESA-2017:0036", "CESA-2017:0086", "CESA-2017:0293", "CESA-2017:0294", "CESA-2017:0323", "CESA-2017:0892", "CESA-2017:0933", "CESA-2017:1308", "CESA-2017:1372", "CESA-2017:1484", "CESA-2017:1486", "CESA-2017:1615", "CESA-2017:1842", "CESA-2017:2473", "CESA-2017:2930", "CESA-2017:3315", "CESA-2018:0169", "CESA-2018:1062", "CESA-2018:1854"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:18773E2EBFCA95CBB12CDED52A4EFFCC", "CFOUNDRY:2DD582EFE729277C37B69440AE62247E", "CFOUNDRY:357A3D675E310E16A6C343FB03145CD4", "CFOUNDRY:3F54C95B87B9551DBB314C8164D88E3A", "CFOUNDRY:45D171A4CABD3B2EED5D1C76F5C7F3F2", "CFOUNDRY:4A4E5BB1A59DD906E5D792B48A62CB13", "CFOUNDRY:4DDC563CC4B682CD1D8A3F51374BC77A", "CFOUNDRY:59BA3F002F833C86F9D716E2A3575DCB", "CFOUNDRY:5EEA2226D4FCA4D50B918305E55569E8", "CFOUNDRY:897C3471765453EA05465A73CDC16BBB", "CFOUNDRY:96E3A8B8A251E08132E367B0C5BCD522", "CFOUNDRY:9D1D2721EB965138C5B62A17BAC259EF", "CFOUNDRY:CAC337307F043175ACEEE3B0FD0416FF", "CFOUNDRY:DFAB11FD33D131C30AACDE9F4864FC0F", "CFOUNDRY:EA45FD03FD447E186F125FC46918DCD9", "CFOUNDRY:EC22D7C9EDB0A72523F94F026F02A4D4"]}, {"type": "cloudlinux", "idList": ["CLSA-2022:1650576075"]}, {"type": "cve", "idList": ["CVE-2014-9922", "CVE-2015-3288", "CVE-2015-8970", "CVE-2016-10200", "CVE-2016-2188", "CVE-2016-4997", "CVE-2016-4998", "CVE-2016-5243", "CVE-2016-7117", "CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-1000365", "CVE-2017-1000371", "CVE-2017-1000380", "CVE-2017-11176", "CVE-2017-11473", "CVE-2017-2636", "CVE-2017-2647", "CVE-2017-2671", "CVE-2017-5669", "CVE-2017-5970", "CVE-2017-5986", "CVE-2017-6074", "CVE-2017-6214", "CVE-2017-6348", "CVE-2017-6353", "CVE-2017-6951", "CVE-2017-7184", "CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7294", "CVE-2017-7308", "CVE-2017-7482", "CVE-2017-7487", "CVE-2017-7533", "CVE-2017-7542", "CVE-2017-7616", "CVE-2017-8890", "CVE-2017-8924", "CVE-2017-8925", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1099-1:57108", "DEBIAN:DLA-1200-1:A0B61", "DEBIAN:DLA-516-1:B66B7", "DEBIAN:DLA-833-1:91DAA", "DEBIAN:DLA-849-1:12807", "DEBIAN:DLA-922-1:854C7", "DEBIAN:DLA-993-1:71AF5", "DEBIAN:DLA-993-2:8276F", "DEBIAN:DSA-3607-1:0BD6E", "DEBIAN:DSA-3607-1:29E1C", "DEBIAN:DSA-3791-1:0D4D5", "DEBIAN:DSA-3791-1:AE0FD", "DEBIAN:DSA-3804-1:0976E", "DEBIAN:DSA-3804-1:E7F94", "DEBIAN:DSA-3886-1:89166", "DEBIAN:DSA-3886-1:F6458", "DEBIAN:DSA-3886-2:AC7E4", "DEBIAN:DSA-3886-2:DBE52", "DEBIAN:DSA-3927-1:A186E", "DEBIAN:DSA-3927-1:A5DA8", "DEBIAN:DSA-3945-1:532A6", "DEBIAN:DSA-3945-1:A4CC7", "DEBIAN:DSA-3981-1:0F636", "DEBIAN:DSA-3981-1:3AC17"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-9922", "DEBIANCVE:CVE-2015-3288", "DEBIANCVE:CVE-2015-8970", "DEBIANCVE:CVE-2016-10200", "DEBIANCVE:CVE-2016-2188", "DEBIANCVE:CVE-2016-4997", "DEBIANCVE:CVE-2016-4998", "DEBIANCVE:CVE-2016-5243", "DEBIANCVE:CVE-2016-7117", "DEBIANCVE:CVE-2017-1000363", "DEBIANCVE:CVE-2017-1000364", "DEBIANCVE:CVE-2017-1000365", "DEBIANCVE:CVE-2017-1000371", "DEBIANCVE:CVE-2017-1000380", "DEBIANCVE:CVE-2017-11176", "DEBIANCVE:CVE-2017-11473", "DEBIANCVE:CVE-2017-2636", "DEBIANCVE:CVE-2017-2647", "DEBIANCVE:CVE-2017-2671", "DEBIANCVE:CVE-2017-5669", "DEBIANCVE:CVE-2017-5970", "DEBIANCVE:CVE-2017-5986", "DEBIANCVE:CVE-2017-6074", "DEBIANCVE:CVE-2017-6214", "DEBIANCVE:CVE-2017-6348", "DEBIANCVE:CVE-2017-6353", "DEBIANCVE:CVE-2017-6951", "DEBIANCVE:CVE-2017-7184", "DEBIANCVE:CVE-2017-7187", "DEBIANCVE:CVE-2017-7261", "DEBIANCVE:CVE-2017-7294", "DEBIANCVE:CVE-2017-7308", "DEBIANCVE:CVE-2017-7482", "DEBIANCVE:CVE-2017-7487", "DEBIANCVE:CVE-2017-7533", "DEBIANCVE:CVE-2017-7542", "DEBIANCVE:CVE-2017-7616", "DEBIANCVE:CVE-2017-8890", "DEBIANCVE:CVE-2017-8924", "DEBIANCVE:CVE-2017-8925", "DEBIANCVE:CVE-2017-9074", "DEBIANCVE:CVE-2017-9075", "DEBIANCVE:CVE-2017-9076", "DEBIANCVE:CVE-2017-9077", "DEBIANCVE:CVE-2017-9242"]}, {"type": "exploitdb", "idList": ["EDB-ID:40435", "EDB-ID:40489", "EDB-ID:41457", "EDB-ID:41458", "EDB-ID:41994", "EDB-ID:44302", "EDB-ID:44654", "EDB-ID:45553", "EDB-ID:45554", "EDB-ID:47168"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:4CB8F52029A7ED20CD5AD83DA63EF19E", "EXPLOITPACK:4EEB4BE9E101A3B6E5FA4A3FC9B06CCD", "EXPLOITPACK:4F74638D00AC37320CD01F8B963CC200", "EXPLOITPACK:66230DDA8228F7537211A7F78C05A763", "EXPLOITPACK:7E4B21925D392950552D213FE7157C98", "EXPLOITPACK:84D4B1F42D5DCA9623080EFFD17E58E1", "EXPLOITPACK:9D752285F4A2795E32FB57E31FD31AB0"]}, {"type": "f5", "idList": ["F5:K02236463", "F5:K02613439", "F5:K08478022", "F5:K15412203", "F5:K18015201", "F5:K30737254", "F5:K31209433", "F5:K32115847", "F5:K51201255", "F5:K51931024", "F5:K54170502", "F5:K56450659", "F5:K60104355", "F5:K61223103", "F5:K61429540", "F5:K63771715", "F5:K68852819", "F5:K74171196", "F5:K81211720", "F5:K82224417", "F5:K82508682", "F5:K84024430", "F5:K97457339", "SOL51201255"]}, {"type": "fedora", "idList": ["FEDORA:042FF6294018", "FEDORA:0BAA361AC35C", "FEDORA:1C7E86049D49", "FEDORA:1F466601E823", "FEDORA:26A1460C6317", "FEDORA:274BB60875C4", "FEDORA:2CC39660F53B", "FEDORA:3053760A9C97", "FEDORA:3D3EF633571E", "FEDORA:41D1B604B3B3", "FEDORA:44065605602A", "FEDORA:464D56087B08", "FEDORA:4B62F60A865A", "FEDORA:4F34C605E513", "FEDORA:547D9626ACA1", "FEDORA:553DD615C92C", "FEDORA:578BF6049496", "FEDORA:5931760652B6", "FEDORA:6435A6076A13", "FEDORA:6437E61257FA", "FEDORA:648496077DD1", "FEDORA:65FAD61713B3", "FEDORA:6F1BC604D0C1", "FEDORA:76A6A60C79DB", "FEDORA:79A0B6175384", "FEDORA:7ED1D60A8F65", "FEDORA:83CF561C31BC", "FEDORA:8C2C4605E539", "FEDORA:8CDBE6067306", "FEDORA:A65EC601F907", "FEDORA:ACCF760419AA", "FEDORA:B60446046988", "FEDORA:B704D609623F", "FEDORA:B872461491E6", "FEDORA:B9A2260A96D5", "FEDORA:C8F1260321CA", "FEDORA:D953C601BFE1", "FEDORA:EE2EE6087A58", "FEDORA:F02346079D15", "FEDORA:F325C6013F0A"]}, {"type": "github", "idList": ["GITHUB:36A8218D126985012FDC093E052DADD1"]}, {"type": "githubexploit", "idList": ["F235C897-C385-56AB-B58E-500B01C27538"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:9B79D262B5DA61A7E11F5134B546BA63"]}, {"type": "hackerone", "idList": ["H1:347282", "H1:684567"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20170802-01-LINUX"]}, {"type": "ibm", "idList": ["091C926DD3372A48BCEFCA3A598C2A54BAEA4FF0AC1ADA170D539846CF9E0B12", "0C9BE2F3A245999460BB6BC497E21EC27992E79FB4C1D769E6D1CF729AB33300", "0D95BD029EF7D61B7C200E5DCF5114404F54883607A0E5A132C410EA37160E69", "233226C0332001C81596C237819F64BB35F4B49297346F216B4DC90C72D26485", "289F46B747F4C8F26E8F8D17623E34EDE1DB7595184FCDCC87FEDCC356AC9965", "3225590ACA91E6DF0E178DA31C2E57BF8B7009899CBDD520B86DCF5F0582D254", "475B1D5AA0EDB6A4A0012EA2C2D64B9388A6ACC5779414E8E1A98AC9B641F6AF", "61EAA34D5E4645B71F124164E8135272DB3119CF3ABDC2864377B692FCF87527", "62DB70FCF6301104005FF9FB20C71886DC177ADAE354920858B0940C223989CD", "6B8D264C112CFCDDCE94E39A330DF7082557BFFF177349A0F825B791060643AF", "72A14F3E1A05E87987247C3A94DA37A971910E734C842EA2FD4E32CE8B24FCF5", "7975EECD3D2EE6CE08E72863DB53AD391D308F9DFA1EAA45FE674BAB1B264C0A", "8325E2E8632F22E10CD653162D8EFC2BD56BD809EC2298B08EF585D287E1CFA8", "A0B3473150234C639FE6AF0F0A832767753836E0C7B4AA5A710ED063FB7AD779", "A0B51C5217767E75AB974BA93584FB1F969514BA8D7EE9EDD025C20F274C1D2F", "A9C254F86614D2334E5A1624EEBD7497A5FA74BEC3159FA2530927B6C4A89585", "AF6E3EC9D5A5C3CF688EF87142347E0688A4AE1CB6831F92326966B86BF2D9C1", "B13E9CABE04A3A8E052E5DD7075F194AB2BDBB1AA759BCA55EBEBB657F688C5F", "CD9B5BF488F3327F1A5D08B8A25E9EF90D7304376F44A16FB3F05E06566E80FF", "DE695F71E3366E59E6428276E5EABA598BB2B1F9CA1025C553DC82926661E92A", "F092FBBD34304315E258962CA397F72D24D88CD673A181734FDCE39754098484"]}, {"type": "ics", "idList": ["ICSA-21-280-02"]}, {"type": "kitploit", "idList": ["KITPLOIT:4462385753504235463"]}, {"type": "lenovo", "idList": ["LENOVO:PS500107-NOSID", "LENOVO:PS500144-NOSID", "LENOVO:PS500321-NOSID"]}, {"type": "mageia", "idList": ["MGAA-2016-0134", "MGASA-2016-0271", "MGASA-2016-0283", "MGASA-2016-0284", "MGASA-2016-0345", "MGASA-2016-0364", "MGASA-2017-0063", "MGASA-2017-0064", "MGASA-2017-0065", "MGASA-2017-0088", "MGASA-2017-0089", "MGASA-2017-0090", "MGASA-2017-0097", "MGASA-2017-0098", "MGASA-2017-0099", "MGASA-2017-0136", "MGASA-2017-0147", "MGASA-2017-0148", "MGASA-2017-0186", "MGASA-2017-0187", "MGASA-2017-0188"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-LINUX-LOCAL-AF_PACKET_PACKET_SET_RING_PRIV_ESC-", "MSF:EXPLOIT-LINUX-LOCAL-NETFILTER_PRIV_ESC_IPV4-"]}, {"type": "myhack58", "idList": ["MYHACK58:62201783679", "MYHACK58:62201783692", "MYHACK58:62201785788", "MYHACK58:62201786520", "MYHACK58:62201787108", "MYHACK58:62201787113", "MYHACK58:62201787550"]}, {"type": "nessus", "idList": ["ALA_ALAS-2016-694.NASL", "ALA_ALAS-2016-718.NASL", "ALA_ALAS-2016-726.NASL", "ALA_ALAS-2017-805.NASL", "ALA_ALAS-2017-811.NASL", "ALA_ALAS-2017-814.NASL", "ALA_ALAS-2017-828.NASL", "ALA_ALAS-2017-845.NASL", "ALA_ALAS-2017-846.NASL", "ALA_ALAS-2017-868.NASL", "ALA_ALAS-2017-870.NASL", "CENTOS_RHSA-2015-2152.NASL", "CENTOS_RHSA-2016-1847.NASL", "CENTOS_RHSA-2016-2962.NASL", "CENTOS_RHSA-2017-0036.NASL", "CENTOS_RHSA-2017-0086.NASL", "CENTOS_RHSA-2017-0293.NASL", "CENTOS_RHSA-2017-0294.NASL", "CENTOS_RHSA-2017-0323.NASL", "CENTOS_RHSA-2017-0892.NASL", "CENTOS_RHSA-2017-0933.NASL", "CENTOS_RHSA-2017-1308.NASL", "CENTOS_RHSA-2017-1372.NASL", "CENTOS_RHSA-2017-1484.NASL", "CENTOS_RHSA-2017-1486.NASL", "CENTOS_RHSA-2017-1615.NASL", "CENTOS_RHSA-2017-1842.NASL", "CENTOS_RHSA-2017-2473.NASL", "CENTOS_RHSA-2017-2930.NASL", "CENTOS_RHSA-2017-3315.NASL", "CENTOS_RHSA-2018-1062.NASL", "CENTOS_RHSA-2018-1854.NASL", "DEBIAN_DLA-1099.NASL", "DEBIAN_DLA-1200.NASL", "DEBIAN_DLA-516.NASL", "DEBIAN_DLA-833.NASL", "DEBIAN_DLA-849.NASL", "DEBIAN_DLA-922.NASL", "DEBIAN_DLA-993.NASL", "DEBIAN_DSA-3607.NASL", "DEBIAN_DSA-3791.NASL", "DEBIAN_DSA-3804.NASL", "DEBIAN_DSA-3886.NASL", "DEBIAN_DSA-3927.NASL", "DEBIAN_DSA-3945.NASL", "DEBIAN_DSA-3981.NASL", "EULEROS_SA-2016-1048.NASL", "EULEROS_SA-2016-1051.NASL", "EULEROS_SA-2017-1056.NASL", "EULEROS_SA-2017-1057.NASL", "EULEROS_SA-2017-1066.NASL", "EULEROS_SA-2017-1071.NASL", "EULEROS_SA-2017-1072.NASL", "EULEROS_SA-2017-1122.NASL", "EULEROS_SA-2017-1123.NASL", "EULEROS_SA-2017-1154.NASL", "EULEROS_SA-2017-1155.NASL", "EULEROS_SA-2017-1159.NASL", "EULEROS_SA-2017-1160.NASL", "EULEROS_SA-2017-1291.NASL", "EULEROS_SA-2018-1026.NASL", "EULEROS_SA-2019-1471.NASL", "EULEROS_SA-2019-1472.NASL", "EULEROS_SA-2019-1474.NASL", "EULEROS_SA-2019-1478.NASL", "EULEROS_SA-2019-1482.NASL", "EULEROS_SA-2019-1484.NASL", "EULEROS_SA-2019-1485.NASL", "EULEROS_SA-2019-1486.NASL", "EULEROS_SA-2019-1487.NASL", "EULEROS_SA-2019-1489.NASL", "EULEROS_SA-2019-1491.NASL", "EULEROS_SA-2019-1494.NASL", "EULEROS_SA-2019-1496.NASL", "EULEROS_SA-2019-1498.NASL", "EULEROS_SA-2019-1500.NASL", "EULEROS_SA-2019-1502.NASL", "EULEROS_SA-2019-1504.NASL", "EULEROS_SA-2019-1505.NASL", "EULEROS_SA-2019-1506.NASL", "EULEROS_SA-2019-1508.NASL", "EULEROS_SA-2019-1513.NASL", "EULEROS_SA-2019-1516.NASL", "EULEROS_SA-2019-1517.NASL", "EULEROS_SA-2019-1519.NASL", "EULEROS_SA-2019-1520.NASL", "EULEROS_SA-2019-1521.NASL", "EULEROS_SA-2019-1522.NASL", "EULEROS_SA-2019-1523.NASL", "EULEROS_SA-2019-1524.NASL", "EULEROS_SA-2019-1525.NASL", "EULEROS_SA-2019-1526.NASL", "EULEROS_SA-2019-1527.NASL", "EULEROS_SA-2019-1528.NASL", "EULEROS_SA-2019-1529.NASL", "EULEROS_SA-2019-1530.NASL", "EULEROS_SA-2019-1531.NASL", "EULEROS_SA-2019-1533.NASL", "EULEROS_SA-2019-1535.NASL", "EULEROS_SA-2019-1537.NASL", "EULEROS_SA-2019-1539.NASL", "EULEROS_SA-2019-2274.NASL", "EULEROS_SA-2019-2353.NASL", "EULEROS_SA-2019-2531.NASL", "EULEROS_SA-2021-1808.NASL", "EULEROS_SA-2021-2392.NASL", "F5_BIGIP_SOL02236463.NASL", "F5_BIGIP_SOL02613439.NASL", "F5_BIGIP_SOL18015201.NASL", "F5_BIGIP_SOL51931024.NASL", "F5_BIGIP_SOL60104355.NASL", "F5_BIGIP_SOL61223103.NASL", "F5_BIGIP_SOL61429540.NASL", "F5_BIGIP_SOL68852819.NASL", "F5_BIGIP_SOL81211720.NASL", "F5_BIGIP_SOL82224417.NASL", "F5_BIGIP_SOL82508682.NASL", "F5_BIGIP_SOL84024430.NASL", "FEDORA_2016-1C409313F4.NASL", "FEDORA_2016-3DAF782DFA.NASL", "FEDORA_2016-63EE0999E4.NASL", "FEDORA_2016-73A733F4D9.NASL", "FEDORA_2016-7E602C0E5E.NASL", "FEDORA_2016-80EDB9D511.NASL", "FEDORA_2016-E0F3FCD7DF.NASL", "FEDORA_2016-ED5110C4BB.NASL", "FEDORA_2017-0054C7B1F0.NASL", "FEDORA_2017-02174DF32F.NASL", "FEDORA_2017-05F10E29F4.NASL", "FEDORA_2017-26C9ECD7A4.NASL", "FEDORA_2017-273B67D5EE.NASL", "FEDORA_2017-2E1F3694B2.NASL", "FEDORA_2017-3456BA4C93.NASL", "FEDORA_2017-387FF46A66.NASL", "FEDORA_2017-39B5FACDA0.NASL", "FEDORA_2017-3A9EC92DD6.NASL", "FEDORA_2017-466D902289.NASL", "FEDORA_2017-4B9F61C68D.NASL", "FEDORA_2017-502CF68D68.NASL", "FEDORA_2017-544EEF948F.NASL", "FEDORA_2017-6554692044.NASL", "FEDORA_2017-6F06BE3FE9.NASL", "FEDORA_2017-73F71456D7.NASL", "FEDORA_2017-787BC0D5B4.NASL", "FEDORA_2017-85744F8AA9.NASL", "FEDORA_2017-8E7549FB91.NASL", "FEDORA_2017-92D84F68CF.NASL", "FEDORA_2017-93DEC9EBA5.NASL", "FEDORA_2017-98548B066B.NASL", "FEDORA_2017-ADC7D95627.NASL", "FEDORA_2017-D3ED702FE4.NASL", "FEDORA_2017-D7BC1B3056.NASL", "FEDORA_2017-DEB70B495E.NASL", "FEDORA_2017-E75602D3ED.NASL", "FEDORA_2017-F519EBB3C4.NASL", "FEDORA_2017-FB89CA752A.NASL", "FIREEYE_OS_EX_801.NASL", "JUNIPER_SPACE_JSA10917_184R1.NASL", "JUNIPER_SPACE_JSA_10826.NASL", "MCAFEE_WEB_GATEWAY_SB10205.NASL", "NEWSTART_CGSL_NS-SA-2019-0004_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0007_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0018_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0028_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0034_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0049_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0076_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0077_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0098_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0099_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0113_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0143_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0152_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0001_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0075_KERNEL.NASL", "OPENSUSE-2016-1015.NASL", "OPENSUSE-2016-1029.NASL", "OPENSUSE-2016-1076.NASL", "OPENSUSE-2016-1227.NASL", "OPENSUSE-2016-629.NASL", "OPENSUSE-2016-862.NASL", "OPENSUSE-2016-869.NASL", "OPENSUSE-2017-1390.NASL", "OPENSUSE-2017-1391.NASL", "OPENSUSE-2017-245.NASL", "OPENSUSE-2017-246.NASL", "OPENSUSE-2017-286.NASL", "OPENSUSE-2017-287.NASL", "OPENSUSE-2017-418.NASL", "OPENSUSE-2017-419.NASL", "OPENSUSE-2017-532.NASL", "OPENSUSE-2017-562.NASL", "OPENSUSE-2017-666.NASL", "OPENSUSE-2017-716.NASL", "OPENSUSE-2017-734.NASL", "OPENSUSE-2017-798.NASL", "OPENSUSE-2017-890.NASL", "OPENSUSE-2017-891.NASL", "ORACLELINUX_ELSA-2015-2152.NASL", "ORACLELINUX_ELSA-2016-1847.NASL", "ORACLELINUX_ELSA-2016-2962.NASL", "ORACLELINUX_ELSA-2016-3617.NASL", "ORACLELINUX_ELSA-2016-3618.NASL", "ORACLELINUX_ELSA-2016-3619.NASL", "ORACLELINUX_ELSA-2016-3655.NASL", "ORACLELINUX_ELSA-2016-3656.NASL", "ORACLELINUX_ELSA-2016-3657.NASL", "ORACLELINUX_ELSA-2017-0036.NASL", "ORACLELINUX_ELSA-2017-0086.NASL", "ORACLELINUX_ELSA-2017-0293.NASL", "ORACLELINUX_ELSA-2017-0294.NASL", "ORACLELINUX_ELSA-2017-0323.NASL", "ORACLELINUX_ELSA-2017-0892.NASL", "ORACLELINUX_ELSA-2017-0933-1.NASL", "ORACLELINUX_ELSA-2017-0933.NASL", "ORACLELINUX_ELSA-2017-1308-1.NASL", "ORACLELINUX_ELSA-2017-1308.NASL", "ORACLELINUX_ELSA-2017-1372.NASL", "ORACLELINUX_ELSA-2017-1484.NASL", "ORACLELINUX_ELSA-2017-1486.NASL", "ORACLELINUX_ELSA-2017-1615-1.NASL", "ORACLELINUX_ELSA-2017-1615.NASL", "ORACLELINUX_ELSA-2017-1842-1.NASL", "ORACLELINUX_ELSA-2017-1842.NASL", "ORACLELINUX_ELSA-2017-2473-1.NASL", "ORACLELINUX_ELSA-2017-2473.NASL", "ORACLELINUX_ELSA-2017-2930-1.NASL", "ORACLELINUX_ELSA-2017-2930.NASL", "ORACLELINUX_ELSA-2017-3315.NASL", "ORACLELINUX_ELSA-2017-3520.NASL", "ORACLELINUX_ELSA-2017-3521.NASL", "ORACLELINUX_ELSA-2017-3522.NASL", "ORACLELINUX_ELSA-2017-3533.NASL", "ORACLELINUX_ELSA-2017-3534.NASL", "ORACLELINUX_ELSA-2017-3535.NASL", "ORACLELINUX_ELSA-2017-3539.NASL", "ORACLELINUX_ELSA-2017-3566.NASL", "ORACLELINUX_ELSA-2017-3567.NASL", "ORACLELINUX_ELSA-2017-3574.NASL", "ORACLELINUX_ELSA-2017-3575.NASL", "ORACLELINUX_ELSA-2017-3576.NASL", "ORACLELINUX_ELSA-2017-3579.NASL", "ORACLELINUX_ELSA-2017-3580.NASL", "ORACLELINUX_ELSA-2017-3587.NASL", "ORACLELINUX_ELSA-2017-3592.NASL", "ORACLELINUX_ELSA-2017-3595.NASL", "ORACLELINUX_ELSA-2017-3605.NASL", "ORACLELINUX_ELSA-2017-3606.NASL", "ORACLELINUX_ELSA-2017-3607.NASL", "ORACLELINUX_ELSA-2017-3609.NASL", "ORACLELINUX_ELSA-2017-3621.NASL", "ORACLELINUX_ELSA-2017-3622.NASL", "ORACLELINUX_ELSA-2017-3631.NASL", "ORACLELINUX_ELSA-2017-3632.NASL", "ORACLELINUX_ELSA-2017-3633.NASL", "ORACLELINUX_ELSA-2017-3635.NASL", "ORACLELINUX_ELSA-2017-3636.NASL", "ORACLELINUX_ELSA-2017-3637.NASL", "ORACLELINUX_ELSA-2017-3657.NASL", "ORACLELINUX_ELSA-2017-3658.NASL", "ORACLELINUX_ELSA-2017-3659.NASL", "ORACLELINUX_ELSA-2018-0169.NASL", "ORACLELINUX_ELSA-2018-1062.NASL", "ORACLELINUX_ELSA-2018-1854.NASL", "ORACLELINUX_ELSA-2018-4040.NASL", "ORACLELINUX_ELSA-2018-4041.NASL", "ORACLELINUX_ELSA-2018-4071.NASL", "ORACLELINUX_ELSA-2018-4108.NASL", "ORACLELINUX_ELSA-2018-4109.NASL", "ORACLELINUX_ELSA-2018-4110.NASL", "ORACLELINUX_ELSA-2018-4161.NASL", "ORACLELINUX_ELSA-2018-4164.NASL", "ORACLELINUX_ELSA-2018-4172.NASL", "ORACLELINUX_ELSA-2020-1524.NASL", "ORACLELINUX_ELSA-2020-5671.NASL", "ORACLELINUX_ELSA-2020-5866.NASL", "ORACLELINUX_ELSA-2020-5879.NASL", "ORACLELINUX_ELSA-2020-5881.NASL", "ORACLELINUX_ELSA-2020-5936.NASL", "ORACLELINUX_ELSA-2021-9486.NASL", "ORACLELINUX_ELSA-2021-9487.NASL", "ORACLEVM_OVMSA-2016-0133.NASL", "ORACLEVM_OVMSA-2016-0134.NASL", "ORACLEVM_OVMSA-2016-0158.NASL", "ORACLEVM_OVMSA-2016-0179.NASL", "ORACLEVM_OVMSA-2016-0180.NASL", "ORACLEVM_OVMSA-2016-0181.NASL", "ORACLEVM_OVMSA-2017-0044.NASL", "ORACLEVM_OVMSA-2017-0045.NASL", "ORACLEVM_OVMSA-2017-0046.NASL", "ORACLEVM_OVMSA-2017-0056.NASL", "ORACLEVM_OVMSA-2017-0057.NASL", "ORACLEVM_OVMSA-2017-0058.NASL", "ORACLEVM_OVMSA-2017-0062.NASL", "ORACLEVM_OVMSA-2017-0105.NASL", "ORACLEVM_OVMSA-2017-0106.NASL", "ORACLEVM_OVMSA-2017-0111.NASL", "ORACLEVM_OVMSA-2017-0112.NASL", "ORACLEVM_OVMSA-2017-0115.NASL", "ORACLEVM_OVMSA-2017-0121.NASL", "ORACLEVM_OVMSA-2017-0126.NASL", "ORACLEVM_OVMSA-2017-0143.NASL", "ORACLEVM_OVMSA-2017-0144.NASL", "ORACLEVM_OVMSA-2017-0145.NASL", "ORACLEVM_OVMSA-2017-0152.NASL", "ORACLEVM_OVMSA-2017-0163.NASL", "ORACLEVM_OVMSA-2017-0164.NASL", "ORACLEVM_OVMSA-2017-0167.NASL", "ORACLEVM_OVMSA-2017-0168.NASL", "ORACLEVM_OVMSA-2017-0173.NASL", "ORACLEVM_OVMSA-2017-0174.NASL", "ORACLEVM_OVMSA-2018-0015.NASL", "ORACLEVM_OVMSA-2018-0035.NASL", "ORACLEVM_OVMSA-2018-0041.NASL", "ORACLEVM_OVMSA-2018-0236.NASL", "ORACLEVM_OVMSA-2018-0237.NASL", "ORACLEVM_OVMSA-2020-0044.NASL", "PHOTONOS_PHSA-2017-0006.NASL", "PHOTONOS_PHSA-2017-0006_LINUX.NASL", "PHOTONOS_PHSA-2017-0011.NASL", "PHOTONOS_PHSA-2017-0011_LINUX.NASL", "PHOTONOS_PHSA-2017-0014.NASL", "PHOTONOS_PHSA-2017-0014_LINUX.NASL", "PHOTONOS_PHSA-2017-0018.NASL", "PHOTONOS_PHSA-2017-0019.NASL", "PHOTONOS_PHSA-2017-0019_LINUX.NASL", "PHOTONOS_PHSA-2017-0022.NASL", "PHOTONOS_PHSA-2017-0022_LINUX.NASL", "PHOTONOS_PHSA-2017-0025.NASL", "PHOTONOS_PHSA-2017-0025_LINUX.NASL", "PHOTONOS_PHSA-2017-0028.NASL", "PHOTONOS_PHSA-2017-0028_LINUX.NASL", "PHOTONOS_PHSA-2017-0029.NASL", "PHOTONOS_PHSA-2017-0029_LINUX.NASL", "PHOTONOS_PHSA-2018-2_0-0101.NASL", "PHOTONOS_PHSA-2018-2_0-0101_LINUX.NASL", "RANCHEROS_0_8_1.NASL", "RANCHEROS_1_0_3.NASL", "RANCHEROS_1_1_1.NASL", "REDHAT-RHSA-2015-2152.NASL", "REDHAT-RHSA-2016-1847.NASL", "REDHAT-RHSA-2016-1875.NASL", "REDHAT-RHSA-2016-1883.NASL", "REDHAT-RHSA-2016-2962.NASL", "REDHAT-RHSA-2017-0031.NASL", "REDHAT-RHSA-2017-0036.NASL", "REDHAT-RHSA-2017-0065.NASL", "REDHAT-RHSA-2017-0086.NASL", "REDHAT-RHSA-2017-0091.NASL", "REDHAT-RHSA-2017-0113.NASL", "REDHAT-RHSA-2017-0196.NASL", "REDHAT-RHSA-2017-0215.NASL", "REDHAT-RHSA-2017-0216.NASL", "REDHAT-RHSA-2017-0217.NASL", "REDHAT-RHSA-2017-0270.NASL", "REDHAT-RHSA-2017-0293.NASL", "REDHAT-RHSA-2017-0294.NASL", "REDHAT-RHSA-2017-0295.NASL", "REDHAT-RHSA-2017-0316.NASL", "REDHAT-RHSA-2017-0323.NASL", "REDHAT-RHSA-2017-0324.NASL", "REDHAT-RHSA-2017-0345.NASL", "REDHAT-RHSA-2017-0346.NASL", "REDHAT-RHSA-2017-0347.NASL", "REDHAT-RHSA-2017-0365.NASL", "REDHAT-RHSA-2017-0366.NASL", "REDHAT-RHSA-2017-0403.NASL", "REDHAT-RHSA-2017-0501.NASL", "REDHAT-RHSA-2017-0892.NASL", "REDHAT-RHSA-2017-0931.NASL", "REDHAT-RHSA-2017-0932.NASL", "REDHAT-RHSA-2017-0933.NASL", "REDHAT-RHSA-2017-0986.NASL", "REDHAT-RHSA-2017-1125.NASL", "REDHAT-RHSA-2017-1126.NASL", "REDHAT-RHSA-2017-1209.NASL", "REDHAT-RHSA-2017-1232.NASL", "REDHAT-RHSA-2017-1233.NASL", "REDHAT-RHSA-2017-1297.NASL", "REDHAT-RHSA-2017-1298.NASL", "REDHAT-RHSA-2017-1308.NASL", "REDHAT-RHSA-2017-1372.NASL", "REDHAT-RHSA-2017-1482.NASL", "REDHAT-RHSA-2017-1483.NASL", "REDHAT-RHSA-2017-1484.NASL", "REDHAT-RHSA-2017-1485.NASL", "REDHAT-RHSA-2017-1486.NASL", "REDHAT-RHSA-2017-1487.NASL", "REDHAT-RHSA-2017-1488.NASL", "REDHAT-RHSA-2017-1489.NASL", "REDHAT-RHSA-2017-1490.NASL", "REDHAT-RHSA-2017-1491.NASL", "REDHAT-RHSA-2017-1615.NASL", "REDHAT-RHSA-2017-1616.NASL", "REDHAT-RHSA-2017-1647.NASL", "REDHAT-RHSA-2017-1842.NASL", "REDHAT-RHSA-2017-2077.NASL", "REDHAT-RHSA-2017-2437.NASL", "REDHAT-RHSA-2017-2444.NASL", "REDHAT-RHSA-2017-2473.NASL", "REDHAT-RHSA-2017-2585.NASL", "REDHAT-RHSA-2017-2669.NASL", "REDHAT-RHSA-2017-2770.NASL", "REDHAT-RHSA-2017-2869.NASL", "REDHAT-RHSA-2017-2918.NASL", "REDHAT-RHSA-2017-2930.NASL", "REDHAT-RHSA-2017-2931.NASL", "REDHAT-RHSA-2017-3295.NASL", "REDHAT-RHSA-2017-3315.NASL", "REDHAT-RHSA-2017-3322.NASL", "REDHAT-RHSA-2018-0169.NASL", "REDHAT-RHSA-2018-0654.NASL", "REDHAT-RHSA-2018-0676.NASL", "REDHAT-RHSA-2018-1062.NASL", "REDHAT-RHSA-2018-1854.NASL", "REDHAT-RHSA-2019-0641.NASL", "REDHAT-RHSA-2019-4159.NASL", "REDHAT-RHSA-2020-3548.NASL", "REDHAT-RHSA-2020-3836.NASL", "SLACKWARE_SSA_2017-177-01.NASL", "SLACKWARE_SSA_2017-180-01.NASL", "SLACKWARE_SSA_2017-181-02.NASL", "SLACKWARE_SSA_2017-184-01.NASL", "SL_20160915_KERNEL_ON_SL7_X.NASL", "SL_20161220_KERNEL_ON_SL5_X.NASL", "SL_20170110_KERNEL_ON_SL6_X.NASL", "SL_20170117_KERNEL_ON_SL7_X.NASL", "SL_20170222_KERNEL_ON_SL6_X.NASL", "SL_20170222_KERNEL_ON_SL7_X.NASL", "SL_20170224_KERNEL_ON_SL5_X.NASL", "SL_20170411_KERNEL_ON_SL6_X.NASL", "SL_20170412_KERNEL_ON_SL7_X.NASL", "SL_20170525_KERNEL_ON_SL7_X.NASL", "SL_20170531_KERNEL_ON_SL6_X.NASL", "SL_20170619_KERNEL_ON_SL6_X.NASL", "SL_20170619_KERNEL_ON_SL7_X.NASL", "SL_20170628_KERNEL_ON_SL7_X.NASL", "SL_20170801_KERNEL_ON_SL7_X.NASL", "SL_20170815_KERNEL_ON_SL7_X.NASL", "SL_20171019_KERNEL_ON_SL7_X.NASL", "SL_20171130_KERNEL_ON_SL7_X.NASL", "SL_20180125_KERNEL_ON_SL6_X.NASL", "SL_20180410_KERNEL_ON_SL7_X.NASL", "SL_20180619_KERNEL_ON_SL6_X.NASL", "SL_20200826_KERNEL_ON_SL6_X.NASL", "SUSE_SU-2016-1203-1.NASL", "SUSE_SU-2016-1672-1.NASL", "SUSE_SU-2016-1690-1.NASL", "SUSE_SU-2016-1696-1.NASL", "SUSE_SU-2016-1709-1.NASL", "SUSE_SU-2016-1710-1.NASL", "SUSE_SU-2016-2018-1.NASL", "SUSE_SU-2016-2074-1.NASL", "SUSE_SU-2016-2105-1.NASL", "SUSE_SU-2016-2245-1.NASL", "SUSE_SU-2016-2632-1.NASL", "SUSE_SU-2016-2633-1.NASL", "SUSE_SU-2016-2636-1.NASL", "SUSE_SU-2016-2655-1.NASL", "SUSE_SU-2016-2658-1.NASL", "SUSE_SU-2016-2659-1.NASL", "SUSE_SU-2016-2976-1.NASL", "SUSE_SU-2016-3109-1.NASL", "SUSE_SU-2016-3111-1.NASL", "SUSE_SU-2016-3112-1.NASL", "SUSE_SU-2016-3119-1.NASL", "SUSE_SU-2016-3249-1.NASL", "SUSE_SU-2017-0333-1.NASL", "SUSE_SU-2017-0471-1.NASL", "SUSE_SU-2017-0494-1.NASL", "SUSE_SU-2017-0517-1.NASL", "SUSE_SU-2017-0575-1.NASL", "SUSE_SU-2017-0769-1.NASL", "SUSE_SU-2017-0770-1.NASL", "SUSE_SU-2017-0771-1.NASL", "SUSE_SU-2017-0772-1.NASL", "SUSE_SU-2017-0780-1.NASL", "SUSE_SU-2017-0864-1.NASL", "SUSE_SU-2017-0865-1.NASL", "SUSE_SU-2017-0866-1.NASL", "SUSE_SU-2017-0873-1.NASL", "SUSE_SU-2017-0875-1.NASL", "SUSE_SU-2017-0876-1.NASL", "SUSE_SU-2017-0880-1.NASL", "SUSE_SU-2017-0881-1.NASL", "SUSE_SU-2017-0888-1.NASL", "SUSE_SU-2017-0889-1.NASL", "SUSE_SU-2017-0912-1.NASL", "SUSE_SU-2017-0913-1.NASL", "SUSE_SU-2017-1183-1.NASL", "SUSE_SU-2017-1247-1.NASL", "SUSE_SU-2017-1278-1.NASL", "SUSE_SU-2017-1281-1.NASL", "SUSE_SU-2017-1285-1.NASL", "SUSE_SU-2017-1287-1.NASL", "SUSE_SU-2017-1291-1.NASL", "SUSE_SU-2017-1299-1.NASL", "SUSE_SU-2017-1300-1.NASL", "SUSE_SU-2017-1301-1.NASL", "SUSE_SU-2017-1302-1.NASL", "SUSE_SU-2017-1360-1.NASL", "SUSE_SU-2017-1613-1.NASL", "SUSE_SU-2017-1615-1.NASL", "SUSE_SU-2017-1617-1.NASL", "SUSE_SU-2017-1618-1.NASL", "SUSE_SU-2017-1628-1.NASL", "SUSE_SU-2017-1696-1.NASL", "SUSE_SU-2017-1704-1.NASL", "SUSE_SU-2017-1706-1.NASL", "SUSE_SU-2017-1707-1.NASL", "SUSE_SU-2017-1735-1.NASL", "SUSE_SU-2017-1853-1.NASL", "SUSE_SU-2017-1905-1.NASL", "SUSE_SU-2017-1906-1.NASL", "SUSE_SU-2017-1909-1.NASL", "SUSE_SU-2017-1910-1.NASL", "SUSE_SU-2017-1912-1.NASL", "SUSE_SU-2017-1915-1.NASL", "SUSE_SU-2017-1922-1.NASL", "SUSE_SU-2017-1924-1.NASL", "SUSE_SU-2017-1937-1.NASL", "SUSE_SU-2017-1939-1.NASL", "SUSE_SU-2017-1941-1.NASL", "SUSE_SU-2017-1942-1.NASL", "SUSE_SU-2017-1943-1.NASL", "SUSE_SU-2017-1944-1.NASL", "SUSE_SU-2017-1945-1.NASL", "SUSE_SU-2017-1946-1.NASL", "SUSE_SU-2017-2041-1.NASL", "SUSE_SU-2017-2042-1.NASL", "SUSE_SU-2017-2049-1.NASL", "SUSE_SU-2017-2060-1.NASL", "SUSE_SU-2017-2061-1.NASL", "SUSE_SU-2017-2072-1.NASL", "SUSE_SU-2017-2073-1.NASL", "SUSE_SU-2017-2074-1.NASL", "SUSE_SU-2017-2088-1.NASL", "SUSE_SU-2017-2089-1.NASL", "SUSE_SU-2017-2090-1.NASL", "SUSE_SU-2017-2091-1.NASL", "SUSE_SU-2017-2092-1.NASL", "SUSE_SU-2017-2093-1.NASL", "SUSE_SU-2017-2094-1.NASL", "SUSE_SU-2017-2095-1.NASL", "SUSE_SU-2017-2096-1.NASL", "SUSE_SU-2017-2098-1.NASL", "SUSE_SU-2017-2099-1.NASL", "SUSE_SU-2017-2100-1.NASL", "SUSE_SU-2017-2102-1.NASL", "SUSE_SU-2017-2103-1.NASL", "SUSE_SU-2017-2286-1.NASL", "SUSE_SU-2017-2389-1.NASL", "SUSE_SU-2017-2446-1.NASL", "SUSE_SU-2017-2447-1.NASL", "SUSE_SU-2017-2448-1.NASL", "SUSE_SU-2017-2475-1.NASL", "SUSE_SU-2017-2476-1.NASL", "SUSE_SU-2017-2497-1.NASL", "SUSE_SU-2017-2525-1.NASL", "SUSE_SU-2017-2775-1.NASL", "SUSE_SU-2017-2791-1.NASL", "SUSE_SU-2017-2869-1.NASL", "SUSE_SU-2017-2908-1.NASL", "SUSE_SU-2017-2920-1.NASL", "SUSE_SU-2017-3398-1.NASL", "SUSE_SU-2017-3410-1.NASL", "UBUNTU_USN-2965-1.NASL", "UBUNTU_USN-2965-2.NASL", "UBUNTU_USN-2965-3.NASL", "UBUNTU_USN-2965-4.NASL", "UBUNTU_USN-2968-1.NASL", "UBUNTU_USN-2968-2.NASL", "UBUNTU_USN-2969-1.NASL", "UBUNTU_USN-2970-1.NASL", "UBUNTU_USN-2971-1.NASL", "UBUNTU_USN-2971-2.NASL", "UBUNTU_USN-2971-3.NASL", "UBUNTU_USN-2996-1.NASL", "UBUNTU_USN-3016-1.NASL", "UBUNTU_USN-3016-2.NASL", "UBUNTU_USN-3016-3.NASL", "UBUNTU_USN-3016-4.NASL", "UBUNTU_USN-3017-1.NASL", "UBUNTU_USN-3017-2.NASL", "UBUNTU_USN-3017-3.NASL", "UBUNTU_USN-3018-1.NASL", "UBUNTU_USN-3018-2.NASL", "UBUNTU_USN-3019-1.NASL", "UBUNTU_USN-3020-1.NASL", "UBUNTU_USN-3049-1.NASL", "UBUNTU_USN-3051-1.NASL", "UBUNTU_USN-3052-1.NASL", "UBUNTU_USN-3053-1.NASL", "UBUNTU_USN-3054-1.NASL", "UBUNTU_USN-3055-1.NASL", "UBUNTU_USN-3056-1.NASL", "UBUNTU_USN-3057-1.NASL", "UBUNTU_USN-3126-1.NASL", "UBUNTU_USN-3127-1.NASL", "UBUNTU_USN-3127-2.NASL", "UBUNTU_USN-3206-1.NASL", "UBUNTU_USN-3207-1.NASL", "UBUNTU_USN-3207-2.NASL", "UBUNTU_USN-3208-1.NASL", "UBUNTU_USN-3208-2.NASL", "UBUNTU_USN-3209-1.NASL", "UBUNTU_USN-3218-1.NASL", "UBUNTU_USN-3219-1.NASL", "UBUNTU_USN-3219-2.NASL", "UBUNTU_USN-3220-1.NASL", "UBUNTU_USN-3220-2.NASL", "UBUNTU_USN-3220-3.NASL", "UBUNTU_USN-3221-1.NASL", "UBUNTU_USN-3221-2.NASL", "UBUNTU_USN-3248-1.NASL", "UBUNTU_USN-3249-1.NASL", "UBUNTU_USN-3249-2.NASL", "UBUNTU_USN-3250-1.NASL", "UBUNTU_USN-3250-2.NASL", "UBUNTU_USN-3251-1.NASL", "UBUNTU_USN-3251-2.NASL", "UBUNTU_USN-3256-1.NASL", "UBUNTU_USN-3256-2.NASL", "UBUNTU_USN-3264-1.NASL", "UBUNTU_USN-3264-2.NASL", "UBUNTU_USN-3265-1.NASL", "UBUNTU_USN-3265-2.NASL", "UBUNTU_USN-3266-1.NASL", "UBUNTU_USN-3266-2.NASL", "UBUNTU_USN-3291-1.NASL", "UBUNTU_USN-3291-2.NASL", "UBUNTU_USN-3291-3.NASL", "UBUNTU_USN-3293-1.NASL", "UBUNTU_USN-3312-1.NASL", "UBUNTU_USN-3312-2.NASL", "UBUNTU_USN-3314-1.NASL", "UBUNTU_USN-3324-1.NASL", "UBUNTU_USN-3325-1.NASL", "UBUNTU_USN-3326-1.NASL", "UBUNTU_USN-3327-1.NASL", "UBUNTU_USN-3328-1.NASL", "UBUNTU_USN-3329-1.NASL", "UBUNTU_USN-3330-1.NASL", "UBUNTU_USN-3331-1.NASL", "UBUNTU_USN-3332-1.NASL", "UBUNTU_USN-3333-1.NASL", "UBUNTU_USN-3334-1.NASL", "UBUNTU_USN-3335-1.NASL", "UBUNTU_USN-3335-2.NASL", "UBUNTU_USN-3338-1.NASL", "UBUNTU_USN-3338-2.NASL", "UBUNTU_USN-3342-1.NASL", "UBUNTU_USN-3342-2.NASL", "UBUNTU_USN-3343-1.NASL", "UBUNTU_USN-3343-2.NASL", "UBUNTU_USN-3344-1.NASL", "UBUNTU_USN-3344-2.NASL", "UBUNTU_USN-3345-1.NASL", "UBUNTU_USN-3358-1.NASL", "UBUNTU_USN-3359-1.NASL", "UBUNTU_USN-3360-1.NASL", "UBUNTU_USN-3361-1.NASL", "UBUNTU_USN-3364-1.NASL", "UBUNTU_USN-3364-2.NASL", "UBUNTU_USN-3364-3.NASL", "UBUNTU_USN-3371-1.NASL", "UBUNTU_USN-3377-1.NASL", "UBUNTU_USN-3377-2.NASL", "UBUNTU_USN-3378-1.NASL", "UBUNTU_USN-3378-2.NASL", "UBUNTU_USN-3381-1.NASL", "UBUNTU_USN-3392-1.NASL", "UBUNTU_USN-3392-2.NASL", "UBUNTU_USN-3404-1.NASL", "UBUNTU_USN-3404-2.NASL", "UBUNTU_USN-3405-1.NASL", "UBUNTU_USN-3405-2.NASL", "UBUNTU_USN-3406-1.NASL", "UBUNTU_USN-3422-1.NASL", "UBUNTU_USN-3468-1.NASL", "UBUNTU_USN-3468-2.NASL", "UBUNTU_USN-3468-3.NASL", "UBUNTU_USN-3470-1.NASL", "UBUNTU_USN-3583-1.NASL", "UBUNTU_USN-3754-1.NASL", "UBUNTU_USN-3849-1.NASL", "VIRTUOZZO_VZA-2017-010.NASL", "VIRTUOZZO_VZA-2017-017.NASL", "VIRTUOZZO_VZA-2017-019.NASL", "VIRTUOZZO_VZA-2017-021.NASL", "VIRTUOZZO_VZA-2017-025.NASL", "VIRTUOZZO_VZA-2017-026.NASL", "VIRTUOZZO_VZA-2017-027.NASL", "VIRTUOZZO_VZA-2017-028.NASL", "VIRTUOZZO_VZA-2017-029.NASL", "VIRTUOZZO_VZA-2017-032.NASL", "VIRTUOZZO_VZA-2017-042.NASL", "VIRTUOZZO_VZA-2017-043.NASL", "VIRTUOZZO_VZA-2017-044.NASL", "VIRTUOZZO_VZA-2017-045.NASL", "VIRTUOZZO_VZA-2017-047.NASL", "VIRTUOZZO_VZA-2017-055.NASL", "VIRTUOZZO_VZA-2017-056.NASL", "VIRTUOZZO_VZA-2017-061.NASL", "VIRTUOZZO_VZA-2017-065.NASL", "VIRTUOZZO_VZA-2017-067.NASL", "VIRTUOZZO_VZA-2017-068.NASL", "VIRTUOZZO_VZA-2017-069.NASL", "VIRTUOZZO_VZA-2017-070.NASL", "VIRTUOZZO_VZA-2017-076.NASL", "VIRTUOZZO_VZA-2017-077.NASL", "VIRTUOZZO_VZA-2017-078.NASL", "VIRTUOZZO_VZA-2017-079.NASL", "VIRTUOZZO_VZA-2018-041.NASL", "VIRTUOZZO_VZA-2018-072.NASL", "VIRTUOZZO_VZA-2018-075.NASL", "VIRTUOZZO_VZLSA-2017-0036.NASL", "VIRTUOZZO_VZLSA-2017-0086.NASL", "VIRTUOZZO_VZLSA-2017-0293.NASL", "VIRTUOZZO_VZLSA-2017-0294.NASL", "VIRTUOZZO_VZLSA-2017-0323.NASL", "VIRTUOZZO_VZLSA-2017-0892.NASL", "VIRTUOZZO_VZLSA-2017-0933.NASL", "VIRTUOZZO_VZLSA-2017-1308.NASL", "VIRTUOZZO_VZLSA-2017-1372.NASL", "VIRTUOZZO_VZLSA-2017-1484.NASL", "VIRTUOZZO_VZLSA-2017-1486.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108776", "OPENVAS:1361412562310120707", "OPENVAS:1361412562310120715", "OPENVAS:1361412562310140260", "OPENVAS:1361412562310703607", "OPENVAS:1361412562310703791", "OPENVAS:1361412562310703804", "OPENVAS:1361412562310703886", "OPENVAS:1361412562310703927", "OPENVAS:1361412562310703945", "OPENVAS:1361412562310703981", "OPENVAS:1361412562310808438", "OPENVAS:1361412562310808442", "OPENVAS:1361412562310808459", "OPENVAS:1361412562310808522", "OPENVAS:1361412562310808556", "OPENVAS:1361412562310808914", "OPENVAS:1361412562310811258", "OPENVAS:1361412562310812046", "OPENVAS:1361412562310812318", "OPENVAS:1361412562310842734", "OPENVAS:1361412562310842736", "OPENVAS:1361412562310842737", "OPENVAS:1361412562310842738", "OPENVAS:1361412562310842739", "OPENVAS:1361412562310842742", "OPENVAS:1361412562310842743", "OPENVAS:1361412562310842744", "OPENVAS:1361412562310842755", "OPENVAS:1361412562310842759", "OPENVAS:1361412562310842762", "OPENVAS:1361412562310842792", "OPENVAS:1361412562310842795", "OPENVAS:1361412562310842805", "OPENVAS:1361412562310842806", "OPENVAS:1361412562310842807", "OPENVAS:1361412562310842808", "OPENVAS:1361412562310842809", "OPENVAS:1361412562310842810", "OPENVAS:1361412562310842811", "OPENVAS:1361412562310842812", "OPENVAS:1361412562310842813", "OPENVAS:1361412562310842815", "OPENVAS:1361412562310842817", "OPENVAS:1361412562310842850", "OPENVAS:1361412562310842852", "OPENVAS:1361412562310842853", "OPENVAS:1361412562310842854", "OPENVAS:1361412562310842855", "OPENVAS:1361412562310842856", "OPENVAS:1361412562310842857", "OPENVAS:1361412562310842859", "OPENVAS:1361412562310842860", "OPENVAS:1361412562310842945", "OPENVAS:1361412562310842948", "OPENVAS:1361412562310842949", "OPENVAS:1361412562310842951", "OPENVAS:1361412562310843060", "OPENVAS:1361412562310843061", "OPENVAS:1361412562310843062", "OPENVAS:1361412562310843063", "OPENVAS:1361412562310843064", "OPENVAS:1361412562310843065", "OPENVAS:1361412562310843075", "OPENVAS:1361412562310843076", "OPENVAS:1361412562310843077", "OPENVAS:1361412562310843078", "OPENVAS:1361412562310843079", "OPENVAS:1361412562310843081", "OPENVAS:1361412562310843082", "OPENVAS:1361412562310843083", "OPENVAS:1361412562310843114", "OPENVAS:1361412562310843115", "OPENVAS:1361412562310843116", "OPENVAS:1361412562310843117", "OPENVAS:1361412562310843119", "OPENVAS:1361412562310843120", "OPENVAS:1361412562310843121", "OPENVAS:1361412562310843127", "OPENVAS:1361412562310843128", "OPENVAS:1361412562310843137", "OPENVAS:1361412562310843138", "OPENVAS:1361412562310843139", "OPENVAS:1361412562310843140", "OPENVAS:1361412562310843141", "OPENVAS:1361412562310843142", "OPENVAS:1361412562310843164", "OPENVAS:1361412562310843165", "OPENVAS:1361412562310843175", "OPENVAS:1361412562310843176", "OPENVAS:1361412562310843198", "OPENVAS:1361412562310843199", "OPENVAS:1361412562310843200", "OPENVAS:1361412562310843209", "OPENVAS:1361412562310843210", "OPENVAS:1361412562310843211", "OPENVAS:1361412562310843212", "OPENVAS:1361412562310843213", "OPENVAS:1361412562310843215", "OPENVAS:1361412562310843216", "OPENVAS:1361412562310843217", "OPENVAS:1361412562310843218", "OPENVAS:1361412562310843220", "OPENVAS:1361412562310843221", "OPENVAS:1361412562310843222", "OPENVAS:1361412562310843228", "OPENVAS:1361412562310843229", "OPENVAS:1361412562310843231", "OPENVAS:1361412562310843232", "OPENVAS:1361412562310843233", "OPENVAS:1361412562310843234", "OPENVAS:1361412562310843247", "OPENVAS:1361412562310843248", "OPENVAS:1361412562310843249", "OPENVAS:1361412562310843250", "OPENVAS:1361412562310843252", "OPENVAS:1361412562310843254", "OPENVAS:1361412562310843255", "OPENVAS:1361412562310843262", "OPENVAS:1361412562310843268", "OPENVAS:1361412562310843269", "OPENVAS:1361412562310843270", "OPENVAS:1361412562310843271", "OPENVAS:1361412562310843273", "OPENVAS:1361412562310843286", "OPENVAS:1361412562310843287", "OPENVAS:1361412562310843294", "OPENVAS:1361412562310843295", "OPENVAS:1361412562310843296", "OPENVAS:1361412562310843297", "OPENVAS:1361412562310843298", "OPENVAS:1361412562310843312", "OPENVAS:1361412562310843352", "OPENVAS:1361412562310843353", "OPENVAS:1361412562310843356", "OPENVAS:1361412562310843357", "OPENVAS:1361412562310843461", "OPENVAS:1361412562310843628", "OPENVAS:1361412562310843857", "OPENVAS:1361412562310851320", "OPENVAS:1361412562310851358", "OPENVAS:1361412562310851360", "OPENVAS:1361412562310851367", "OPENVAS:1361412562310851386", "OPENVAS:1361412562310851388", "OPENVAS:1361412562310851390", "OPENVAS:1361412562310851420", "OPENVAS:1361412562310851489", "OPENVAS:1361412562310851506", "OPENVAS:1361412562310851515", "OPENVAS:1361412562310851516", "OPENVAS:1361412562310851529", "OPENVAS:1361412562310851530", "OPENVAS:1361412562310851544", "OPENVAS:1361412562310851548", "OPENVAS:1361412562310851566", "OPENVAS:1361412562310851571", "OPENVAS:1361412562310851573", "OPENVAS:1361412562310851578", "OPENVAS:1361412562310851586", "OPENVAS:1361412562310851592", "OPENVAS:1361412562310851666", "OPENVAS:1361412562310851667", "OPENVAS:1361412562310871661", "OPENVAS:1361412562310871730", "OPENVAS:1361412562310871742", "OPENVAS:1361412562310871747", "OPENVAS:1361412562310871761", "OPENVAS:1361412562310871762", "OPENVAS:1361412562310871765", "OPENVAS:1361412562310871794", "OPENVAS:1361412562310871796", "OPENVAS:1361412562310871823", "OPENVAS:1361412562310871827", "OPENVAS:1361412562310871832", "OPENVAS:1361412562310871833", "OPENVAS:1361412562310871838", "OPENVAS:1361412562310871855", "OPENVAS:1361412562310871884", "OPENVAS:1361412562310872383", "OPENVAS:1361412562310872391", "OPENVAS:1361412562310872392", "OPENVAS:1361412562310872418", "OPENVAS:1361412562310872419", "OPENVAS:1361412562310872473", "OPENVAS:1361412562310872476", "OPENVAS:1361412562310872547", "OPENVAS:1361412562310872548", "OPENVAS:1361412562310872568", "OPENVAS:1361412562310872569", "OPENVAS:1361412562310872575", "OPENVAS:1361412562310872578", "OPENVAS:1361412562310872696", "OPENVAS:1361412562310872700", "OPENVAS:1361412562310872708", "OPENVAS:1361412562310872720", "OPENVAS:1361412562310872729", "OPENVAS:1361412562310872761", "OPENVAS:1361412562310872785", "OPENVAS:1361412562310872788", "OPENVAS:1361412562310872902", "OPENVAS:1361412562310873079", "OPENVAS:1361412562310873160", "OPENVAS:1361412562310873277", "OPENVAS:1361412562310873302", "OPENVAS:1361412562310874365", "OPENVAS:1361412562310874427", "OPENVAS:1361412562310874619", "OPENVAS:1361412562310882558", "OPENVAS:1361412562310882614", "OPENVAS:1361412562310882629", "OPENVAS:1361412562310882638", "OPENVAS:1361412562310882664", "OPENVAS:1361412562310882665", "OPENVAS:1361412562310882668", "OPENVAS:1361412562310882674", "OPENVAS:1361412562310882688", "OPENVAS:1361412562310882694", "OPENVAS:1361412562310882725", "OPENVAS:1361412562310882728", "OPENVAS:1361412562310882735", "OPENVAS:1361412562310882738", "OPENVAS:1361412562310882747", "OPENVAS:1361412562310882792", "OPENVAS:1361412562310882810", "OPENVAS:1361412562310882840", "OPENVAS:1361412562310890833", "OPENVAS:1361412562310890849", "OPENVAS:1361412562310890922", "OPENVAS:1361412562310890993", "OPENVAS:1361412562310891099", "OPENVAS:1361412562311220161048", "OPENVAS:1361412562311220161051", "OPENVAS:1361412562311220171056", "OPENVAS:1361412562311220171057", "OPENVAS:1361412562311220171066", "OPENVAS:1361412562311220171071", "OPENVAS:1361412562311220171072", "OPENVAS:1361412562311220171122", "OPENVAS:1361412562311220171123", "OPENVAS:1361412562311220171154", "OPENVAS:1361412562311220171155", "OPENVAS:1361412562311220171159", "OPENVAS:1361412562311220171160", "OPENVAS:1361412562311220171291", "OPENVAS:1361412562311220181026", "OPENVAS:1361412562311220191471", "OPENVAS:1361412562311220191472", "OPENVAS:1361412562311220191474", "OPENVAS:1361412562311220191478", "OPENVAS:1361412562311220191482", "OPENVAS:1361412562311220191484", "OPENVAS:1361412562311220191485", "OPENVAS:1361412562311220191486", "OPENVAS:1361412562311220191487", "OPENVAS:1361412562311220191489", "OPENVAS:1361412562311220191491", "OPENVAS:1361412562311220191494", "OPENVAS:1361412562311220191496", "OPENVAS:1361412562311220191498", "OPENVAS:1361412562311220191500", "OPENVAS:1361412562311220191502", "OPENVAS:1361412562311220191504", "OPENVAS:1361412562311220191505", "OPENVAS:1361412562311220191506", "OPENVAS:1361412562311220191508", "OPENVAS:1361412562311220191513", "OPENVAS:1361412562311220191516", "OPENVAS:1361412562311220191517", "OPENVAS:1361412562311220191519", "OPENVAS:1361412562311220191520", "OPENVAS:1361412562311220191521", "OPENVAS:1361412562311220191522", "OPENVAS:1361412562311220191523", "OPENVAS:1361412562311220191524", "OPENVAS:1361412562311220191525", "OPENVAS:1361412562311220191526", "OPENVAS:1361412562311220191527", "OPENVAS:1361412562311220191528", "OPENVAS:1361412562311220191529", "OPENVAS:1361412562311220191530", "OPENVAS:1361412562311220191531", "OPENVAS:1361412562311220191533", "OPENVAS:1361412562311220191535", "OPENVAS:1361412562311220191537", "OPENVAS:1361412562311220191539", "OPENVAS:1361412562311220192274", "OPENVAS:1361412562311220192353", "OPENVAS:1361412562311220192531", "OPENVAS:703607", "OPENVAS:703791", "OPENVAS:703804", "OPENVAS:703886"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2018", "ORACLE:CPUJUL2018-4258247"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-1847", "ELSA-2016-2962", "ELSA-2016-2962-1", "ELSA-2016-3617", "ELSA-2016-3618", "ELSA-2016-3619", "ELSA-2016-3655", "ELSA-2016-3656", "ELSA-2016-3657", "ELSA-2017-0036", "ELSA-2017-0086", "ELSA-2017-0293", "ELSA-2017-0294", "ELSA-2017-0294-1", "ELSA-2017-0307", "ELSA-2017-0323", "ELSA-2017-0323-1", "ELSA-2017-0817", "ELSA-2017-0892", "ELSA-2017-0933", "ELSA-2017-0933-1", "ELSA-2017-1308", "ELSA-2017-1308-1", "ELSA-2017-1372", "ELSA-2017-1482-1", "ELSA-2017-1484", "ELSA-2017-1484-1", "ELSA-2017-1486", "ELSA-2017-1615", "ELSA-2017-1615-1", "ELSA-2017-1723", "ELSA-2017-1842", "ELSA-2017-1842-1", "ELSA-2017-2473", "ELSA-2017-2473-1", "ELSA-2017-2930", "ELSA-2017-2930-1", "ELSA-2017-3315", "ELSA-2017-3520", "ELSA-2017-3521", "ELSA-2017-3522", "ELSA-2017-3533", "ELSA-2017-3534", "ELSA-2017-3535", "ELSA-2017-3539", "ELSA-2017-3566", "ELSA-2017-3567", "ELSA-2017-3574", "ELSA-2017-3575", "ELSA-2017-3576", "ELSA-2017-3579", "ELSA-2017-3580", "ELSA-2017-3582", "ELSA-2017-3583", "ELSA-2017-3587", "ELSA-2017-3590", "ELSA-2017-3591", "ELSA-2017-3592", "ELSA-2017-3595", "ELSA-2017-3605", "ELSA-2017-3606", "ELSA-2017-3607", "ELSA-2017-3609", "ELSA-2017-3621", "ELSA-2017-3622", "ELSA-2017-3631", "ELSA-2017-3632", "ELSA-2017-3633", "ELSA-2017-3635", "ELSA-2017-3636", "ELSA-2017-3637", "ELSA-2017-3657", "ELSA-2017-3658", "ELSA-2017-3659", "ELSA-2018-0008", "ELSA-2018-0169", "ELSA-2018-1062", "ELSA-2018-1854", "ELSA-2018-4021", "ELSA-2018-4040", "ELSA-2018-4041", "ELSA-2018-4108", "ELSA-2018-4109", "ELSA-2018-4110", "ELSA-2018-4161", "ELSA-2018-4164", "ELSA-2018-4172", "ELSA-2020-3548", "ELSA-2020-5671", "ELSA-2020-5866", "ELSA-2020-5879", "ELSA-2020-5881", "ELSA-2020-5936", "ELSA-2021-9486", "ELSA-2021-9487"]}, {"type": "osv", "idList": ["OSV:DLA-1099-1", "OSV:DLA-1200-1", "OSV:DLA-516-1", "OSV:DLA-833-1", "OSV:DLA-849-1", "OSV:DLA-922-1", "OSV:DLA-993-1", "OSV:DSA-3607-1", "OSV:DSA-3791-1", "OSV:DSA-3804-1", "OSV:DSA-3886-1", "OSV:DSA-3886-2", "OSV:DSA-3927-1", "OSV:DSA-3945-1", "OSV:DSA-3981-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:136219", "PACKETSTORM:138854", "PACKETSTORM:139880", "PACKETSTORM:141331", "PACKETSTORM:141339", "PACKETSTORM:142872", "PACKETSTORM:147685", "PACKETSTORM:149804"]}, {"type": "photon", "idList": ["PHSA-2016-0007", "PHSA-2017-0011", "PHSA-2017-0014", "PHSA-2017-0018", "PHSA-2017-0019", "PHSA-2017-0025", "PHSA-2017-0028", "PHSA-2017-0029", "PHSA-2017-0031", "PHSA-2017-0035", "PHSA-2017-0038", "PHSA-2017-0041", "PHSA-2017-0044", "PHSA-2017-0052", "PHSA-2017-0055", "PHSA-2017-0061", "PHSA-2017-0062", "PHSA-2018-0031", "PHSA-2018-0101", "PHSA-2018-2.0-0101"]}, {"type": "ptsecurity", "idList": ["PT-2017-06"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:87BA757A5FD1FA33FB143A6AD7B02E98"]}, {"type": "redhat", "idList": ["RHSA-2015:2152", "RHSA-2016:1847", "RHSA-2016:1875", "RHSA-2016:1883", "RHSA-2016:2962", "RHSA-2017:0031", "RHSA-2017:0036", "RHSA-2017:0065", "RHSA-2017:0086", "RHSA-2017:0091", "RHSA-2017:0113", "RHSA-2017:0196", "RHSA-2017:0215", "RHSA-2017:0216", "RHSA-2017:0217", "RHSA-2017:0270", "RHSA-2017:0293", "RHSA-2017:0294", "RHSA-2017:0295", "RHSA-2017:0316", "RHSA-2017:0323", "RHSA-2017:0324", "RHSA-2017:0345", "RHSA-2017:0346", "RHSA-2017:0347", "RHSA-2017:0365", "RHSA-2017:0366", "RHSA-2017:0403", "RHSA-2017:0501", "RHSA-2017:0892", "RHSA-2017:0931", "RHSA-2017:0932", "RHSA-2017:0933", "RHSA-2017:0986", "RHSA-2017:1125", "RHSA-2017:1126", "RHSA-2017:1209", "RHSA-2017:1232", "RHSA-2017:1233", "RHSA-2017:1297", "RHSA-2017:1298", "RHSA-2017:1308", "RHSA-2017:1372", "RHSA-2017:1482", "RHSA-2017:1483", "RHSA-2017:1484", "RHSA-2017:1485", "RHSA-2017:1486", "RHSA-2017:1487", "RHSA-2017:1488", "RHSA-2017:1489", "RHSA-2017:1490", "RHSA-2017:1491", "RHSA-2017:1567", "RHSA-2017:1615", "RHSA-2017:1616", "RHSA-2017:1647", "RHSA-2017:1712", "RHSA-2017:1842", "RHSA-2017:2077", "RHSA-2017:2437", "RHSA-2017:2444", "RHSA-2017:2473", "RHSA-2017:2585", "RHSA-2017:2669", "RHSA-2017:2770", "RHSA-2017:2869", "RHSA-2017:2918", "RHSA-2017:2930", "RHSA-2017:2931", "RHSA-2017:3295", "RHSA-2017:3315", "RHSA-2017:3322", "RHSA-2018:0169", "RHSA-2018:0654", "RHSA-2018:0676", "RHSA-2018:1062", "RHSA-2018:1854", "RHSA-2018:3822", "RHSA-2019:0641", "RHSA-2019:4159", "RHSA-2020:3548", "RHSA-2020:3836"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-10200", "RH:CVE-2016-4997", "RH:CVE-2016-4998", "RH:CVE-2016-5243", "RH:CVE-2017-1000363", "RH:CVE-2017-1000365", "RH:CVE-2017-1000366", "RH:CVE-2017-1000380", "RH:CVE-2017-11176", "RH:CVE-2017-11473", "RH:CVE-2017-2636", "RH:CVE-2017-2647", "RH:CVE-2017-2671", "RH:CVE-2017-5669", "RH:CVE-2017-5970", "RH:CVE-2017-5986", "RH:CVE-2017-6214", "RH:CVE-2017-6348", "RH:CVE-2017-6353", "RH:CVE-2017-6951", "RH:CVE-2017-7184", "RH:CVE-2017-7187", "RH:CVE-2017-7261", "RH:CVE-2017-7294", "RH:CVE-2017-7308", "RH:CVE-2017-7482", "RH:CVE-2017-7487", "RH:CVE-2017-7533", "RH:CVE-2017-7542", "RH:CVE-2017-7616", "RH:CVE-2017-8890", "RH:CVE-2017-8924", "RH:CVE-2017-8925", "RH:CVE-2017-9074", "RH:CVE-2017-9075", "RH:CVE-2017-9076", "RH:CVE-2017-9077", "RH:CVE-2017-9242", "RH:CVE-2021-22600"]}, {"type": "seebug", "idList": ["SSV:92700", "SSV:92755", "SSV:92861", "SSV:93094", "SSV:93140", "SSV:93143", "SSV:93207"]}, {"type": "slackware", "idList": ["SSA-2017-177-01", "SSA-2017-180-01", "SSA-2017-181-02", "SSA-2017-184-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:1382-1", "OPENSUSE-SU-2016:1798-1", "OPENSUSE-SU-2016:2144-1", "OPENSUSE-SU-2016:2184-1", "OPENSUSE-SU-2016:2290-1", "OPENSUSE-SU-2016:2625-1", "OPENSUSE-SU-2016:2649-1", "OPENSUSE-SU-2017:0456-1", "OPENSUSE-SU-2017:0458-1", "OPENSUSE-SU-2017:0541-1", "OPENSUSE-SU-2017:0547-1", "OPENSUSE-SU-2017:0906-1", "OPENSUSE-SU-2017:0907-1", "OPENSUSE-SU-2017:1140-1", "OPENSUSE-SU-2017:1215-1", "OPENSUSE-SU-2017:1513-1", "OPENSUSE-SU-2017:1633-1", "OPENSUSE-SU-2017:1685-1", "OPENSUSE-SU-2017:1825-1", "OPENSUSE-SU-2017:2110-1", "OPENSUSE-SU-2017:2112-1", "OPENSUSE-SU-2017:3358-1", "OPENSUSE-SU-2017:3359-1", "SUSE-SU-2016:1203-1", "SUSE-SU-2016:1672-1", "SUSE-SU-2016:1690-1", "SUSE-SU-2016:1696-1", "SUSE-SU-2016:1707-1", "SUSE-SU-2016:1709-1", "SUSE-SU-2016:1710-1", "SUSE-SU-2016:1764-1", "SUSE-SU-2016:1937-1", "SUSE-SU-2016:1985-1", "SUSE-SU-2016:2018-1", "SUSE-SU-2016:2074-1", "SUSE-SU-2016:2105-1", "SUSE-SU-2016:2174-1", "SUSE-SU-2016:2177-1", "SUSE-SU-2016:2178-1", "SUSE-SU-2016:2179-1", "SUSE-SU-2016:2180-1", "SUSE-SU-2016:2181-1", "SUSE-SU-2016:2245-1", "SUSE-SU-2016:2632-1", "SUSE-SU-2016:2633-1", "SUSE-SU-2016:2636-1", "SUSE-SU-2016:2655-1", "SUSE-SU-2016:2658-1", "SUSE-SU-2016:2659-1", "SUSE-SU-2016:2976-1", "SUSE-SU-2016:3069-1", "SUSE-SU-2016:3093-1", "SUSE-SU-2016:3094-1", "SUSE-SU-2016:3098-1", "SUSE-SU-2016:3100-1", "SUSE-SU-2016:3104-1", "SUSE-SU-2016:3109-1", "SUSE-SU-2016:3111-1", "SUSE-SU-2016:3112-1", "SUSE-SU-2016:3119-1", "SUSE-SU-2016:3249-1", "SUSE-SU-2016:3304-1", "SUSE-SU-2017:0333-1", "SUSE-SU-2017:0471-1", "SUSE-SU-2017:0494-1", "SUSE-SU-2017:0517-1", "SUSE-SU-2017:0575-1", "SUSE-SU-2017:0759-1", "SUSE-SU-2017:0760-1", "SUSE-SU-2017:0762-1", "SUSE-SU-2017:0763-1", "SUSE-SU-2017:0764-1", "SUSE-SU-2017:0766-1", "SUSE-SU-2017:0767-1", "SUSE-SU-2017:0768-1", "SUSE-SU-2017:0769-1", "SUSE-SU-2017:0770-1", "SUSE-SU-2017:0771-1", "SUSE-SU-2017:0772-1", "SUSE-SU-2017:0773-1", "SUSE-SU-2017:0774-1", "SUSE-SU-2017:0775-1", "SUSE-SU-2017:0776-1", "SUSE-SU-2017:0777-1", "SUSE-SU-2017:0778-1", "SUSE-SU-2017:0779-1", "SUSE-SU-2017:0780-1", "SUSE-SU-2017:0781-1", "SUSE-SU-2017:0786-1", "SUSE-SU-2017:0864-1", "SUSE-SU-2017:0865-1", "SUSE-SU-2017:0866-1", "SUSE-SU-2017:0867-1", "SUSE-SU-2017:0868-1", "SUSE-SU-2017:0873-1", "SUSE-SU-2017:0875-1", "SUSE-SU-2017:0876-1", "SUSE-SU-2017:0877-1", "SUSE-SU-2017:0878-1", "SUSE-SU-2017:0880-1", "SUSE-SU-2017:0881-1", "SUSE-SU-2017:0882-1", "SUSE-SU-2017:0884-1", "SUSE-SU-2017:0885-1", "SUSE-SU-2017:0886-1", "SUSE-SU-2017:0887-1", "SUSE-SU-2017:0888-1", "SUSE-SU-2017:0912-1", "SUSE-SU-2017:0913-1", "SUSE-SU-2017:1059-1", "SUSE-SU-2017:1064-1", "SUSE-SU-2017:1102-1", "SUSE-SU-2017:1183-1", "SUSE-SU-2017:1247-1", "SUSE-SU-2017:1277-1", "SUSE-SU-2017:1278-1", "SUSE-SU-2017:1279-1", "SUSE-SU-2017:1280-1", "SUSE-SU-2017:1281-1", "SUSE-SU-2017:1283-1", "SUSE-SU-2017:1287-1", "SUSE-SU-2017:1289-1", "SUSE-SU-2017:1290-1", "SUSE-SU-2017:1291-1", "SUSE-SU-2017:1293-1", "SUSE-SU-2017:1294-1", "SUSE-SU-2017:1295-1", "SUSE-SU-2017:1297-1", "SUSE-SU-2017:1299-1", "SUSE-SU-2017:1300-1", "SUSE-SU-2017:1301-1", "SUSE-SU-2017:1302-1", "SUSE-SU-2017:1303-1", "SUSE-SU-2017:1308-1", "SUSE-SU-2017:1360-1", "SUSE-SU-2017:1613-1", "SUSE-SU-2017:1615-1", "SUSE-SU-2017:1618-1", "SUSE-SU-2017:1628-1", "SUSE-SU-2017:1696-1", "SUSE-SU-2017:1704-1", "SUSE-SU-2017:1706-1", "SUSE-SU-2017:1707-1", "SUSE-SU-2017:1735-1", "SUSE-SU-2017:1853-1", "SUSE-SU-2017:1903-1", "SUSE-SU-2017:1904-1", "SUSE-SU-2017:1905-1", "SUSE-SU-2017:1906-1", "SUSE-SU-2017:1907-1", "SUSE-SU-2017:1908-1", "SUSE-SU-2017:1909-1", "SUSE-SU-2017:1910-1", "SUSE-SU-2017:1912-1", "SUSE-SU-2017:1913-1", "SUSE-SU-2017:1914-1", "SUSE-SU-2017:1915-1", "SUSE-SU-2017:1922-1", "SUSE-SU-2017:1923-1", "SUSE-SU-2017:1924-1", "SUSE-SU-2017:1925-1", "SUSE-SU-2017:1937-1", "SUSE-SU-2017:1939-1", "SUSE-SU-2017:1941-1", "SUSE-SU-2017:1943-1", "SUSE-SU-2017:1944-1", "SUSE-SU-2017:1945-1", "SUSE-SU-2017:1946-1", "SUSE-SU-2017:1990-1", "SUSE-SU-2017:2041-1", "SUSE-SU-2017:2042-1", "SUSE-SU-2017:2043-1", "SUSE-SU-2017:2046-1", "SUSE-SU-2017:2049-1", "SUSE-SU-2017:2060-1", "SUSE-SU-2017:2062-1", "SUSE-SU-2017:2064-1", "SUSE-SU-2017:2065-1", "SUSE-SU-2017:2066-1", "SUSE-SU-2017:2067-1", "SUSE-SU-2017:2069-1", "SUSE-SU-2017:2070-1", "SUSE-SU-2017:2072-1", "SUSE-SU-2017:2074-1", "SUSE-SU-2017:2088-1", "SUSE-SU-2017:2089-1", "SUSE-SU-2017:2090-1", "SUSE-SU-2017:2091-1", "SUSE-SU-2017:2092-1", "SUSE-SU-2017:2094-1", "SUSE-SU-2017:2095-1", "SUSE-SU-2017:2096-1", "SUSE-SU-2017:2098-1", "SUSE-SU-2017:2099-1", "SUSE-SU-2017:2102-1", "SUSE-SU-2017:2103-1", "SUSE-SU-2017:2114-1", "SUSE-SU-2017:2286-1", "SUSE-SU-2017:2389-1", "SUSE-SU-2017:2447-1", "SUSE-SU-2017:2448-1", "SUSE-SU-2017:2475-1", "SUSE-SU-2017:2476-1", "SUSE-SU-2017:2497-1", "SUSE-SU-2017:2525-1", "SUSE-SU-2017:2775-1", "SUSE-SU-2017:2791-1", "SUSE-SU-2017:2869-1", "SUSE-SU-2017:2908-1", "SUSE-SU-2017:2920-1", "SUSE-SU-2017:2956-1", "SUSE-SU-2017:3398-1", "SUSE-SU-2017:3410-1", "SUSE-SU-2018:0213-1"]}, {"type": "symantec", "idList": ["SMNTC-1404"]}, {"type": "thn", "idList": ["THN:11E7CC33794D9968747131F3F0AE8716", "THN:72D5C1EE790D99032F95F4A094E36BD6", "THN:FA88848EF7446185D7481A0AB338ACA7"]}, {"type": "threatpost", "idList": ["THREATPOST:178E0668804E2DA1322D2C1DCF6CA893", "THREATPOST:1EFFF77A39E186D173F6DF0D1259D4DE", "THREATPOST:54E7457360B9B4CFC6843F7B3E0C5367", "THREATPOST:EED8FDF6683A87D839082F0F1529E0D3"]}, {"type": "ubuntu", "idList": ["USN-2965-1", "USN-2965-2", "USN-2965-3", "USN-2965-4", "USN-2968-1", "USN-2968-2", "USN-2969-1", "USN-2970-1", "USN-2971-1", "USN-2971-2", "USN-2971-3", "USN-2996-1", "USN-2997-1", "USN-3016-1", "USN-3016-2", "USN-3016-3", "USN-3016-4", "USN-3017-1", "USN-3017-2", "USN-3017-3", "USN-3018-1", "USN-3018-2", "USN-3019-1", "USN-3020-1", "USN-3049-1", "USN-3050-1", "USN-3051-1", "USN-3052-1", "USN-3053-1", "USN-3054-1", "USN-3055-1", "USN-3056-1", "USN-3057-1", "USN-3126-1", "USN-3126-2", "USN-3127-1", "USN-3127-2", "USN-3206-1", "USN-3207-1", "USN-3207-2", "USN-3208-1", "USN-3208-2", "USN-3209-1", "USN-3218-1", "USN-3219-1", "USN-3219-2", "USN-3220-1", "USN-3220-2", "USN-3220-3", "USN-3221-1", "USN-3221-2", "USN-3248-1", "USN-3249-1", "USN-3249-2", "USN-3250-1", "USN-3250-2", "USN-3251-1", "USN-3251-2", "USN-3256-1", "USN-3256-2", "USN-3264-1", "USN-3264-2", "USN-3265-1", "USN-3265-2", "USN-3266-1", "USN-3266-2", "USN-3291-1", "USN-3291-2", "USN-3291-3", "USN-3293-1", "USN-3312-1", "USN-3312-2", "USN-3314-1", "USN-3324-1", "USN-3325-1", "USN-3326-1", "USN-3327-1", "USN-3328-1", "USN-3329-1", "USN-3330-1", "USN-3331-1", "USN-3332-1", "USN-3333-1", "USN-3334-1", "USN-3335-1", "USN-3335-2", "USN-3338-1", "USN-3338-2", "USN-3342-1", "USN-3342-2", "USN-3343-1", "USN-3343-2", "USN-3344-1", "USN-3344-2", "USN-3345-1", "USN-3358-1", "USN-3359-1", "USN-3360-1", "USN-3360-2", "USN-3361-1", "USN-3364-1", "USN-3364-2", "USN-3364-3", "USN-3371-1", "USN-3377-1", "USN-3377-2", "USN-3378-1", "USN-3378-2", "USN-3381-1", "USN-3381-2", "USN-3392-1", "USN-3392-2", "USN-3404-1", "USN-3404-2", "USN-3405-1", "USN-3405-2", "USN-3406-1", "USN-3406-2", "USN-3422-1", "USN-3422-2", "USN-3468-1", "USN-3468-2", "USN-3468-3", "USN-3470-1", "USN-3470-2", "USN-3583-1", "USN-3583-2", "USN-3754-1", "USN-3849-1", "USN-3849-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-9922", "UB:CVE-2015-3288", "UB:CVE-2015-8970", "UB:CVE-2016-10200", "UB:CVE-2016-2188", "UB:CVE-2016-4997", "UB:CVE-2016-4998", "UB:CVE-2016-5243", "UB:CVE-2016-7117", "UB:CVE-2017-1000363", "UB:CVE-2017-1000364", "UB:CVE-2017-1000365", "UB:CVE-2017-1000371", "UB:CVE-2017-1000380", "UB:CVE-2017-11176", "UB:CVE-2017-11473", "UB:CVE-2017-2636", "UB:CVE-2017-2647", "UB:CVE-2017-2671", "UB:CVE-2017-5669", "UB:CVE-2017-5970", "UB:CVE-2017-5986", "UB:CVE-2017-6074", "UB:CVE-2017-6214", "UB:CVE-2017-6348", "UB:CVE-2017-6353", "UB:CVE-2017-6951", "UB:CVE-2017-7184", "UB:CVE-2017-7187", "UB:CVE-2017-7261", "UB:CVE-2017-7294", "UB:CVE-2017-7308", "UB:CVE-2017-7482", "UB:CVE-2017-7487", "UB:CVE-2017-7533", "UB:CVE-2017-7542", "UB:CVE-2017-7616", "UB:CVE-2017-8890", "UB:CVE-2017-8924", "UB:CVE-2017-8925", "UB:CVE-2017-9074", "UB:CVE-2017-9075", "UB:CVE-2017-9076", "UB:CVE-2017-9077", "UB:CVE-2017-9242"]}, {"type": "virtuozzo", "idList": ["VZA-2017-010", "VZA-2017-016", "VZA-2017-017", "VZA-2017-019", "VZA-2017-021", "VZA-2017-024", "VZA-2017-025", "VZA-2017-026", "VZA-2017-027", "VZA-2017-028", "VZA-2017-029", "VZA-2017-032", "VZA-2017-042", "VZA-2017-043", "VZA-2017-044", "VZA-2017-045", "VZA-2017-046", "VZA-2017-047", "VZA-2017-054", "VZA-2017-055", "VZA-2017-056", "VZA-2017-059", "VZA-2017-060", "VZA-2017-061", "VZA-2017-065", "VZA-2017-067", "VZA-2017-068", "VZA-2017-069", "VZA-2017-070", "VZA-2017-075", "VZA-2017-076", "VZA-2017-077", "VZA-2017-078", "VZA-2017-079", "VZA-2018-040", "VZA-2018-041", "VZA-2018-072", "VZA-2018-074", "VZA-2018-075"]}, {"type": "zdi", "idList": ["ZDI-17-240"]}, {"type": "zdt", "idList": ["1337DAY-ID-24860", "1337DAY-ID-25880", "1337DAY-ID-26412", "1337DAY-ID-27133", "1337DAY-ID-27134", "1337DAY-ID-27761", "1337DAY-ID-27914", "1337DAY-ID-30013", "1337DAY-ID-30376", "1337DAY-ID-31273", "1337DAY-ID-33035"]}]}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2017-811", "ALAS-2017-814", "ALAS-2017-828", "ALAS-2017-845", "ALAS-2017-846", "ALAS-2017-868", "ALAS-2017-870"]}, {"type": "android", "idList": ["ANDROID:CVE-2015-3288", "ANDROID:CVE-2016-10200", "ANDROID:CVE-2017-8890"]}, {"type": "androidsecurity", "idList": ["ANDROID:2017-09-01", "ANDROID:2017-10-01", "ANDROID:2017-11-01"]}, {"type": "archlinux", "idList": ["ASA-201702-17", "ASA-201703-6", "ASA-201703-7", "ASA-201703-8", "ASA-201706-28", "ASA-201706-31"]}, {"type": "avleonov", "idList": ["AVLEONOV:258C4C7C6D4C10965793FFCDA8860939"]}, {"type": "canvas", "idList": ["OVERLAYFS"]}, {"type": "centos", "idList": ["CESA-2017:0293", "CESA-2017:0294", "CESA-2017:0323", "CESA-2017:0933", "CESA-2017:1372", "CESA-2017:1484", "CESA-2017:1486", "CESA-2017:1615", "CESA-2017:2473", "CESA-2018:0169"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:18773E2EBFCA95CBB12CDED52A4EFFCC", "CFOUNDRY:2DD582EFE729277C37B69440AE62247E", "CFOUNDRY:45D171A4CABD3B2EED5D1C76F5C7F3F2", "CFOUNDRY:4A4E5BB1A59DD906E5D792B48A62CB13", "CFOUNDRY:4DDC563CC4B682CD1D8A3F51374BC77A", "CFOUNDRY:59BA3F002F833C86F9D716E2A3575DCB", "CFOUNDRY:5EEA2226D4FCA4D50B918305E55569E8", "CFOUNDRY:CAC337307F043175ACEEE3B0FD0416FF", "CFOUNDRY:DFAB11FD33D131C30AACDE9F4864FC0F", "CFOUNDRY:EC22D7C9EDB0A72523F94F026F02A4D4"]}, {"type": "cve", "idList": ["CVE-2014-9922", "CVE-2015-3288", "CVE-2015-8970", "CVE-2016-10200", "CVE-2016-2188", "CVE-2016-4998", "CVE-2016-5243", "CVE-2017-1000363", "CVE-2017-11176", "CVE-2017-11473", "CVE-2017-2636", "CVE-2017-2647", "CVE-2017-2671", "CVE-2017-5669", "CVE-2017-5970", "CVE-2017-5986", "CVE-2017-6074", "CVE-2017-6214", "CVE-2017-6348", "CVE-2017-6353", "CVE-2017-6951", "CVE-2017-7184", "CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7294", "CVE-2017-7308", "CVE-2017-7533", "CVE-2017-7542", "CVE-2017-7616", "CVE-2017-8890"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1099-1:57108", "DEBIAN:DLA-1200-1:A0B61", "DEBIAN:DLA-849-1:12807", "DEBIAN:DLA-993-1:71AF5", "DEBIAN:DLA-993-2:8276F", "DEBIAN:DSA-3791-1:AE0FD", "DEBIAN:DSA-3804-1:E7F94", "DEBIAN:DSA-3886-1:F6458", "DEBIAN:DSA-3886-2:AC7E4", "DEBIAN:DSA-3927-1:A186E", "DEBIAN:DSA-3945-1:532A6", "DEBIAN:DSA-3981-1:0F636"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-9922", "DEBIANCVE:CVE-2015-3288", "DEBIANCVE:CVE-2015-8970", "DEBIANCVE:CVE-2016-10200", "DEBIANCVE:CVE-2016-2188", "DEBIANCVE:CVE-2016-4997", "DEBIANCVE:CVE-2016-4998", "DEBIANCVE:CVE-2016-5243", "DEBIANCVE:CVE-2016-7117", "DEBIANCVE:CVE-2017-1000363", "DEBIANCVE:CVE-2017-1000364", "DEBIANCVE:CVE-2017-1000365", "DEBIANCVE:CVE-2017-1000380", "DEBIANCVE:CVE-2017-11176", "DEBIANCVE:CVE-2017-11473", "DEBIANCVE:CVE-2017-2636", "DEBIANCVE:CVE-2017-2647", "DEBIANCVE:CVE-2017-2671", "DEBIANCVE:CVE-2017-5669", "DEBIANCVE:CVE-2017-5970", "DEBIANCVE:CVE-2017-5986", "DEBIANCVE:CVE-2017-6074", "DEBIANCVE:CVE-2017-6214", "DEBIANCVE:CVE-2017-6348", "DEBIANCVE:CVE-2017-6353", "DEBIANCVE:CVE-2017-6951", "DEBIANCVE:CVE-2017-7184", "DEBIANCVE:CVE-2017-7187", "DEBIANCVE:CVE-2017-7261", "DEBIANCVE:CVE-2017-7294", "DEBIANCVE:CVE-2017-7308", "DEBIANCVE:CVE-2017-7482", "DEBIANCVE:CVE-2017-7487", "DEBIANCVE:CVE-2017-7533", "DEBIANCVE:CVE-2017-7542", "DEBIANCVE:CVE-2017-7616", "DEBIANCVE:CVE-2017-8890", "DEBIANCVE:CVE-2017-8924", "DEBIANCVE:CVE-2017-8925", "DEBIANCVE:CVE-2017-9074", "DEBIANCVE:CVE-2017-9075", "DEBIANCVE:CVE-2017-9076", "DEBIANCVE:CVE-2017-9077", "DEBIANCVE:CVE-2017-9242"]}, {"type": "exploitdb", "idList": ["EDB-ID:40489", "EDB-ID:41457", "EDB-ID:41458", "EDB-ID:41994", "EDB-ID:44302", "EDB-ID:44654", "EDB-ID:45553", "EDB-ID:45554"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:66230DDA8228F7537211A7F78C05A763"]}, {"type": "f5", "idList": ["F5:K15412203", "F5:K18015201", "F5:K31209433", "F5:K32115847", "F5:K51931024", "F5:K54170502", "F5:K60104355", "F5:K63771715", "F5:K68852819", "F5:K81211720", "F5:K82224417", "F5:K82508682", "F5:K84024430", "F5:K97457339"]}, {"type": "fedora", "idList": ["FEDORA:042FF6294018", "FEDORA:0BAA361AC35C", "FEDORA:1C7E86049D49", "FEDORA:1F466601E823", "FEDORA:274BB60875C4", "FEDORA:2CC39660F53B", "FEDORA:3053760A9C97", "FEDORA:3D3EF633571E", "FEDORA:41D1B604B3B3", "FEDORA:44065605602A", "FEDORA:464D56087B08", "FEDORA:553DD615C92C", "FEDORA:578BF6049496", "FEDORA:5931760652B6", "FEDORA:6435A6076A13", "FEDORA:6437E61257FA", "FEDORA:648496077DD1", "FEDORA:65FAD61713B3", "FEDORA:6F1BC604D0C1", "FEDORA:76A6A60C79DB", "FEDORA:79A0B6175384", "FEDORA:83CF561C31BC", "FEDORA:8C2C4605E539", "FEDORA:8CDBE6067306", "FEDORA:A65EC601F907", "FEDORA:ACCF760419AA", "FEDORA:B60446046988", "FEDORA:B704D609623F", "FEDORA:B872461491E6", "FEDORA:C8F1260321CA", "FEDORA:D953C601BFE1", "FEDORA:F02346079D15"]}, {"type": "githubexploit", "idList": ["F235C897-C385-56AB-B58E-500B01C27538"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:9B79D262B5DA61A7E11F5134B546BA63"]}, {"type": "hackerone", "idList": ["H1:347282"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20170802-01-LINUX"]}, {"type": "ibm", "idList": ["A0B3473150234C639FE6AF0F0A832767753836E0C7B4AA5A710ED063FB7AD779"]}, {"type": "ics", "idList": ["ICSA-21-280-02"]}, {"type": "kitploit", "idList": ["KITPLOIT:4462385753504235463"]}, {"type": "lenovo", "idList": ["LENOVO:PS500107-NOSID", "LENOVO:PS500144-NOSID"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/LINUX/LOCAL/AF_PACKET_PACKET_SET_RING_PRIV_ESC"]}, {"type": "myhack58", "idList": ["MYHACK58:62201783679", "MYHACK58:62201783692", "MYHACK58:62201785788"]}, {"type": "nessus", "idList": ["ALA_ALAS-2017-811.NASL", "ALA_ALAS-2017-814.NASL", "ALA_ALAS-2017-828.NASL", "ALA_ALAS-2017-868.NASL", "ALA_ALAS-2017-870.NASL", "CENTOS_RHSA-2017-0293.NASL", "CENTOS_RHSA-2017-0294.NASL", "CENTOS_RHSA-2017-0323.NASL", "CENTOS_RHSA-2017-0933.NASL", "CENTOS_RHSA-2017-2473.NASL", "DEBIAN_DLA-849.NASL", "DEBIAN_DSA-3791.NASL", "DEBIAN_DSA-3804.NASL", "DEBIAN_DSA-3927.NASL", "DEBIAN_DSA-3945.NASL", "EULEROS_SA-2017-1056.NASL", "EULEROS_SA-2017-1057.NASL", "EULEROS_SA-2017-1066.NASL", "EULEROS_SA-2017-1071.NASL", "EULEROS_SA-2017-1072.NASL", "EULEROS_SA-2017-1122.NASL", "EULEROS_SA-2017-1123.NASL", "F5_BIGIP_SOL18015201.NASL", "F5_BIGIP_SOL60104355.NASL", "F5_BIGIP_SOL68852819.NASL", "F5_BIGIP_SOL82224417.NASL", "FEDORA_2016-3DAF782DFA.NASL", "FEDORA_2016-73A733F4D9.NASL", "FEDORA_2016-80EDB9D511.NASL", "FEDORA_2016-E0F3FCD7DF.NASL", "FEDORA_2017-0054C7B1F0.NASL", "FEDORA_2017-02174DF32F.NASL", "FEDORA_2017-26C9ECD7A4.NASL", "FEDORA_2017-2E1F3694B2.NASL", "FEDORA_2017-3456BA4C93.NASL", "FEDORA_2017-387FF46A66.NASL", "FEDORA_2017-39B5FACDA0.NASL", "FEDORA_2017-3A9EC92DD6.NASL", "FEDORA_2017-4B9F61C68D.NASL", "FEDORA_2017-502CF68D68.NASL", "FEDORA_2017-544EEF948F.NASL", "FEDORA_2017-73F71456D7.NASL", "FEDORA_2017-787BC0D5B4.NASL", "FEDORA_2017-8E7549FB91.NASL", "FEDORA_2017-92D84F68CF.NASL", "FEDORA_2017-93DEC9EBA5.NASL", "FEDORA_2017-98548B066B.NASL", "FEDORA_2017-ADC7D95627.NASL", "FEDORA_2017-D3ED702FE4.NASL", "FEDORA_2017-DEB70B495E.NASL", "FEDORA_2017-F519EBB3C4.NASL", "FEDORA_2017-FB89CA752A.NASL", "FIREEYE_OS_EX_801.NASL", "MCAFEE_WEB_GATEWAY_SB10205.NASL", "NEWSTART_CGSL_NS-SA-2019-0143_KERNEL.NASL", "OPENSUSE-2017-286.NASL", "OPENSUSE-2017-287.NASL", "OPENSUSE-2017-562.NASL", "OPENSUSE-2017-798.NASL", "OPENSUSE-2017-890.NASL", "OPENSUSE-2017-891.NASL", "ORACLELINUX_ELSA-2017-0293.NASL", "ORACLELINUX_ELSA-2017-0294.NASL", "ORACLELINUX_ELSA-2017-0323.NASL", "ORACLELINUX_ELSA-2017-0933-1.NASL", "ORACLELINUX_ELSA-2017-0933.NASL", "ORACLELINUX_ELSA-2017-2473-1.NASL", "ORACLELINUX_ELSA-2017-2473.NASL", "ORACLELINUX_ELSA-2017-3520.NASL", "ORACLELINUX_ELSA-2017-3521.NASL", "ORACLELINUX_ELSA-2017-3522.NASL", "ORACLELINUX_ELSA-2017-3592.NASL", "ORACLELINUX_ELSA-2017-3595.NASL", "ORACLELINUX_ELSA-2017-3605.NASL", "ORACLELINUX_ELSA-2017-3606.NASL", "ORACLELINUX_ELSA-2017-3607.NASL", "ORACLELINUX_ELSA-2018-0169.NASL", "ORACLELINUX_ELSA-2018-4040.NASL", "ORACLELINUX_ELSA-2018-4041.NASL", "ORACLEVM_OVMSA-2017-0044.NASL", "ORACLEVM_OVMSA-2017-0045.NASL", "ORACLEVM_OVMSA-2017-0046.NASL", "ORACLEVM_OVMSA-2017-0121.NASL", "ORACLEVM_OVMSA-2017-0126.NASL", "ORACLEVM_OVMSA-2017-0143.NASL", "ORACLEVM_OVMSA-2017-0144.NASL", "ORACLEVM_OVMSA-2018-0015.NASL", "REDHAT-RHSA-2017-0293.NASL", "REDHAT-RHSA-2017-0294.NASL", "REDHAT-RHSA-2017-0295.NASL", "REDHAT-RHSA-2017-0316.NASL", "REDHAT-RHSA-2017-0323.NASL", "REDHAT-RHSA-2017-0324.NASL", "REDHAT-RHSA-2017-0345.NASL", "REDHAT-RHSA-2017-0346.NASL", "REDHAT-RHSA-2017-0347.NASL", "REDHAT-RHSA-2017-0365.NASL", "REDHAT-RHSA-2017-0366.NASL", "REDHAT-RHSA-2017-0403.NASL", "REDHAT-RHSA-2017-0501.NASL", "REDHAT-RHSA-2017-0931.NASL", "REDHAT-RHSA-2017-0932.NASL", "REDHAT-RHSA-2017-0933.NASL", "REDHAT-RHSA-2017-0986.NASL", "REDHAT-RHSA-2017-1125.NASL", "REDHAT-RHSA-2017-1126.NASL", "REDHAT-RHSA-2017-2437.NASL", "REDHAT-RHSA-2017-2444.NASL", "REDHAT-RHSA-2017-2473.NASL", "REDHAT-RHSA-2017-2869.NASL", "REDHAT-RHSA-2018-0169.NASL", "REDHAT-RHSA-2019-0641.NASL", "SLACKWARE_SSA_2017-181-02.NASL", "SLACKWARE_SSA_2017-184-01.NASL", "SL_20170222_KERNEL_ON_SL6_X.NASL", "SL_20170222_KERNEL_ON_SL7_X.NASL", "SL_20170224_KERNEL_ON_SL5_X.NASL", "SL_20170412_KERNEL_ON_SL7_X.NASL", "SL_20170815_KERNEL_ON_SL7_X.NASL", "SL_20180125_KERNEL_ON_SL6_X.NASL", "SUSE_SU-2017-0517-1.NASL", "SUSE_SU-2017-0769-1.NASL", "SUSE_SU-2017-0770-1.NASL", "SUSE_SU-2017-0771-1.NASL", "SUSE_SU-2017-0772-1.NASL", "SUSE_SU-2017-0780-1.NASL", "SUSE_SU-2017-0864-1.NASL", "SUSE_SU-2017-0865-1.NASL", "SUSE_SU-2017-0866-1.NASL", "SUSE_SU-2017-0873-1.NASL", "SUSE_SU-2017-0875-1.NASL", "SUSE_SU-2017-0876-1.NASL", "SUSE_SU-2017-0880-1.NASL", "SUSE_SU-2017-0881-1.NASL", "SUSE_SU-2017-0888-1.NASL", "SUSE_SU-2017-0889-1.NASL", "SUSE_SU-2017-0912-1.NASL", "SUSE_SU-2017-0913-1.NASL", "SUSE_SU-2017-1853-1.NASL", "SUSE_SU-2017-1905-1.NASL", "SUSE_SU-2017-1906-1.NASL", "SUSE_SU-2017-1909-1.NASL", "SUSE_SU-2017-1910-1.NASL", "SUSE_SU-2017-1912-1.NASL", "SUSE_SU-2017-1915-1.NASL", "SUSE_SU-2017-1922-1.NASL", "SUSE_SU-2017-1924-1.NASL", "SUSE_SU-2017-1937-1.NASL", "SUSE_SU-2017-1939-1.NASL", "SUSE_SU-2017-1941-1.NASL", "SUSE_SU-2017-1942-1.NASL", "SUSE_SU-2017-1943-1.NASL", "SUSE_SU-2017-1944-1.NASL", "SUSE_SU-2017-1945-1.NASL", "SUSE_SU-2017-1946-1.NASL", "SUSE_SU-2017-2041-1.NASL", "SUSE_SU-2017-2042-1.NASL", "SUSE_SU-2017-2049-1.NASL", "SUSE_SU-2017-2060-1.NASL", "SUSE_SU-2017-2061-1.NASL", "SUSE_SU-2017-2072-1.NASL", "SUSE_SU-2017-2073-1.NASL", "SUSE_SU-2017-2074-1.NASL", "SUSE_SU-2017-2088-1.NASL", "SUSE_SU-2017-2089-1.NASL", "SUSE_SU-2017-2090-1.NASL", "SUSE_SU-2017-2091-1.NASL", "SUSE_SU-2017-2092-1.NASL", "SUSE_SU-2017-2093-1.NASL", "SUSE_SU-2017-2094-1.NASL", "SUSE_SU-2017-2095-1.NASL", "SUSE_SU-2017-2096-1.NASL", "SUSE_SU-2017-2098-1.NASL", "SUSE_SU-2017-2099-1.NASL", "SUSE_SU-2017-2100-1.NASL", "SUSE_SU-2017-2102-1.NASL", "SUSE_SU-2017-2103-1.NASL", "UBUNTU_USN-3208-1.NASL", "UBUNTU_USN-3208-2.NASL", "UBUNTU_USN-3209-1.NASL", "UBUNTU_USN-3218-1.NASL", "UBUNTU_USN-3219-1.NASL", "UBUNTU_USN-3219-2.NASL", "UBUNTU_USN-3220-1.NASL", "UBUNTU_USN-3220-2.NASL", "UBUNTU_USN-3220-3.NASL", "UBUNTU_USN-3221-1.NASL", "UBUNTU_USN-3221-2.NASL", "UBUNTU_USN-3248-1.NASL", "UBUNTU_USN-3249-1.NASL", "UBUNTU_USN-3249-2.NASL", "UBUNTU_USN-3250-1.NASL", "UBUNTU_USN-3250-2.NASL", "UBUNTU_USN-3251-1.NASL", "UBUNTU_USN-3251-2.NASL", "UBUNTU_USN-3256-1.NASL", "UBUNTU_USN-3256-2.NASL", "UBUNTU_USN-3264-1.NASL", "UBUNTU_USN-3264-2.NASL", "UBUNTU_USN-3265-1.NASL", "UBUNTU_USN-3265-2.NASL", "UBUNTU_USN-3266-1.NASL", "UBUNTU_USN-3266-2.NASL", "UBUNTU_USN-3377-1.NASL", "UBUNTU_USN-3377-2.NASL", "UBUNTU_USN-3378-1.NASL", "UBUNTU_USN-3378-2.NASL", "UBUNTU_USN-3381-1.NASL", "UBUNTU_USN-3392-1.NASL", "UBUNTU_USN-3392-2.NASL", "UBUNTU_USN-3583-1.NASL", "VIRTUOZZO_VZA-2017-010.NASL", "VIRTUOZZO_VZA-2017-019.NASL", "VIRTUOZZO_VZA-2017-021.NASL", "VIRTUOZZO_VZA-2017-026.NASL", "VIRTUOZZO_VZA-2017-027.NASL", "VIRTUOZZO_VZA-2017-028.NASL", "VIRTUOZZO_VZA-2017-029.NASL", "VIRTUOZZO_VZA-2017-032.NASL", "VIRTUOZZO_VZA-2017-061.NASL", "VIRTUOZZO_VZA-2017-065.NASL", "VIRTUOZZO_VZA-2017-067.NASL", "VIRTUOZZO_VZA-2017-068.NASL", "VIRTUOZZO_VZA-2017-069.NASL", "VIRTUOZZO_VZA-2017-070.NASL", "VIRTUOZZO_VZLSA-2017-0293.NASL", "VIRTUOZZO_VZLSA-2017-0294.NASL", "VIRTUOZZO_VZLSA-2017-0323.NASL", "VIRTUOZZO_VZLSA-2017-0933.NASL", "VIRTUOZZO_VZLSA-2017-1372.NASL", "VIRTUOZZO_VZLSA-2017-1484.NASL", "VIRTUOZZO_VZLSA-2017-1486.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310140260", "OPENVAS:1361412562310703927", "OPENVAS:1361412562310811258", "OPENVAS:1361412562310843060", "OPENVAS:1361412562310843061", "OPENVAS:1361412562310843062", "OPENVAS:1361412562310843075", "OPENVAS:1361412562310843076", "OPENVAS:1361412562310843077", "OPENVAS:1361412562310843078", "OPENVAS:1361412562310843079", "OPENVAS:1361412562310843081", "OPENVAS:1361412562310843082", "OPENVAS:1361412562310843083", "OPENVAS:1361412562310843114", "OPENVAS:1361412562310843115", "OPENVAS:1361412562310843116", "OPENVAS:1361412562310843117", "OPENVAS:1361412562310843119", "OPENVAS:1361412562310843120", "OPENVAS:1361412562310843121", "OPENVAS:1361412562310843127", "OPENVAS:1361412562310843128", "OPENVAS:1361412562310843137", "OPENVAS:1361412562310843138", "OPENVAS:1361412562310843139", "OPENVAS:1361412562310843140", "OPENVAS:1361412562310843141", "OPENVAS:1361412562310843142", "OPENVAS:1361412562310843164", "OPENVAS:1361412562310843165", "OPENVAS:1361412562310843175", "OPENVAS:1361412562310843176", "OPENVAS:1361412562310843198", "OPENVAS:1361412562310843209", "OPENVAS:1361412562310843210", "OPENVAS:1361412562310843211", "OPENVAS:1361412562310843212", "OPENVAS:1361412562310843213", "OPENVAS:1361412562310843215", "OPENVAS:1361412562310843216", "OPENVAS:1361412562310843217", "OPENVAS:1361412562310843218", "OPENVAS:1361412562310843220", "OPENVAS:1361412562310843221", "OPENVAS:1361412562310843222", "OPENVAS:1361412562310843228", "OPENVAS:1361412562310843229", "OPENVAS:1361412562310843231", "OPENVAS:1361412562310843232", "OPENVAS:1361412562310843233", "OPENVAS:1361412562310843234", "OPENVAS:1361412562310843461", "OPENVAS:1361412562310851515", "OPENVAS:1361412562310851516", "OPENVAS:1361412562310851548", "OPENVAS:1361412562310851566", "OPENVAS:1361412562310851571", "OPENVAS:1361412562310851573", "OPENVAS:1361412562310851578", "OPENVAS:1361412562310871761", "OPENVAS:1361412562310871762", "OPENVAS:1361412562310871765", "OPENVAS:1361412562310871796", "OPENVAS:1361412562310871827", "OPENVAS:1361412562310871832", "OPENVAS:1361412562310871833", "OPENVAS:1361412562310871838", "OPENVAS:1361412562310872383", "OPENVAS:1361412562310872391", "OPENVAS:1361412562310872392", "OPENVAS:1361412562310872418", "OPENVAS:1361412562310872419", "OPENVAS:1361412562310872473", "OPENVAS:1361412562310872476", "OPENVAS:1361412562310872547", "OPENVAS:1361412562310872548", "OPENVAS:1361412562310872568", "OPENVAS:1361412562310872569", "OPENVAS:1361412562310872575", "OPENVAS:1361412562310872578", "OPENVAS:1361412562310872696", "OPENVAS:1361412562310872700", "OPENVAS:1361412562310872708", "OPENVAS:1361412562310872720", "OPENVAS:1361412562310872729", "OPENVAS:1361412562310872761", "OPENVAS:1361412562310872785", "OPENVAS:1361412562310872788", "OPENVAS:1361412562310872902", "OPENVAS:1361412562310873079", "OPENVAS:1361412562310873160", "OPENVAS:1361412562310874619", "OPENVAS:1361412562310882664", "OPENVAS:1361412562310882665", "OPENVAS:1361412562310882668", "OPENVAS:1361412562310882674", "OPENVAS:1361412562310882694", "OPENVAS:1361412562310882728", "OPENVAS:1361412562310882735", "OPENVAS:1361412562310882738", "OPENVAS:1361412562310882747", "OPENVAS:1361412562310882840", "OPENVAS:1361412562310890993", "OPENVAS:1361412562310891099", "OPENVAS:1361412562311220191535", "OPENVAS:703791", "OPENVAS:703804", "OPENVAS:703886"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-0293", "ELSA-2017-0294", "ELSA-2017-0294-1", "ELSA-2017-0323", "ELSA-2017-0323-1", "ELSA-2017-0933", "ELSA-2017-0933-1", "ELSA-2017-1723", "ELSA-2017-2473", "ELSA-2017-2473-1", "ELSA-2017-3520", "ELSA-2017-3521", "ELSA-2017-3522", "ELSA-2017-3592", "ELSA-2017-3595", "ELSA-2017-3605", "ELSA-2017-3606", "ELSA-2017-3607", "ELSA-2018-0169", "ELSA-2018-4021", "ELSA-2018-4040", "ELSA-2018-4041"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:141331", "PACKETSTORM:141339", "PACKETSTORM:149804"]}, {"type": "photon", "idList": ["PHSA-2017-0014", "PHSA-2017-0018", "PHSA-2017-0019", "PHSA-2017-0025", "PHSA-2017-0028", "PHSA-2017-0029", "PHSA-2017-0031", "PHSA-2017-0035", "PHSA-2017-0038", "PHSA-2017-0041", "PHSA-2017-0044", "PHSA-2017-0052", "PHSA-2018-2.0-0101"]}, {"type": "ptsecurity", "idList": ["PT-2017-06"]}, {"type": "redhat", "idList": ["RHSA-2017:0293", "RHSA-2017:0294", "RHSA-2017:0316", "RHSA-2017:0323", "RHSA-2017:0324", "RHSA-2017:0345", "RHSA-2017:0346", "RHSA-2017:0365", "RHSA-2017:0366", "RHSA-2017:0403", "RHSA-2017:0931", "RHSA-2017:0932", "RHSA-2017:0986", "RHSA-2017:1125", "RHSA-2017:2444", "RHSA-2017:2869", "RHSA-2018:0169", "RHSA-2020:3836"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-10200", "RH:CVE-2017-1000363", "RH:CVE-2017-1000365", "RH:CVE-2017-1000366", "RH:CVE-2017-1000380", "RH:CVE-2017-11176", "RH:CVE-2017-11473", "RH:CVE-2017-2636", "RH:CVE-2017-2647", "RH:CVE-2017-2671", "RH:CVE-2017-5669", "RH:CVE-2017-5970", "RH:CVE-2017-5986", "RH:CVE-2017-6214", "RH:CVE-2017-6348", "RH:CVE-2017-6353", "RH:CVE-2017-6951", "RH:CVE-2017-7184", "RH:CVE-2017-7187", "RH:CVE-2017-7261", "RH:CVE-2017-7294", "RH:CVE-2017-7308", "RH:CVE-2017-7482", "RH:CVE-2017-7487", "RH:CVE-2017-7533", "RH:CVE-2017-7542", "RH:CVE-2017-7616", "RH:CVE-2017-8890", "RH:CVE-2017-8924", "RH:CVE-2017-8925", "RH:CVE-2017-9074", "RH:CVE-2017-9075", "RH:CVE-2017-9076", "RH:CVE-2017-9077", "RH:CVE-2017-9242"]}, {"type": "seebug", "idList": ["SSV:92700", "SSV:92861", "SSV:93094", "SSV:93140", "SSV:93143", "SSV:93207"]}, {"type": "slackware", "idList": ["SSA-2017-177-01", "SSA-2017-180-01", "SSA-2017-181-02", "SSA-2017-184-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:0541-1", "OPENSUSE-SU-2017:0547-1", "OPENSUSE-SU-2017:1215-1", "OPENSUSE-SU-2017:2110-1", "OPENSUSE-SU-2017:2112-1", "SUSE-SU-2017:0517-1", "SUSE-SU-2017:0759-1", "SUSE-SU-2017:0760-1", "SUSE-SU-2017:0762-1", "SUSE-SU-2017:0763-1", "SUSE-SU-2017:0764-1", "SUSE-SU-2017:0766-1", "SUSE-SU-2017:0767-1", "SUSE-SU-2017:0768-1", "SUSE-SU-2017:0769-1", "SUSE-SU-2017:0770-1", "SUSE-SU-2017:0771-1", "SUSE-SU-2017:0772-1", "SUSE-SU-2017:0773-1", "SUSE-SU-2017:0774-1", "SUSE-SU-2017:0775-1", "SUSE-SU-2017:0776-1", "SUSE-SU-2017:0777-1", "SUSE-SU-2017:0778-1", "SUSE-SU-2017:0779-1", "SUSE-SU-2017:0780-1", "SUSE-SU-2017:0781-1", "SUSE-SU-2017:0786-1", "SUSE-SU-2017:0864-1", "SUSE-SU-2017:0865-1", "SUSE-SU-2017:0866-1", "SUSE-SU-2017:0867-1", "SUSE-SU-2017:0868-1", "SUSE-SU-2017:0873-1", "SUSE-SU-2017:0875-1", "SUSE-SU-2017:0876-1", "SUSE-SU-2017:0877-1", "SUSE-SU-2017:0878-1", "SUSE-SU-2017:0880-1", "SUSE-SU-2017:0881-1", "SUSE-SU-2017:0882-1", "SUSE-SU-2017:0884-1", "SUSE-SU-2017:0885-1", "SUSE-SU-2017:0886-1", "SUSE-SU-2017:0887-1", "SUSE-SU-2017:0888-1", "SUSE-SU-2017:0912-1", "SUSE-SU-2017:0913-1", "SUSE-SU-2017:1059-1", "SUSE-SU-2017:1064-1", "SUSE-SU-2017:1903-1", "SUSE-SU-2017:1904-1", "SUSE-SU-2017:1905-1", "SUSE-SU-2017:1906-1", "SUSE-SU-2017:1907-1", "SUSE-SU-2017:1908-1", "SUSE-SU-2017:1909-1", "SUSE-SU-2017:1910-1", "SUSE-SU-2017:1912-1", "SUSE-SU-2017:1913-1", "SUSE-SU-2017:1914-1", "SUSE-SU-2017:1915-1", "SUSE-SU-2017:1922-1", "SUSE-SU-2017:1923-1", "SUSE-SU-2017:1924-1", "SUSE-SU-2017:1925-1", "SUSE-SU-2017:1937-1", "SUSE-SU-2017:1939-1", "SUSE-SU-2017:1941-1", "SUSE-SU-2017:1943-1", "SUSE-SU-2017:1944-1", "SUSE-SU-2017:1945-1", "SUSE-SU-2017:1946-1", "SUSE-SU-2017:2041-1", "SUSE-SU-2017:2042-1", "SUSE-SU-2017:2043-1", "SUSE-SU-2017:2046-1", "SUSE-SU-2017:2049-1", "SUSE-SU-2017:2060-1", "SUSE-SU-2017:2062-1", "SUSE-SU-2017:2064-1", "SUSE-SU-2017:2065-1", "SUSE-SU-2017:2066-1", "SUSE-SU-2017:2067-1", "SUSE-SU-2017:2069-1", "SUSE-SU-2017:2070-1", "SUSE-SU-2017:2072-1", "SUSE-SU-2017:2074-1", "SUSE-SU-2017:2088-1", "SUSE-SU-2017:2089-1", "SUSE-SU-2017:2090-1", "SUSE-SU-2017:2091-1", "SUSE-SU-2017:2092-1", "SUSE-SU-2017:2094-1", "SUSE-SU-2017:2095-1", "SUSE-SU-2017:2096-1", "SUSE-SU-2017:2098-1", "SUSE-SU-2017:2099-1", "SUSE-SU-2017:2102-1", "SUSE-SU-2017:2103-1", "SUSE-SU-2017:2114-1", "SUSE-SU-2018:0213-1"]}, {"type": "symantec", "idList": ["SMNTC-1404"]}, {"type": "thn", "idList": ["THN:11E7CC33794D9968747131F3F0AE8716", "THN:72D5C1EE790D99032F95F4A094E36BD6", "THN:FA88848EF7446185D7481A0AB338ACA7"]}, {"type": "threatpost", "idList": ["THREATPOST:54E7457360B9B4CFC6843F7B3E0C5367"]}, {"type": "ubuntu", "idList": ["USN-2968-1", "USN-2968-2", "USN-2970-1", "USN-2971-1", "USN-2971-2", "USN-2971-3", "USN-3017-2", "USN-3056-1", "USN-3208-2", "USN-3209-1", "USN-3219-1", "USN-3220-1", "USN-3220-2", "USN-3221-2", "USN-3256-1", "USN-3256-2", "USN-3264-1", "USN-3264-2", "USN-3265-2", "USN-3266-2", "USN-3291-1", "USN-3291-3", "USN-3314-1", "USN-3324-1", "USN-3328-1", "USN-3329-1", "USN-3333-1", "USN-3334-1", "USN-3335-1", "USN-3342-1", "USN-3343-2", "USN-3378-2", "USN-3381-1", "USN-3381-2", "USN-3405-2", "USN-3468-1", "USN-3470-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-9922", "UB:CVE-2015-3288", "UB:CVE-2015-8970", "UB:CVE-2016-10200", "UB:CVE-2017-1000363", "UB:CVE-2017-1000364", "UB:CVE-2017-1000365", "UB:CVE-2017-1000380", "UB:CVE-2017-11176", "UB:CVE-2017-11473", "UB:CVE-2017-2636", "UB:CVE-2017-2647", "UB:CVE-2017-2671", "UB:CVE-2017-5669", "UB:CVE-2017-5970", "UB:CVE-2017-5986", "UB:CVE-2017-6074", "UB:CVE-2017-6214", "UB:CVE-2017-6348", "UB:CVE-2017-6353", "UB:CVE-2017-6951", "UB:CVE-2017-7184", "UB:CVE-2017-7187", "UB:CVE-2017-7261", "UB:CVE-2017-7294", "UB:CVE-2017-7308", "UB:CVE-2017-7482", "UB:CVE-2017-7487", "UB:CVE-2017-7533", "UB:CVE-2017-7542", "UB:CVE-2017-7616", "UB:CVE-2017-8890", "UB:CVE-2017-8924", "UB:CVE-2017-8925", "UB:CVE-2017-9074", "UB:CVE-2017-9075", "UB:CVE-2017-9076", "UB:CVE-2017-9077", "UB:CVE-2017-9242"]}, {"type": "virtuozzo", "idList": ["VZA-2017-010", "VZA-2017-016", "VZA-2017-019", "VZA-2017-021", "VZA-2017-026", "VZA-2017-027", "VZA-2017-028", "VZA-2017-029", "VZA-2017-032", "VZA-2017-042", "VZA-2017-043", "VZA-2017-044", "VZA-2017-045", "VZA-2017-046", "VZA-2017-047", "VZA-2017-054", "VZA-2017-055", "VZA-2017-056", "VZA-2017-059", "VZA-2017-060", "VZA-2017-061", "VZA-2017-065", "VZA-2017-067", "VZA-2017-068", "VZA-2017-069", "VZA-2017-070", "VZA-2017-075", "VZA-2017-076", "VZA-2017-077", "VZA-2017-078", "VZA-2017-079", "VZA-2018-072", "VZA-2018-074", "VZA-2018-075"]}, {"type": "zdi", "idList": ["ZDI-17-240"]}, {"type": "zdt", "idList": ["1337DAY-ID-24860", "1337DAY-ID-27133", "1337DAY-ID-30376", "1337DAY-ID-31273"]}]}, "exploitation": null, "vulnersScore": 3.9}, "affectedPackage": [{"arch": "x86_64", "packageName": "kernel-rt_trace-base", "operator": "lt", "OS": "SUSE Linux Enterprise Real Time Extension", "packageFilename": "kernel-rt_trace-base-3.0.101.rt130-69.5.1.x86_64.rpm", "packageVersion": "3.0.101.rt130-69.5.1", "OSVersion": "11.4"}, {"arch": "x86_64", "packageName": "kernel-rt_trace-devel", "operator": "lt", "OS": "SUSE Linux Enterprise Real Time Extension", "packageFilename": "kernel-rt_trace-devel-3.0.101.rt130-69.5.1.x86_64.rpm", "packageVersion": "3.0.101.rt130-69.5.1", "OSVersion": "11.4"}, {"arch": "x86_64", "packageName": "kernel-rt_debug-debuginfo", "operator": "lt", "OS": "SUSE Linux Enterprise Debuginfo", "packageFilename": "kernel-rt_debug-debuginfo-3.0.101.rt130-69.5.1.x86_64.rpm", "packageVersion": "3.0.101.rt130-69.5.1", "OSVersion": "11.4"}, {"arch": "x86_64", "packageName": "kernel-rt-debuginfo", "operator": "lt", "OS": "SUSE Linux Enterprise Debuginfo", "packageFilename": "kernel-rt-debuginfo-3.0.101.rt130-69.5.1.x86_64.rpm", "packageVersion": "3.0.101.rt130-69.5.1", "OSVersion": "11.4"}, {"arch": "x86_64", "packageName": "kernel-syms-rt", "operator": "lt", "OS": "SUSE Linux Enterprise Real Time Extension", "packageFilename": "kernel-syms-rt-3.0.101.rt130-69.5.1.x86_64.rpm", "packageVersion": "3.0.101.rt130-69.5.1", "OSVersion": "11.4"}, {"arch": "x86_64", "packageName": "kernel-rt_trace", "operator": "lt", "OS": "SUSE Linux Enterprise Real Time Extension", "packageFilename": "kernel-rt_trace-3.0.101.rt130-69.5.1.x86_64.rpm", "packageVersion": "3.0.101.rt130-69.5.1", "OSVersion": "11.4"}, {"arch": "x86_64", "packageName": "kernel-rt-base", "operator": "lt", "OS": "SUSE Linux Enterprise Real Time Extension", "packageFilename": "kernel-rt-base-3.0.101.rt130-69.5.1.x86_64.rpm", "packageVersion": "3.0.101.rt130-69.5.1", "OSVersion": "11.4"}, {"arch": "x86_64", "packageName": "kernel-rt-devel", "operator": "lt", "OS": "SUSE Linux Enterprise Real Time Extension", "packageFilename": "kernel-rt-devel-3.0.101.rt130-69.5.1.x86_64.rpm", "packageVersion": "3.0.101.rt130-69.5.1", "OSVersion": "11.4"}, {"arch": "x86_64", "packageName": "kernel-source-rt", "operator": "lt", "OS": "SUSE Linux Enterprise Real Time Extension", "packageFilename": "kernel-source-rt-3.0.101.rt130-69.5.1.x86_64.rpm", "packageVersion": "3.0.101.rt130-69.5.1", "OSVersion": "11.4"}, {"arch": "x86_64", "packageName": "kernel-rt-debugsource", "operator": "lt", "OS": "SUSE Linux Enterprise Debuginfo", "packageFilename": "kernel-rt-debugsource-3.0.101.rt130-69.5.1.x86_64.rpm", "packageVersion": "3.0.101.rt130-69.5.1", "OSVersion": "11.4"}, {"arch": "x86_64", "packageName": "kernel-rt_debug-debugsource", "operator": "lt", "OS": "SUSE Linux Enterprise Debuginfo", "packageFilename": "kernel-rt_debug-debugsource-3.0.101.rt130-69.5.1.x86_64.rpm", "packageVersion": "3.0.101.rt130-69.5.1", "OSVersion": "11.4"}, {"arch": "x86_64", "packageName": "kernel-rt_trace-debuginfo", "operator": "lt", "OS": "SUSE Linux Enterprise Debuginfo", "packageFilename": "kernel-rt_trace-debuginfo-3.0.101.rt130-69.5.1.x86_64.rpm", "packageVersion": "3.0.101.rt130-69.5.1", "OSVersion": "11.4"}, {"arch": "x86_64", "packageName": "kernel-rt_trace-debugsource", "operator": "lt", "OS": "SUSE Linux Enterprise Debuginfo", "packageFilename": "kernel-rt_trace-debugsource-3.0.101.rt130-69.5.1.x86_64.rpm", "packageVersion": "3.0.101.rt130-69.5.1", "OSVersion": "11.4"}, {"arch": "x86_64", "packageName": "kernel-rt", "operator": "lt", "OS": "SUSE Linux Enterprise Real Time Extension", "packageFilename": "kernel-rt-3.0.101.rt130-69.5.1.x86_64.rpm", "packageVersion": "3.0.101.rt130-69.5.1", "OSVersion": "11.4"}], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1660004461, "score": 1659977468}, "_internal": {"score_hash": "afe7627739a19d44588183f7a9097ce7"}}
{"nessus": [{"lastseen": "2023-01-11T14:34:31", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2017-7482: Several missing length checks ticket decode allowing for information leak or potentially code execution (bsc#1046107).\n\n - CVE-2016-10277: Potential privilege escalation due to a missing bounds check in the lp driver. A kernel command-line adversary can overflow the parport_nr array to execute code (bsc#1039456).\n\n - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bsc#1049882).\n\n - CVE-2017-7533: Bug in inotify code allowing privilege escalation (bsc#1049483).\n\n - CVE-2017-11176: The mq_notify function in the Linux kernel did not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allowed attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact (bsc#1048275).\n\n - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603).\n\n - CVE-2017-1000365: The Linux Kernel imposed a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation. (bnc#1039354)\n\n - CVE-2014-9922: The eCryptfs subsystem in the Linux kernel allowed local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c (bnc#1032340)\n\n - CVE-2017-8924: The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow (bnc#1038982).\n\n - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel allowed local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling (bnc#1038981).\n\n - CVE-2017-1000380: sound/core/timer.c was vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents could have bene disclosed when a read and an ioctl happen at the same time (bnc#1044125)\n\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c was too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bnc#1041431)\n\n - CVE-2017-1000363: A buffer overflow in kernel commandline handling of the 'lp' parameter could be used by local console attackers to bypass certain secure boot settings. (bnc#1039456)\n\n - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885)\n\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069)\n\n - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883)\n\n - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel did not consider that the nexthdr field may be associated with an invalid option, which allowed local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls (bnc#1039882)\n\n - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel mishandled reference counts, which allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface (bnc#1038879)\n\n - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bnc#1038544)\n\n - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c (bnc#1030593)\n\n - CVE-2017-6951: The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the 'dead' type (bnc#1029850)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-11T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2017:2389-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9922", "CVE-2016-10277", "CVE-2017-1000363", "CVE-2017-1000365", "CVE-2017-1000380", "CVE-2017-11176", "CVE-2017-11473", "CVE-2017-2647", "CVE-2017-6951", "CVE-2017-7482", "CVE-2017-7487", "CVE-2017-7533", "CVE-2017-7542", "CVE-2017-8890", "CVE-2017-8924", "CVE-2017-8925", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-2389-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103110", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2389-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103110);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9922\", \"CVE-2016-10277\", \"CVE-2017-1000363\", \"CVE-2017-1000365\", \"CVE-2017-1000380\", \"CVE-2017-11176\", \"CVE-2017-11473\", \"CVE-2017-2647\", \"CVE-2017-6951\", \"CVE-2017-7482\", \"CVE-2017-7487\", \"CVE-2017-7533\", \"CVE-2017-7542\", \"CVE-2017-8890\", \"CVE-2017-8924\", \"CVE-2017-8925\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2017:2389-1) (Stack Clash)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\nsecurity and bugfixes. The following security bugs were fixed :\n\n - CVE-2017-7482: Several missing length checks ticket\n decode allowing for information leak or potentially code\n execution (bsc#1046107).\n\n - CVE-2016-10277: Potential privilege escalation due to a\n missing bounds check in the lp driver. A kernel\n command-line adversary can overflow the parport_nr array\n to execute code (bsc#1039456).\n\n - CVE-2017-7542: The ip6_find_1stfragopt function in\n net/ipv6/output_core.c in the Linux kernel allowed local\n users to cause a denial of service (integer overflow and\n infinite loop) by leveraging the ability to open a raw\n socket (bsc#1049882).\n\n - CVE-2017-7533: Bug in inotify code allowing privilege\n escalation (bsc#1049483).\n\n - CVE-2017-11176: The mq_notify function in the Linux\n kernel did not set the sock pointer to NULL upon entry\n into the retry logic. During a user-space close of a\n Netlink socket, it allowed attackers to cause a denial\n of service (use-after-free) or possibly have unspecified\n other impact (bsc#1048275).\n\n - CVE-2017-11473: Buffer overflow in the\n mp_override_legacy_irq() function in\n arch/x86/kernel/acpi/boot.c in the Linux kernel allowed\n local users to gain privileges via a crafted ACPI table\n (bnc#1049603).\n\n - CVE-2017-1000365: The Linux Kernel imposed a size\n restriction on the arguments and environmental strings\n passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the\n size), but did not take the argument and environment\n pointers into account, which allowed attackers to bypass\n this limitation. (bnc#1039354)\n\n - CVE-2014-9922: The eCryptfs subsystem in the Linux\n kernel allowed local users to gain privileges via a\n large filesystem stack that includes an overlayfs layer,\n related to fs/ecryptfs/main.c and fs/overlayfs/super.c\n (bnc#1032340)\n\n - CVE-2017-8924: The edge_bulk_in_callback function in\n drivers/usb/serial/io_ti.c in the Linux kernel allowed\n local users to obtain sensitive information (in the\n dmesg ringbuffer and syslog) from uninitialized kernel\n memory by using a crafted USB device (posing as an io_ti\n USB serial device) to trigger an integer underflow\n (bnc#1038982).\n\n - CVE-2017-8925: The omninet_open function in\n drivers/usb/serial/omninet.c in the Linux kernel allowed\n local users to cause a denial of service (tty\n exhaustion) by leveraging reference count mishandling\n (bnc#1038981).\n\n - CVE-2017-1000380: sound/core/timer.c was vulnerable to a\n data race in the ALSA /dev/snd/timer driver resulting in\n local users being able to read information belonging to\n other users, i.e., uninitialized memory contents could\n have bene disclosed when a read and an ioctl happen at\n the same time (bnc#1044125)\n\n - CVE-2017-9242: The __ip6_append_data function in\n net/ipv6/ip6_output.c was too late in checking whether\n an overwrite of an skb data structure may occur, which\n allowed local users to cause a denial of service (system\n crash) via crafted system calls (bnc#1041431)\n\n - CVE-2017-1000363: A buffer overflow in kernel\n commandline handling of the 'lp' parameter could be used\n by local console attackers to bypass certain secure boot\n settings. (bnc#1039456)\n\n - CVE-2017-9076: The dccp_v6_request_recv_sock function in\n net/dccp/ipv6.c in the Linux kernel mishandled\n inheritance, which allowed local users to cause a denial\n of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890\n (bnc#1039885)\n\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in\n net/ipv6/tcp_ipv6.c in the Linux kernel mishandled\n inheritance, which allowed local users to cause a denial\n of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890\n (bnc#1040069)\n\n - CVE-2017-9075: The sctp_v6_create_accept_sk function in\n net/sctp/ipv6.c in the Linux kernel mishandled\n inheritance, which allowed local users to cause a denial\n of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890\n (bnc#1039883)\n\n - CVE-2017-9074: The IPv6 fragmentation implementation in\n the Linux kernel did not consider that the nexthdr field\n may be associated with an invalid option, which allowed\n local users to cause a denial of service (out-of-bounds\n read and BUG) or possibly have unspecified other impact\n via crafted socket and send system calls (bnc#1039882)\n\n - CVE-2017-7487: The ipxitf_ioctl function in\n net/ipx/af_ipx.c in the Linux kernel mishandled\n reference counts, which allowed local users to cause a\n denial of service (use-after-free) or possibly have\n unspecified other impact via a failed SIOCGIFADDR ioctl\n call for an IPX interface (bnc#1038879)\n\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel\n allowed attackers to cause a denial of service (double\n free) or possibly have unspecified other impact by\n leveraging use of the accept system call (bnc#1038544)\n\n - CVE-2017-2647: The KEYS subsystem in the Linux kernel\n allowed local users to gain privileges or cause a denial\n of service (NULL pointer dereference and system crash)\n via vectors involving a NULL value for a certain match\n field, related to the keyring_search_iterator function\n in keyring.c (bnc#1030593)\n\n - CVE-2017-6951: The keyring_search_aux function in\n security/keys/keyring.c in the Linux kernel allowed\n local users to cause a denial of service (NULL pointer\n dereference and OOPS) via a request_key system call for\n the 'dead' type (bnc#1029850)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036056\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036288\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043935\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044230\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045525\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047027\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051515\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=784815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=792863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=799133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=909618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=919382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=928138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=948562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=962257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=972891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=990682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=995542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9922/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10277/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000363/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000365/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000380/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11176/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11473/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2647/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6951/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7482/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7487/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7533/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7542/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8890/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8924/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8925/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9074/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9075/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9076/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9077/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9242/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172389-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d921ed6a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-kernel-13274=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-kernel-13274=1\n\nSUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch\nslexsp3-kernel-13274=1\n\nSUSE Linux Enterprise Real Time Extension 11-SP4:zypper in -t patch\nslertesp4-kernel-13274=1\n\nSUSE Linux Enterprise High Availability Extension 11-SP4:zypper in -t\npatch slehasp4-kernel-13274=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-kernel-13274=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-base-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-devel-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-source-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-syms-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-base-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-devel-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-108.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-108.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:14:46", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Notable new features :\n\n - Toleration of newer crypto hardware for z Systems\n\n - USB 2.0 Link power management for Haswell-ULT The following security bugs were fixed :\n\n - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579)\n\n - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel was too late in obtaining a certain lock and consequently could not ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003)\n\n - CVE-2017-7184: The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size data after an XFRM_MSG_NEWAE update, which allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability (bsc#1030573).\n\n - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1024938).\n\n - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bsc#1033336).\n\n - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440)\n\n - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052)\n\n - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213)\n\n - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178)\n\n - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914)\n\n - CVE-2015-3288: mm/memory.c in the Linux kernel mishandled anonymous pages, which allowed local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero (bsc#979021).\n\n - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415)\n\n - CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212)\n\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application (bnc#1027066)\n\n - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722)\n\n - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024)\n\n - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bsc#1025235)\n\n - CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not verify that a setkey operation has been performed on an AF_ALG socket an accept system call is processed, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c (bsc#1008374).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-16T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2017:1301-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3288", "CVE-2015-8970", "CVE-2016-10200", "CVE-2016-5243", "CVE-2017-2671", "CVE-2017-5669", "CVE-2017-5970", "CVE-2017-5986", "CVE-2017-6074", "CVE-2017-6214", "CVE-2017-6348", "CVE-2017-6353", "CVE-2017-7184", "CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7294", "CVE-2017-7308", "CVE-2017-7616"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-1301-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100214", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1301-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100214);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-3288\", \"CVE-2015-8970\", \"CVE-2016-10200\", \"CVE-2016-5243\", \"CVE-2017-2671\", \"CVE-2017-5669\", \"CVE-2017-5970\", \"CVE-2017-5986\", \"CVE-2017-6074\", \"CVE-2017-6214\", \"CVE-2017-6348\", \"CVE-2017-6353\", \"CVE-2017-7184\", \"CVE-2017-7187\", \"CVE-2017-7261\", \"CVE-2017-7294\", \"CVE-2017-7308\", \"CVE-2017-7616\");\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2017:1301-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\nsecurity and bugfixes. Notable new features :\n\n - Toleration of newer crypto hardware for z Systems\n\n - USB 2.0 Link power management for Haswell-ULT The\n following security bugs were fixed :\n\n - CVE-2017-7308: The packet_set_ring function in\n net/packet/af_packet.c in the Linux kernel did not\n properly validate certain block-size data, which allowed\n local users to cause a denial of service (overflow) or\n possibly have unspecified other impact via crafted\n system calls (bnc#1031579)\n\n - CVE-2017-2671: The ping_unhash function in\n net/ipv4/ping.c in the Linux kernel was too late in\n obtaining a certain lock and consequently could not\n ensure that disconnect function calls are safe, which\n allowed local users to cause a denial of service (panic)\n by leveraging access to the protocol value of\n IPPROTO_ICMP in a socket system call (bnc#1031003)\n\n - CVE-2017-7184: The xfrm_replay_verify_len function in\n net/xfrm/xfrm_user.c in the Linux kernel did not\n validate certain size data after an XFRM_MSG_NEWAE\n update, which allowed local users to obtain root\n privileges or cause a denial of service (heap-based\n out-of-bounds access) by leveraging the CAP_NET_ADMIN\n capability (bsc#1030573).\n\n - CVE-2017-5970: The ipv4_pktinfo_prepare function in\n net/ipv4/ip_sockglue.c in the Linux kernel allowed\n attackers to cause a denial of service (system crash)\n via (1) an application that made crafted system calls or\n possibly (2) IPv4 traffic with invalid IP options\n (bsc#1024938).\n\n - CVE-2017-7616: Incorrect error handling in the\n set_mempolicy and mbind compat syscalls in\n mm/mempolicy.c in the Linux kernel allowed local users\n to obtain sensitive information from uninitialized stack\n data by triggering failure of a certain bitmap operation\n (bsc#1033336).\n\n - CVE-2017-7294: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux\n kernel did not validate addition of certain levels data,\n which allowed local users to trigger an integer overflow\n and out-of-bounds write, and cause a denial of service\n (system hang or crash) or possibly gain privileges, via\n a crafted ioctl call for a /dev/dri/renderD* device\n (bnc#1031440)\n\n - CVE-2017-7261: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux\n kernel did not check for a zero value of certain levels\n data, which allowed local users to cause a denial of\n service (ZERO_SIZE_PTR dereference, and GPF and possibly\n panic) via a crafted ioctl call for a /dev/dri/renderD*\n device (bnc#1031052)\n\n - CVE-2017-7187: The sg_ioctl function in\n drivers/scsi/sg.c in the Linux kernel allowed local\n users to cause a denial of service (stack-based buffer\n overflow) or possibly have unspecified other impact via\n a large command size in an SG_NEXT_CMD_LEN ioctl call,\n leading to out-of-bounds write access in the sg_write\n function (bnc#1030213)\n\n - CVE-2017-6348: The hashbin_delete function in\n net/irda/irqueue.c in the Linux kernel improperly\n managed lock dropping, which allowed local users to\n cause a denial of service (deadlock) via crafted\n operations on IrDA devices (bnc#1027178)\n\n - CVE-2017-5669: The do_shmat function in ipc/shm.c in the\n Linux kernel did not restrict the address calculated by\n a certain rounding operation, which allowed local users\n to map page zero, and consequently bypass a protection\n mechanism that exists for the mmap system call, by\n making crafted shmget and shmat system calls in a\n privileged context (bnc#1026914)\n\n - CVE-2015-3288: mm/memory.c in the Linux kernel\n mishandled anonymous pages, which allowed local users to\n gain privileges or cause a denial of service (page\n tainting) via a crafted application that triggers\n writing to page zero (bsc#979021).\n\n - CVE-2016-10200: Race condition in the L2TPv3 IP\n Encapsulation feature in the Linux kernel allowed local\n users to gain privileges or cause a denial of service\n (use-after-free) by making multiple bind system calls\n without properly ascertaining whether a socket has the\n SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and\n net/l2tp/l2tp_ip6.c (bnc#1028415)\n\n - CVE-2016-5243: The tipc_nl_compat_link_dump function in\n net/tipc/netlink_compat.c in the Linux kernel did not\n properly copy a certain string, which allowed local\n users to obtain sensitive information from kernel stack\n memory by reading a Netlink message (bnc#983212)\n\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did\n not properly restrict association peel-off operations\n during certain wait states, which allowed local users to\n cause a denial of service (invalid unlock and double\n free) via a multithreaded application (bnc#1027066)\n\n - CVE-2017-6214: The tcp_splice_read function in\n net/ipv4/tcp.c in the Linux kernel allowed remote\n attackers to cause a denial of service (infinite loop\n and soft lockup) via vectors involving a TCP packet with\n the URG flag (bnc#1026722)\n\n - CVE-2017-6074: The dccp_rcv_state_process function in\n net/dccp/input.c in the Linux kernel mishandled\n DCCP_PKT_REQUEST packet data structures in the LISTEN\n state, which allowed local users to obtain root\n privileges or cause a denial of service (double free)\n via an application that made an IPV6_RECVPKTINFO\n setsockopt system call (bnc#1026024)\n\n - CVE-2017-5986: Race condition in the\n sctp_wait_for_sndbuf function in net/sctp/socket.c in\n the Linux kernel allowed local users to cause a denial\n of service (assertion failure and panic) via a\n multithreaded application that peels off an association\n in a certain buffer-full state (bsc#1025235)\n\n - CVE-2015-8970: crypto/algif_skcipher.c in the Linux\n kernel did not verify that a setkey operation has been\n performed on an AF_ALG socket an accept system call is\n processed, which allowed local users to cause a denial\n of service (NULL pointer dereference and system crash)\n via a crafted application that does not supply a key,\n related to the lrw_crypt function in crypto/lrw.c\n (bsc#1008374).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1018263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1018446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020229\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1025235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1025702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033771\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=909486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=911105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931620\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=982783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=988065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989056\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=995542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3288/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8970/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10200/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5243/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2671/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5669/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5970/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5986/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6074/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6214/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6348/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6353/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7184/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7187/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7261/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7294/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7308/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7616/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171301-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bed1dddf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-linux-kernel-13105=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-linux-kernel-13105=1\n\nSUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch\nslexsp3-linux-kernel-13105=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-linux-kernel-13105=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET packet_set_ring Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-100.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-100.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-100.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-100.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-100.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-100.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-100.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-100.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-100.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-100.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-3.0.101-100.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-base-3.0.101-100.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-devel-3.0.101-100.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-source-3.0.101-100.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-syms-3.0.101-100.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-3.0.101-100.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-base-3.0.101-100.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-devel-3.0.101-100.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-100.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-100.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-100.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-100.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-100.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-100.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-100.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-100.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-100.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-20T15:09:46", "description": "The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212)\n\n - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415)\n\n - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c (bsc#1030593).\n\n - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel was too late in obtaining a certain lock and consequently could not ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003)\n\n - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914)\n\n - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1024938)\n\n - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bsc#1025235)\n\n - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024)\n\n - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722)\n\n - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178)\n\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066)\n\n - CVE-2017-6951: The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the 'dead' type (bsc#1029850).\n\n - CVE-2017-7184: The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size data after an XFRM_MSG_NEWAE update, which allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability (bsc#1030573)\n\n - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213)\n\n - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052)\n\n - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440)\n\n - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579)\n\n - CVE-2017-7482: Several missing length checks ticket decode allowing for information leak or potentially code execution (bsc#1046107).\n\n - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel mishandled reference counts, which allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface (bsc#1038879).\n\n - CVE-2017-7533: Race condition in the fsnotify implementation in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions (bnc#1049483 1050677 ).\n\n - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bnc#1049882).\n\n - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bsc#1033336)\n\n - CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a 'double fetch' vulnerability. This requires a malicious PCI Card.\n (bnc#1037994).\n\n - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038544).\n\n - CVE-2017-8924: The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow (bnc#1037182).\n\n - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel allowed local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling (bnc#1038981).\n\n - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel did not consider that the nexthdr field may be associated with an invalid option, which allowed local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls (bnc#1039882).\n\n - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1039883).\n\n - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885).\n\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1040069).\n\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel was too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bnc#1041431).\n\n - CVE-2017-10661: Race condition in fs/timerfd.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bnc#1053152).\n\n - CVE-2017-11176: The mq_notify function in the Linux kernel did not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allowed attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact (bnc#1048275).\n\n - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603).\n\n - CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. (bnc#1053148).\n\n - CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588).\n\n - CVE-2017-1000112: Fixed a race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bsc#1052311).\n\n - CVE-2017-1000363: Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary could have overflowed the parport_nr array in the following code (bnc#1039456).\n\n - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation (bnc#1039354).\n\n - CVE-2017-1000380: sound/core/timer.c in the Linux kernel was vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time (bnc#1044125).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-20T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2017:2525-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10200", "CVE-2016-5243", "CVE-2017-1000112", "CVE-2017-1000363", "CVE-2017-1000365", "CVE-2017-1000380", "CVE-2017-10661", "CVE-2017-11176", "CVE-2017-11473", "CVE-2017-12762", "CVE-2017-14051", "CVE-2017-2647", "CVE-2017-2671", "CVE-2017-5669", "CVE-2017-5970", "CVE-2017-5986", "CVE-2017-6074", "CVE-2017-6214", "CVE-2017-6348", "CVE-2017-6353", "CVE-2017-6951", "CVE-2017-7184", "CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7294", "CVE-2017-7308", "CVE-2017-7482", "CVE-2017-7487", "CVE-2017-7533", "CVE-2017-7542", "CVE-2017-7616", "CVE-2017-8831", "CVE-2017-8890", "CVE-2017-8924", "CVE-2017-8925", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-bigsmp", "p-cpe:/a:novell:suse_linux:kernel-bigsmp-base", "p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-2525-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103354", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2525-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103354);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-10200\", \"CVE-2016-5243\", \"CVE-2017-1000112\", \"CVE-2017-1000363\", \"CVE-2017-1000365\", \"CVE-2017-1000380\", \"CVE-2017-10661\", \"CVE-2017-11176\", \"CVE-2017-11473\", \"CVE-2017-12762\", \"CVE-2017-14051\", \"CVE-2017-2647\", \"CVE-2017-2671\", \"CVE-2017-5669\", \"CVE-2017-5970\", \"CVE-2017-5986\", \"CVE-2017-6074\", \"CVE-2017-6214\", \"CVE-2017-6348\", \"CVE-2017-6353\", \"CVE-2017-6951\", \"CVE-2017-7184\", \"CVE-2017-7187\", \"CVE-2017-7261\", \"CVE-2017-7294\", \"CVE-2017-7308\", \"CVE-2017-7482\", \"CVE-2017-7487\", \"CVE-2017-7533\", \"CVE-2017-7542\", \"CVE-2017-7616\", \"CVE-2017-8831\", \"CVE-2017-8890\", \"CVE-2017-8924\", \"CVE-2017-8925\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2017:2525-1) (Stack Clash)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated receive\nvarious security and bugfixes. The following security bugs were \nfixed :\n\n - CVE-2016-5243: The tipc_nl_compat_link_dump function in\n net/tipc/netlink_compat.c in the Linux kernel did not\n properly copy a certain string, which allowed local\n users to obtain sensitive information from kernel stack\n memory by reading a Netlink message (bnc#983212)\n\n - CVE-2016-10200: Race condition in the L2TPv3 IP\n Encapsulation feature in the Linux kernel allowed local\n users to gain privileges or cause a denial of service\n (use-after-free) by making multiple bind system calls\n without properly ascertaining whether a socket has the\n SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and\n net/l2tp/l2tp_ip6.c (bnc#1028415)\n\n - CVE-2017-2647: The KEYS subsystem in the Linux kernel\n allowed local users to gain privileges or cause a denial\n of service (NULL pointer dereference and system crash)\n via vectors involving a NULL value for a certain match\n field, related to the keyring_search_iterator function\n in keyring.c (bsc#1030593).\n\n - CVE-2017-2671: The ping_unhash function in\n net/ipv4/ping.c in the Linux kernel was too late in\n obtaining a certain lock and consequently could not\n ensure that disconnect function calls are safe, which\n allowed local users to cause a denial of service (panic)\n by leveraging access to the protocol value of\n IPPROTO_ICMP in a socket system call (bnc#1031003)\n\n - CVE-2017-5669: The do_shmat function in ipc/shm.c in the\n Linux kernel did not restrict the address calculated by\n a certain rounding operation, which allowed local users\n to map page zero, and consequently bypass a protection\n mechanism that exists for the mmap system call, by\n making crafted shmget and shmat system calls in a\n privileged context (bnc#1026914)\n\n - CVE-2017-5970: The ipv4_pktinfo_prepare function in\n net/ipv4/ip_sockglue.c in the Linux kernel allowed\n attackers to cause a denial of service (system crash)\n via (1) an application that made crafted system calls or\n possibly (2) IPv4 traffic with invalid IP options\n (bsc#1024938)\n\n - CVE-2017-5986: Race condition in the\n sctp_wait_for_sndbuf function in net/sctp/socket.c in\n the Linux kernel allowed local users to cause a denial\n of service (assertion failure and panic) via a\n multithreaded application that peels off an association\n in a certain buffer-full state (bsc#1025235)\n\n - CVE-2017-6074: The dccp_rcv_state_process function in\n net/dccp/input.c in the Linux kernel mishandled\n DCCP_PKT_REQUEST packet data structures in the LISTEN\n state, which allowed local users to obtain root\n privileges or cause a denial of service (double free)\n via an application that made an IPV6_RECVPKTINFO\n setsockopt system call (bnc#1026024)\n\n - CVE-2017-6214: The tcp_splice_read function in\n net/ipv4/tcp.c in the Linux kernel allowed remote\n attackers to cause a denial of service (infinite loop\n and soft lockup) via vectors involving a TCP packet with\n the URG flag (bnc#1026722)\n\n - CVE-2017-6348: The hashbin_delete function in\n net/irda/irqueue.c in the Linux kernel improperly\n managed lock dropping, which allowed local users to\n cause a denial of service (deadlock) via crafted\n operations on IrDA devices (bnc#1027178)\n\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did\n not properly restrict association peel-off operations\n during certain wait states, which allowed local users to\n cause a denial of service (invalid unlock and double\n free) via a multithreaded application. NOTE: this\n vulnerability exists because of an incorrect fix for\n CVE-2017-5986 (bnc#1027066)\n\n - CVE-2017-6951: The keyring_search_aux function in\n security/keys/keyring.c in the Linux kernel allowed\n local users to cause a denial of service (NULL pointer\n dereference and OOPS) via a request_key system call for\n the 'dead' type (bsc#1029850).\n\n - CVE-2017-7184: The xfrm_replay_verify_len function in\n net/xfrm/xfrm_user.c in the Linux kernel did not\n validate certain size data after an XFRM_MSG_NEWAE\n update, which allowed local users to obtain root\n privileges or cause a denial of service (heap-based\n out-of-bounds access) by leveraging the CAP_NET_ADMIN\n capability (bsc#1030573)\n\n - CVE-2017-7187: The sg_ioctl function in\n drivers/scsi/sg.c in the Linux kernel allowed local\n users to cause a denial of service (stack-based buffer\n overflow) or possibly have unspecified other impact via\n a large command size in an SG_NEXT_CMD_LEN ioctl call,\n leading to out-of-bounds write access in the sg_write\n function (bnc#1030213)\n\n - CVE-2017-7261: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux\n kernel did not check for a zero value of certain levels\n data, which allowed local users to cause a denial of\n service (ZERO_SIZE_PTR dereference, and GPF and possibly\n panic) via a crafted ioctl call for a /dev/dri/renderD*\n device (bnc#1031052)\n\n - CVE-2017-7294: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux\n kernel did not validate addition of certain levels data,\n which allowed local users to trigger an integer overflow\n and out-of-bounds write, and cause a denial of service\n (system hang or crash) or possibly gain privileges, via\n a crafted ioctl call for a /dev/dri/renderD* device\n (bnc#1031440)\n\n - CVE-2017-7308: The packet_set_ring function in\n net/packet/af_packet.c in the Linux kernel did not\n properly validate certain block-size data, which allowed\n local users to cause a denial of service (overflow) or\n possibly have unspecified other impact via crafted\n system calls (bnc#1031579)\n\n - CVE-2017-7482: Several missing length checks ticket\n decode allowing for information leak or potentially code\n execution (bsc#1046107).\n\n - CVE-2017-7487: The ipxitf_ioctl function in\n net/ipx/af_ipx.c in the Linux kernel mishandled\n reference counts, which allowed local users to cause a\n denial of service (use-after-free) or possibly have\n unspecified other impact via a failed SIOCGIFADDR ioctl\n call for an IPX interface (bsc#1038879).\n\n - CVE-2017-7533: Race condition in the fsnotify\n implementation in the Linux kernel allowed local users\n to gain privileges or cause a denial of service (memory\n corruption) via a crafted application that leverages\n simultaneous execution of the inotify_handle_event and\n vfs_rename functions (bnc#1049483 1050677 ).\n\n - CVE-2017-7542: The ip6_find_1stfragopt function in\n net/ipv6/output_core.c in the Linux kernel allowed local\n users to cause a denial of service (integer overflow and\n infinite loop) by leveraging the ability to open a raw\n socket (bnc#1049882).\n\n - CVE-2017-7616: Incorrect error handling in the\n set_mempolicy and mbind compat syscalls in\n mm/mempolicy.c in the Linux kernel allowed local users\n to obtain sensitive information from uninitialized stack\n data by triggering failure of a certain bitmap operation\n (bsc#1033336)\n\n - CVE-2017-8831: The saa7164_bus_get function in\n drivers/media/pci/saa7164/saa7164-bus.c in the Linux\n kernel allowed local users to cause a denial of service\n (out-of-bounds array access) or possibly have\n unspecified other impact by changing a certain\n sequence-number value, aka a 'double fetch'\n vulnerability. This requires a malicious PCI Card.\n (bnc#1037994).\n\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel\n allowed attackers to cause a denial of service (double\n free) or possibly have unspecified other impact by\n leveraging use of the accept system call (bsc#1038544).\n\n - CVE-2017-8924: The edge_bulk_in_callback function in\n drivers/usb/serial/io_ti.c in the Linux kernel allowed\n local users to obtain sensitive information (in the\n dmesg ringbuffer and syslog) from uninitialized kernel\n memory by using a crafted USB device (posing as an io_ti\n USB serial device) to trigger an integer underflow\n (bnc#1037182).\n\n - CVE-2017-8925: The omninet_open function in\n drivers/usb/serial/omninet.c in the Linux kernel allowed\n local users to cause a denial of service (tty\n exhaustion) by leveraging reference count mishandling\n (bnc#1038981).\n\n - CVE-2017-9074: The IPv6 fragmentation implementation in\n the Linux kernel did not consider that the nexthdr field\n may be associated with an invalid option, which allowed\n local users to cause a denial of service (out-of-bounds\n read and BUG) or possibly have unspecified other impact\n via crafted socket and send system calls (bnc#1039882).\n\n - CVE-2017-9075: The sctp_v6_create_accept_sk function in\n net/sctp/ipv6.c in the Linux kernel mishandled\n inheritance, which allowed local users to cause a denial\n of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890\n (bsc#1039883).\n\n - CVE-2017-9076: The dccp_v6_request_recv_sock function in\n net/dccp/ipv6.c in the Linux kernel mishandled\n inheritance, which allowed local users to cause a denial\n of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890\n (bnc#1039885).\n\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in\n net/ipv6/tcp_ipv6.c in the Linux kernel mishandled\n inheritance, which allowed local users to cause a denial\n of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890\n (bsc#1040069).\n\n - CVE-2017-9242: The __ip6_append_data function in\n net/ipv6/ip6_output.c in the Linux kernel was too late\n in checking whether an overwrite of an skb data\n structure may occur, which allowed local users to cause\n a denial of service (system crash) via crafted system\n calls (bnc#1041431).\n\n - CVE-2017-10661: Race condition in fs/timerfd.c in the\n Linux kernel allowed local users to gain privileges or\n cause a denial of service (list corruption or\n use-after-free) via simultaneous file-descriptor\n operations that leverage improper might_cancel queueing\n (bnc#1053152).\n\n - CVE-2017-11176: The mq_notify function in the Linux\n kernel did not set the sock pointer to NULL upon entry\n into the retry logic. During a user-space close of a\n Netlink socket, it allowed attackers to cause a denial\n of service (use-after-free) or possibly have unspecified\n other impact (bnc#1048275).\n\n - CVE-2017-11473: Buffer overflow in the\n mp_override_legacy_irq() function in\n arch/x86/kernel/acpi/boot.c in the Linux kernel allowed\n local users to gain privileges via a crafted ACPI table\n (bnc#1049603).\n\n - CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c: A\n user-controlled buffer is copied into a local buffer of\n constant size using strcpy without a length check which\n can cause a buffer overflow. (bnc#1053148).\n\n - CVE-2017-14051: An integer overflow in the\n qla2x00_sysfs_write_optrom_ctl function in\n drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel\n allowed local users to cause a denial of service (memory\n corruption and system crash) by leveraging root access\n (bnc#1056588).\n\n - CVE-2017-1000112: Fixed a race condition in net-packet\n code that could have been exploited by unprivileged\n users to gain root access. (bsc#1052311).\n\n - CVE-2017-1000363: Linux drivers/char/lp.c Out-of-Bounds\n Write. Due to a missing bounds check, and the fact that\n parport_ptr integer is static, a 'secure boot' kernel\n command line adversary could have overflowed the\n parport_nr array in the following code (bnc#1039456).\n\n - CVE-2017-1000365: The Linux Kernel imposes a size\n restriction on the arguments and environmental strings\n passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the\n size), but did not take the argument and environment\n pointers into account, which allowed attackers to bypass\n this limitation (bnc#1039354).\n\n - CVE-2017-1000380: sound/core/timer.c in the Linux kernel\n was vulnerable to a data race in the ALSA /dev/snd/timer\n driver resulting in local users being able to read\n information belonging to other users, i.e.,\n uninitialized memory contents may be disclosed when a\n read and an ioctl happen at the same time (bnc#1044125).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020229\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1025013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1025235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031481\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034838\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042364\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=870618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=948562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=972891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10200/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5243/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000112/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000363/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000365/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000380/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10661/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11176/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11473/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12762/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14051/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2647/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2671/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5669/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5970/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5986/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6074/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6214/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6348/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6353/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6951/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7184/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7187/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7261/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7294/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7308/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7482/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7487/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7533/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7542/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7616/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8831/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8890/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8924/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8925/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9074/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9075/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9076/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9077/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9242/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172525-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0c969444\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-kernel-source-13284=1\n\nSUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch\nslexsp3-kernel-source-13284=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-kernel-source-13284=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-kernel-source-13284=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET packet_set_ring Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-base-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-devel-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-base-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-devel-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-source-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-syms-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-base-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-devel-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-0.47.106.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-0.47.106.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:16:02", "description": "It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux, linux-meta vulnerabilities (USN-3328-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3328-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100926", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3328-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100926);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3328-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux, linux-meta vulnerabilities (USN-3328-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3328-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3328-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-81-generic\", pkgver:\"4.4.0-81.104\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-81-generic-lpae\", pkgver:\"4.4.0-81.104\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-81-lowlatency\", pkgver:\"4.4.0-81.104\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-lts-utopic\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-lts-vivid\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-lts-wily\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-lts-xenial\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lts-utopic\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lts-vivid\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lts-wily\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lts-xenial\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-lts-utopic\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-lts-vivid\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-lts-wily\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-lts-xenial\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual-lts-utopic\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual-lts-vivid\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual-lts-wily\", pkgver:\"4.4.0.81.87\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual-lts-xenial\", pkgver:\"4.4.0.81.87\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:15:38", "description": "It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-gke, linux-meta-gke vulnerabilities (USN-3329-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-gke", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3329-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100927", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3329-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100927);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3329-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-gke, linux-meta-gke vulnerabilities (USN-3329-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3329-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected linux-image-4.4-gke package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3329-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1016-gke\", pkgver:\"4.4.0-1016.16\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-gke\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:15:14", "description": "It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-meta-raspi2, linux-raspi2 vulnerabilities (USN-3332-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3332-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100930", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3332-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100930);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3332-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-meta-raspi2, linux-raspi2 vulnerabilities (USN-3332-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3332-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-4.4-raspi2 and / or linux-image-raspi2\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3332-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1059-raspi2\", pkgver:\"4.4.0-1059.67\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.4.0.1059.60\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-raspi2 / linux-image-raspi2\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:15:25", "description": "It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-aws, linux-meta-aws vulnerabilities (USN-3331-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3331-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100929", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3331-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100929);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3331-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-aws, linux-meta-aws vulnerabilities (USN-3331-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3331-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected linux-image-4.4-aws package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3331-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1020-aws\", pkgver:\"4.4.0-1020.29\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:15:25", "description": "It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-meta-snapdragon, linux-snapdragon vulnerabilities (USN-3330-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3330-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100928", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3330-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100928);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3330-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-meta-snapdragon, linux-snapdragon vulnerabilities (USN-3330-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3330-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-4.4-snapdragon and / or\nlinux-image-snapdragon packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3330-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1061-snapdragon\", pkgver:\"4.4.0-1061.66\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.4.0.1061.54\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-snapdragon / linux-image-snapdragon\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:15:49", "description": "It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-xenial, linux-meta-lts-xenial vulnerabilities (USN-3334-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3334-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100932", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3334-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100932);\n script_version(\"3.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3334-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-xenial, linux-meta-lts-xenial vulnerabilities (USN-3334-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3334-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3334-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-81-generic\", pkgver:\"4.4.0-81.104~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-81-generic-lpae\", pkgver:\"4.4.0-81.104~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-81-lowlatency\", pkgver:\"4.4.0-81.104~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae-lts-xenial\", pkgver:\"4.4.0.81.66\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-xenial\", pkgver:\"4.4.0.81.66\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency-lts-xenial\", pkgver:\"4.4.0.81.66\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-virtual-lts-xenial\", pkgver:\"4.4.0.81.66\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:15:49", "description": "USN 3328-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience.\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)\n\nIt was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-30T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities (USN-3344-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000363", "CVE-2017-7487", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3344-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101154", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3344-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101154);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3344-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities (USN-3344-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN 3328-1 fixed a vulnerability in the Linux kernel. However, that\nfix introduced regressions for some Java applications. This update\naddresses the issue. We apologize for the inconvenience.\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nIt was discovered that a double-free vulnerability existed in the IPv4\nstack of the Linux kernel. An attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was\nperforming its over write consistency check after the data was\nactually overwritten. A local attacker could exploit this flaw to\ncause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3344-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3344-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1018-gke\", pkgver:\"4.4.0-1018.18\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1022-aws\", pkgver:\"4.4.0-1022.31\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1061-raspi2\", pkgver:\"4.4.0-1061.69\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1063-snapdragon\", pkgver:\"4.4.0-1063.68\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-83-generic\", pkgver:\"4.4.0-83.106\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-83-generic-lpae\", pkgver:\"4.4.0-83.106\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-83-lowlatency\", pkgver:\"4.4.0-83.106\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws\", pkgver:\"4.4.0.1022.25\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.83.89\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.4.0.83.89\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gke\", pkgver:\"4.4.0.1018.20\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.83.89\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.4.0.1061.62\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.4.0.1063.56\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws / linux-image-4.4-generic / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:15:14", "description": "USN-3344-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nUSN 3334-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience.\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487)\n\nIt was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-30T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3344-2)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000363", "CVE-2017-7487", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3344-2.NASL", "href": "https://www.tenable.com/plugins/nessus/101155", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3344-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101155);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3344-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3344-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3344-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nUSN 3334-1 fixed a vulnerability in the Linux kernel. However, that\nfix introduced regressions for some Java applications. This update\naddresses the issue. We apologize for the inconvenience.\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA reference count bug was discovered in the Linux kernel ipx protocol\nstack. A local attacker could exploit this flaw to cause a denial of\nservice or possibly other unspecified problems. (CVE-2017-7487)\n\nIt was discovered that a double-free vulnerability existed in the IPv4\nstack of the Linux kernel. An attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was\nperforming its over write consistency check after the data was\nactually overwritten. A local attacker could exploit this flaw to\ncause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3344-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-7487\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3344-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-83-generic\", pkgver:\"4.4.0-83.106~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-83-generic-lpae\", pkgver:\"4.4.0-83.106~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-83-lowlatency\", pkgver:\"4.4.0-83.106~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae-lts-xenial\", pkgver:\"4.4.0.83.68\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-xenial\", pkgver:\"4.4.0.83.68\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency-lts-xenial\", pkgver:\"4.4.0.83.68\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:16:34", "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.74 to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation. (bnc#1039354).\n\n - CVE-2017-1000380: sound/core/timer.c in the Linux kernel is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time (bnc#1044125).\n\n - CVE-2017-7346: The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate certain levels data, which allowed local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031796).\n\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bnc#1041431).\n\n - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885).\n\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069).\n\n - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883).\n\n - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel did not consider that the nexthdr field may be associated with an invalid option, which allowed local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls (bnc#1039882).\n\n - CVE-2017-8924: The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.\n (bsc#1038982)\n\n - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel allowed local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.\n (bsc#1038981)\n\n - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel mishandled reference counts, which allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface (bnc#1038879).\n\n - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bnc#1038544).\n\n - CVE-2017-9150: The do_check function in kernel/bpf/verifier.c in the Linux kernel did not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allowed local users to obtain sensitive address information via crafted bpf system calls (bnc#1040279).\n\n - CVE-2017-7618: crypto/ahash.c in the Linux kernel allowed attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue (bnc#1033340).\n\n - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bnc#1033336).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-07-17T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:1853-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000365", "CVE-2017-1000380", "CVE-2017-7346", "CVE-2017-7487", "CVE-2017-7616", "CVE-2017-7618", "CVE-2017-8890", "CVE-2017-8924", "CVE-2017-8925", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9150", "CVE-2017-9242"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-1853-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101762", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1853-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101762);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-1000365\", \"CVE-2017-1000380\", \"CVE-2017-7346\", \"CVE-2017-7487\", \"CVE-2017-7616\", \"CVE-2017-7618\", \"CVE-2017-8890\", \"CVE-2017-8924\", \"CVE-2017-8925\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9150\", \"CVE-2017-9242\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:1853-1) (Stack Clash)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.74 to\nreceive various security and bugfixes. The following security bugs\nwere fixed :\n\n - CVE-2017-1000365: The Linux Kernel imposes a size\n restriction on the arguments and environmental strings\n passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the\n size), but did not take the argument and environment\n pointers into account, which allowed attackers to bypass\n this limitation. (bnc#1039354).\n\n - CVE-2017-1000380: sound/core/timer.c in the Linux kernel\n is vulnerable to a data race in the ALSA /dev/snd/timer\n driver resulting in local users being able to read\n information belonging to other users, i.e.,\n uninitialized memory contents may be disclosed when a\n read and an ioctl happen at the same time (bnc#1044125).\n\n - CVE-2017-7346: The vmw_gb_surface_define_ioctl function\n in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux\n kernel did not validate certain levels data, which\n allowed local users to cause a denial of service (system\n hang) via a crafted ioctl call for a /dev/dri/renderD*\n device (bnc#1031796).\n\n - CVE-2017-9242: The __ip6_append_data function in\n net/ipv6/ip6_output.c in the Linux kernel is too late in\n checking whether an overwrite of an skb data structure\n may occur, which allowed local users to cause a denial\n of service (system crash) via crafted system calls\n (bnc#1041431).\n\n - CVE-2017-9076: The dccp_v6_request_recv_sock function in\n net/dccp/ipv6.c in the Linux kernel mishandled\n inheritance, which allowed local users to cause a denial\n of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890\n (bnc#1039885).\n\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in\n net/ipv6/tcp_ipv6.c in the Linux kernel mishandled\n inheritance, which allowed local users to cause a denial\n of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890\n (bnc#1040069).\n\n - CVE-2017-9075: The sctp_v6_create_accept_sk function in\n net/sctp/ipv6.c in the Linux kernel mishandled\n inheritance, which allowed local users to cause a denial\n of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890\n (bnc#1039883).\n\n - CVE-2017-9074: The IPv6 fragmentation implementation in\n the Linux kernel did not consider that the nexthdr field\n may be associated with an invalid option, which allowed\n local users to cause a denial of service (out-of-bounds\n read and BUG) or possibly have unspecified other impact\n via crafted socket and send system calls (bnc#1039882).\n\n - CVE-2017-8924: The edge_bulk_in_callback function in\n drivers/usb/serial/io_ti.c in the Linux kernel allowed\n local users to obtain sensitive information (in the\n dmesg ringbuffer and syslog) from uninitialized kernel\n memory by using a crafted USB device (posing as an io_ti\n USB serial device) to trigger an integer underflow.\n (bsc#1038982)\n\n - CVE-2017-8925: The omninet_open function in\n drivers/usb/serial/omninet.c in the Linux kernel allowed\n local users to cause a denial of service (tty\n exhaustion) by leveraging reference count mishandling.\n (bsc#1038981)\n\n - CVE-2017-7487: The ipxitf_ioctl function in\n net/ipx/af_ipx.c in the Linux kernel mishandled\n reference counts, which allowed local users to cause a\n denial of service (use-after-free) or possibly have\n unspecified other impact via a failed SIOCGIFADDR ioctl\n call for an IPX interface (bnc#1038879).\n\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel\n allowed attackers to cause a denial of service (double\n free) or possibly have unspecified other impact by\n leveraging use of the accept system call (bnc#1038544).\n\n - CVE-2017-9150: The do_check function in\n kernel/bpf/verifier.c in the Linux kernel did not make\n the allow_ptr_leaks value available for restricting the\n output of the print_bpf_insn function, which allowed\n local users to obtain sensitive address information via\n crafted bpf system calls (bnc#1040279).\n\n - CVE-2017-7618: crypto/ahash.c in the Linux kernel\n allowed attackers to cause a denial of service (API\n operation calling its own callback, and infinite\n recursion) by triggering EBUSY on a full queue\n (bnc#1033340).\n\n - CVE-2017-7616: Incorrect error handling in the\n set_mempolicy and mbind compat syscalls in\n mm/mempolicy.c in the Linux kernel allowed local users\n to obtain sensitive information from uninitialized stack\n data by triggering failure of a certain bitmap operation\n (bnc#1033336).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1004003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1018885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022266\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1025461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035866\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036638\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036763\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038842\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038848\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040364\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040941\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043935\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044532\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=799133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=863764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=939801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966321\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=988065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=990058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=990682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=993832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=995542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000365/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000380/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7346/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7487/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7616/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7618/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8890/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8924/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8925/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9074/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9075/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9076/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9077/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9150/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9242/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171853-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6e55dfeb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2017-1146=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1146=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1146=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1146=1\n\nSUSE Linux Enterprise Live Patching 12:zypper in -t patch\nSUSE-SLE-Live-Patching-12-2017-1146=1\n\nSUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch\nSUSE-SLE-HA-12-SP2-2017-1146=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1146=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1146=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-4.4.74-92.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-base-4.4.74-92.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-base-debuginfo-4.4.74-92.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.74-92.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.74-92.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.74-92.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.74-92.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-4.4.74-92.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.74-92.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.74-92.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.74-92.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-extra-4.4.74-92.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-4.4.74-92.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.74-92.29.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-18T14:15:49", "description": "It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nIt was discovered that a use-after-free vulnerability in the core voltage regulator driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2014-9940)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nLi Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux, linux-meta vulnerabilities (USN-3335-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9940", "CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-7294", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-saucy", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-trusty", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-quantal", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-raring", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-saucy", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-trusty", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-highbank", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3335-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100933", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3335-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100933);\n script_version(\"3.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2014-9940\", \"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7294\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3335-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux, linux-meta vulnerabilities (USN-3335-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nIt was discovered that a use-after-free vulnerability in the core\nvoltage regulator driver of the Linux kernel. A local attacker could\nuse this to cause a denial of service or possibly execute arbitrary\ncode. (CVE-2014-9940)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nLi Qiang discovered that an integer overflow vulnerability existed in\nthe Direct Rendering Manager (DRM) driver for VMware devices in the\nLinux kernel. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3335-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-saucy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-trusty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-quantal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-raring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-saucy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-trusty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-9940\", \"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-7294\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3335-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-121-generic\", pkgver:\"3.13.0-121.170\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-121-generic-lpae\", pkgver:\"3.13.0-121.170\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-121-lowlatency\", pkgver:\"3.13.0-121.170\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic\", pkgver:\"3.13.0.121.131\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"3.13.0.121.131\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae-lts-saucy\", pkgver:\"3.13.0.121.131\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae-lts-trusty\", pkgver:\"3.13.0.121.131\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-quantal\", pkgver:\"3.13.0.121.131\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-raring\", pkgver:\"3.13.0.121.131\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-saucy\", pkgver:\"3.13.0.121.131\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-trusty\", pkgver:\"3.13.0.121.131\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-pae\", pkgver:\"3.13.0.121.131\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-highbank\", pkgver:\"3.13.0.121.131\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"3.13.0.121.131\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency-pae\", pkgver:\"3.13.0.121.131\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-virtual\", pkgver:\"3.13.0.121.131\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-20T15:07:20", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\nCVE-2017-7487\n\nLi Qiang reported a reference counter leak in the ipxitf_ioctl function which may result into a use-after-free vulnerability, triggerable when a IPX interface is configured.\n\nCVE-2017-7645\n\nTuomas Haanpaa and Matti Kamunen from Synopsys Ltd discovered that the NFSv2 and NFSv3 server implementations are vulnerable to an out-of-bounds memory access issue while processing arbitrarily long arguments sent by NFSv2/NFSv3 PRC clients, leading to a denial of service.\n\nCVE-2017-7895\n\nAri Kauppi from Synopsys Ltd discovered that the NFSv2 and NFSv3 server implementations do not properly handle payload bounds checking of WRITE requests. A remote attacker with write access to a NFS mount can take advantage of this flaw to read chunks of arbitrary memory from both kernel-space and user-space.\n\nCVE-2017-8890\n\nIt was discovered that the net_csk_clone_lock() function allows a remote attacker to cause a double free leading to a denial of service or potentially have other impact.\n\nCVE-2017-8924\n\nJohan Hovold found that the io_ti USB serial driver could leak sensitive information if a malicious USB device was connected.\n\nCVE-2017-8925\n\nJohan Hovold found a reference counter leak in the omninet USB serial driver, resulting in a use-after-free vulnerability. This can be triggered by a local user permitted to open tty devices.\n\nCVE-2017-9074\n\nAndrey Konovalov reported that the IPv6 fragmentation implementation could read beyond the end of a packet buffer. A local user or guest VM might be able to use this to leak sensitive information or to cause a denial of service (crash).\n\nCVE-2017-9075\n\nAndrey Konovalov reported that the SCTP/IPv6 implementation wrongly initialised address lists on connected sockets, resulting in a use-after-free vulnerability, a similar issue to CVE-2017-8890. This can be triggered by any local user.\n\nCVE-2017-9076 / CVE-2017-9077 Cong Wang found that the TCP/IPv6 and DCCP/IPv6 implementations wrongly initialised address lists on connected sockets, a similar issue to CVE-2017-9075.\n\nCVE-2017-9242\n\nAndrey Konovalov reported a packet buffer overrun in the IPv6 implementation. A local user could use this for denial of service (memory corruption; crash) and possibly for privilege escalation.\n\nCVE-2017-1000364\n\nThe Qualys Research Labs discovered that the size of the stack guard page is not sufficiently large. The stack-pointer can jump over the guard-page and moving from the stack into another memory region without accessing the guard-page. In this case no page-fault exception is raised and the stack extends into the other memory region. An attacker can exploit this flaw for privilege escalation.\n\nThe default stack gap protection is set to 256 pages and can be configured via the stack_guard_gap kernel parameter on the kernel command line.\n\nFurther details can be found at https://www.qualys.com/2017/06/19/stack-clash/stack-clash.tx t\n\nFor Debian 7 'Wheezy', this problem has been fixed in version 3.2.89-2.\n\nFor Debian 8 'Jessie', this problem has been fixed in version 3.16.43-2+deb8u2.\n\nFor Debian 9 'Stretch', this problem has been fixed in version 4.9.30-2+deb9u2.\n\nWe recommend that you upgrade your linux packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Debian DLA-993-2 : linux regression update (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-7645", "CVE-2017-7895", "CVE-2017-8890", "CVE-2017-8924", "CVE-2017-8925", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-993.NASL", "href": "https://www.tenable.com/plugins/nessus/100876", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-993-2. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100876);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-7645\", \"CVE-2017-7895\", \"CVE-2017-8890\", \"CVE-2017-8924\", \"CVE-2017-8925\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n\n script_name(english:\"Debian DLA-993-2 : linux regression update (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-7487\n\nLi Qiang reported a reference counter leak in the ipxitf_ioctl\nfunction which may result into a use-after-free vulnerability,\ntriggerable when a IPX interface is configured.\n\nCVE-2017-7645\n\nTuomas Haanpaa and Matti Kamunen from Synopsys Ltd discovered that the\nNFSv2 and NFSv3 server implementations are vulnerable to an\nout-of-bounds memory access issue while processing arbitrarily long\narguments sent by NFSv2/NFSv3 PRC clients, leading to a denial of\nservice.\n\nCVE-2017-7895\n\nAri Kauppi from Synopsys Ltd discovered that the NFSv2 and NFSv3\nserver implementations do not properly handle payload bounds checking\nof WRITE requests. A remote attacker with write access to a NFS mount\ncan take advantage of this flaw to read chunks of arbitrary memory\nfrom both kernel-space and user-space.\n\nCVE-2017-8890\n\nIt was discovered that the net_csk_clone_lock() function allows a\nremote attacker to cause a double free leading to a denial of service\nor potentially have other impact.\n\nCVE-2017-8924\n\nJohan Hovold found that the io_ti USB serial driver could leak\nsensitive information if a malicious USB device was connected.\n\nCVE-2017-8925\n\nJohan Hovold found a reference counter leak in the omninet USB serial\ndriver, resulting in a use-after-free vulnerability. This can be\ntriggered by a local user permitted to open tty devices.\n\nCVE-2017-9074\n\nAndrey Konovalov reported that the IPv6 fragmentation implementation\ncould read beyond the end of a packet buffer. A local user or guest VM\nmight be able to use this to leak sensitive information or to cause a\ndenial of service (crash).\n\nCVE-2017-9075\n\nAndrey Konovalov reported that the SCTP/IPv6 implementation wrongly\ninitialised address lists on connected sockets, resulting in a\nuse-after-free vulnerability, a similar issue to CVE-2017-8890. This\ncan be triggered by any local user.\n\nCVE-2017-9076 / CVE-2017-9077 Cong Wang found that the TCP/IPv6 and\nDCCP/IPv6 implementations wrongly initialised address lists on\nconnected sockets, a similar issue to CVE-2017-9075.\n\nCVE-2017-9242\n\nAndrey Konovalov reported a packet buffer overrun in the IPv6\nimplementation. A local user could use this for denial of service\n(memory corruption; crash) and possibly for privilege escalation.\n\nCVE-2017-1000364\n\nThe Qualys Research Labs discovered that the size of the stack guard\npage is not sufficiently large. The stack-pointer can jump over the\nguard-page and moving from the stack into another memory region\nwithout accessing the guard-page. In this case no page-fault exception\nis raised and the stack extends into the other memory region. An\nattacker can exploit this flaw for privilege escalation.\n\nThe default stack gap protection is set to 256 pages and can\nbe configured via the stack_guard_gap kernel parameter on\nthe kernel command line.\n\nFurther details can be found at\nhttps://www.qualys.com/2017/06/19/stack-clash/stack-clash.tx\nt\n\nFor Debian 7 'Wheezy', this problem has been fixed in version\n3.2.89-2.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n3.16.43-2+deb8u2.\n\nFor Debian 9 'Stretch', this problem has been fixed in version\n4.9.30-2+deb9u2.\n\nWe recommend that you upgrade your linux packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/06/msg00033.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected linux package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"linux\", reference:\"3.2.89-2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:15:15", "description": "USN 3335-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience.\n\nIt was discovered that a use-after-free vulnerability in the core voltage regulator driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2014-9940)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nLi Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nIt was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-30T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-3343-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9940", "CVE-2017-1000363", "CVE-2017-7294", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3343-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101152", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3343-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101152);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2014-9940\", \"CVE-2017-1000363\", \"CVE-2017-7294\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3343-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-3343-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN 3335-1 fixed a vulnerability in the Linux kernel. However, that\nfix introduced regressions for some Java applications. This update\naddresses the issue. We apologize for the inconvenience.\n\nIt was discovered that a use-after-free vulnerability in the core\nvoltage regulator driver of the Linux kernel. A local attacker could\nuse this to cause a denial of service or possibly execute arbitrary\ncode. (CVE-2014-9940)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nLi Qiang discovered that an integer overflow vulnerability existed in\nthe Direct Rendering Manager (DRM) driver for VMware devices in the\nLinux kernel. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nIt was discovered that a double-free vulnerability existed in the IPv4\nstack of the Linux kernel. An attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was\nperforming its over write consistency check after the data was\nactually overwritten. A local attacker could exploit this flaw to\ncause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3343-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-9940\", \"CVE-2017-1000363\", \"CVE-2017-7294\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3343-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-123-generic\", pkgver:\"3.13.0-123.172\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-123-generic-lpae\", pkgver:\"3.13.0-123.172\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-123-lowlatency\", pkgver:\"3.13.0-123.172\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic\", pkgver:\"3.13.0.123.133\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"3.13.0.123.133\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"3.13.0.123.133\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-19T14:28:51", "description": "USN 3343-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM.\n\nUSN 3335-2 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience.\n\nIt was discovered that a use-after-free vulnerability in the core voltage regulator driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2014-9940)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nLi Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nIt was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-30T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3343-2)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9940", "CVE-2017-1000363", "CVE-2017-7294", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-trusty", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-trusty", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-3343-2.NASL", "href": "https://www.tenable.com/plugins/nessus/101153", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3343-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101153);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2014-9940\", \"CVE-2017-1000363\", \"CVE-2017-7294\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3343-2\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3343-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN 3343-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu\n12.04 ESM.\n\nUSN 3335-2 fixed a vulnerability in the Linux kernel. However, that\nfix introduced regressions for some Java applications. This update\naddresses the issue. We apologize for the inconvenience.\n\nIt was discovered that a use-after-free vulnerability in the core\nvoltage regulator driver of the Linux kernel. A local attacker could\nuse this to cause a denial of service or possibly execute arbitrary\ncode. (CVE-2014-9940)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nLi Qiang discovered that an integer overflow vulnerability existed in\nthe Direct Rendering Manager (DRM) driver for VMware devices in the\nLinux kernel. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nIt was discovered that a double-free vulnerability existed in the IPv4\nstack of the Linux kernel. An attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was\nperforming its over write consistency check after the data was\nactually overwritten. A local attacker could exploit this flaw to\ncause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages. Note that the updated packages may not\nbe immediately available from the package repository or its mirrors.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-trusty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-trusty\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-123-generic\", pkgver:\"3.13.0-123.172~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-123-generic-lpae\", pkgver:\"3.13.0-123.172~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-generic-lpae-lts-trusty\", pkgver:\"3.13.0.123.114\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-generic-lts-trusty\", pkgver:\"3.13.0.123.114\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:16:03", "description": "It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the output of the print_bpf_insn function. A local attacker could use this to obtain sensitive address information. (CVE-2017-9150)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 17.04 : linux, linux-meta vulnerabilities (USN-3324-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9150", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3324-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100922", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3324-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100922);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9150\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3324-1\");\n\n script_name(english:\"Ubuntu 17.04 : linux, linux-meta vulnerabilities (USN-3324-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the\noutput of the print_bpf_insn function. A local attacker could use this\nto obtain sensitive address information. (CVE-2017-9150)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3324-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9150\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3324-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-24-generic\", pkgver:\"4.10.0-24.28\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-24-generic-lpae\", pkgver:\"4.10.0-24.28\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-24-lowlatency\", pkgver:\"4.10.0-24.28\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-generic\", pkgver:\"4.10.0.24.26\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.10.0.24.26\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.10.0.24.26\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-virtual\", pkgver:\"4.10.0.24.26\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.10-generic / linux-image-4.10-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:15:49", "description": "It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nA double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the output of the print_bpf_insn function. A local attacker could use this to obtain sensitive address information. (CVE-2017-9150)\n\nIt was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Ubuntu 17.04 : linux-meta-raspi2, linux-raspi2 vulnerabilities (USN-3325-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9150", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3325-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100923", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3325-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100923);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9150\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3325-1\");\n\n script_name(english:\"Ubuntu 17.04 : linux-meta-raspi2, linux-raspi2 vulnerabilities (USN-3325-1) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the stack guard page for processes in the Linux\nkernel was not sufficiently large enough to prevent overlapping with\nthe heap. An attacker could leverage this with another vulnerability\nto execute arbitrary code and gain administrative privileges\n(CVE-2017-1000364)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nA double free bug was discovered in the IPv4 stack of the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the\noutput of the print_bpf_insn function. A local attacker could use this\nto obtain sensitive address information. (CVE-2017-9150)\n\nIt was discovered that the IPv6 stack was doing over write consistency\ncheck after the data was actually overwritten. A local attacker could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3325-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-4.10-raspi2 and / or\nlinux-image-raspi2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-1000364\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9150\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3325-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-1008-raspi2\", pkgver:\"4.10.0-1008.11\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.10.0.1008.10\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.10-raspi2 / linux-image-raspi2\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-19T13:48:48", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation.(CVE-2017-18255)\n\n - In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.(CVE-2017-18270)\n\n - The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent-i1/4zsigev_notify field, which leads to out-of-bounds access in the show_timer function.(CVE-2017-18344)\n\n - arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.(CVE-2017-2584)\n\n - Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled(nested=1), is vulnerable to host memory leakage issue. It could occur while emulating VMXON instruction in 'handle_vmon'. An L1 guest user could use this flaw to leak host memory potentially resulting in DoS.(CVE-2017-2596)\n\n - A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.(CVE-2017-2636)\n\n - A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type-i1/4zmatch is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges.(CVE-2017-2647)\n\n - A race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system.(CVE-2017-2671)\n\n - A vulnerability was found in the Linux kernel in 'tmpfs' file system. When file permissions are modified via 'chmod' and the user is not in the owning group or capable of CAP_FSETID, the setgid bit is cleared in inode_change_ok(). Setting a POSIX ACL via 'setxattr' sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way this allows to bypass the check in 'chmod'.(CVE-2017-5551)\n\n - The do_shmat function in ipc/shm.c in the Linux kernel, through 4.9.12, does not restrict the address calculated by a certain rounding operation. This allows privileged local users to map page zero and, consequently, bypass a protection mechanism that exists for the mmap system call. This is possible by making crafted shmget and shmat system calls in a privileged context.(CVE-2017-5669)\n\n - A vulnerability was found in the Linux kernel where having malicious IP options present would cause the ipv4_pktinfo_prepare() function to drop/free the dst.\n This could result in a system crash or possible privilege escalation.(CVE-2017-5970)\n\n - It was reported that with Linux kernel, earlier than version v4.10-rc8, an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer is full, a thread is waiting on it to queue more data, and meanwhile another thread peels off the association being used by the first thread.(CVE-2017-5986)\n\n - It was found that the original fix for CVE-2016-6786 was incomplete. There exist a race between two concurrent sys_perf_event_open() calls when both try and move the same pre-existing software group into a hardware context.(CVE-2017-6001)\n\n - A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.(CVE-2017-6074)\n\n - A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely.(CVE-2017-6214)\n\n - The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on IrDA devices.(CVE-2017-6348)\n\n - It was found that the code in net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. This vulnerability was introduced by CVE-2017-5986 fix (commit 2dcab5984841).(CVE-2017-6353)\n\n - The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allows local users to cause a denial of service via a request_key system call for the 'dead' key type.(CVE-2017-6951)\n\n - The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impacts via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function.(CVE-2017-7187)\n\n - In was found that in the Linux kernel, in vmw_surface_define_ioctl() function in 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' file, a 'num_sizes' parameter is assigned a user-controlled value which is not checked if it is zero. This is used in a call to kmalloc() and later leads to dereferencing ZERO_SIZE_PTR, which in turn leads to a GPF and possibly to a kernel panic.(CVE-2017-7261)\n\n - An out-of-bounds write vulnerability was found in the Linux kernel's vmw_surface_define_ioctl() function, in the 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' file. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2017-7294)\n\n - It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow, resulting in the crash of the system. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.(CVE-2017-7308)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7, "vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-05-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1502)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18255", "CVE-2017-18270", "CVE-2017-18344", "CVE-2017-2584", "CVE-2017-2596", "CVE-2017-2636", "CVE-2017-2647", "CVE-2017-2671", "CVE-2017-5551", "CVE-2017-5669", "CVE-2017-5970", "CVE-2017-5986", "CVE-2017-6001", "CVE-2017-6074", "CVE-2017-6214", "CVE-2017-6348", "CVE-2017-6353", "CVE-2017-6951", "CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7294", "CVE-2017-7308"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1502.NASL", "href": "https://www.tenable.com/plugins/nessus/124825", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124825);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-18255\",\n \"CVE-2017-18270\",\n \"CVE-2017-18344\",\n \"CVE-2017-2584\",\n \"CVE-2017-2596\",\n \"CVE-2017-2636\",\n \"CVE-2017-2647\",\n \"CVE-2017-2671\",\n \"CVE-2017-5551\",\n \"CVE-2017-5669\",\n \"CVE-2017-5970\",\n \"CVE-2017-5986\",\n \"CVE-2017-6001\",\n \"CVE-2017-6074\",\n \"CVE-2017-6214\",\n \"CVE-2017-6348\",\n \"CVE-2017-6353\",\n \"CVE-2017-6951\",\n \"CVE-2017-7187\",\n \"CVE-2017-7261\",\n \"CVE-2017-7294\",\n \"CVE-2017-7308\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1502)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The perf_cpu_time_max_percent_handler function in\n kernel/events/core.c in the Linux kernel before 4.11\n allows local users to cause a denial of service\n (integer overflow) or possibly have unspecified other\n impact via a large value, as demonstrated by an\n incorrect sample-rate calculation.(CVE-2017-18255)\n\n - In the Linux kernel before 4.13.5, a local user could\n create keyrings for other users via keyctl commands,\n setting unwanted defaults or causing a denial of\n service.(CVE-2017-18270)\n\n - The timer_create syscall implementation in\n kernel/time/posix-timers.c in the Linux kernel doesn't\n properly validate the sigevent-i1/4zsigev_notify field,\n which leads to out-of-bounds access in the show_timer\n function.(CVE-2017-18344)\n\n - arch/x86/kvm/emulate.c in the Linux kernel through\n 4.9.3 allows local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave,\n sgdt, and sidt.(CVE-2017-2584)\n\n - Linux kernel built with the KVM visualization support\n (CONFIG_KVM), with nested visualization(nVMX) feature\n enabled(nested=1), is vulnerable to host memory leakage\n issue. It could occur while emulating VMXON instruction\n in 'handle_vmon'. An L1 guest user could use this flaw\n to leak host memory potentially resulting in\n DoS.(CVE-2017-2596)\n\n - A race condition flaw was found in the N_HLDC Linux\n kernel driver when accessing n_hdlc.tbuf list that can\n lead to double free. A local, unprivileged user able to\n set the HDLC line discipline on the tty device could\n use this flaw to increase their privileges on the\n system.(CVE-2017-2636)\n\n - A flaw was found that can be triggered in\n keyring_search_iterator in keyring.c if type-i1/4zmatch\n is NULL. A local user could use this flaw to crash the\n system or, potentially, escalate their\n privileges.(CVE-2017-2647)\n\n - A race condition leading to a NULL pointer dereference\n was found in the Linux kernel's Link Layer Control\n implementation. A local attacker with access to ping\n sockets could use this flaw to crash the\n system.(CVE-2017-2671)\n\n - A vulnerability was found in the Linux kernel in\n 'tmpfs' file system. When file permissions are modified\n via 'chmod' and the user is not in the owning group or\n capable of CAP_FSETID, the setgid bit is cleared in\n inode_change_ok(). Setting a POSIX ACL via 'setxattr'\n sets the file permissions as well as the new ACL, but\n doesn't clear the setgid bit in a similar way this\n allows to bypass the check in 'chmod'.(CVE-2017-5551)\n\n - The do_shmat function in ipc/shm.c in the Linux kernel,\n through 4.9.12, does not restrict the address\n calculated by a certain rounding operation. This allows\n privileged local users to map page zero and,\n consequently, bypass a protection mechanism that exists\n for the mmap system call. This is possible by making\n crafted shmget and shmat system calls in a privileged\n context.(CVE-2017-5669)\n\n - A vulnerability was found in the Linux kernel where\n having malicious IP options present would cause the\n ipv4_pktinfo_prepare() function to drop/free the dst.\n This could result in a system crash or possible\n privilege escalation.(CVE-2017-5970)\n\n - It was reported that with Linux kernel, earlier than\n version v4.10-rc8, an application may trigger a BUG_ON\n in sctp_wait_for_sndbuf if the socket tx buffer is\n full, a thread is waiting on it to queue more data, and\n meanwhile another thread peels off the association\n being used by the first thread.(CVE-2017-5986)\n\n - It was found that the original fix for CVE-2016-6786\n was incomplete. There exist a race between two\n concurrent sys_perf_event_open() calls when both try\n and move the same pre-existing software group into a\n hardware context.(CVE-2017-6001)\n\n - A use-after-free flaw was found in the way the Linux\n kernel's Datagram Congestion Control Protocol (DCCP)\n implementation freed SKB (socket buffer) resources for\n a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO\n option is set on the socket. A local, unprivileged user\n could use this flaw to alter the kernel memory,\n allowing them to escalate their privileges on the\n system.(CVE-2017-6074)\n\n - A flaw was found in the Linux kernel's handling of\n packets with the URG flag. Applications using the\n splice() and tcp_splice_read() functionality could\n allow a remote attacker to force the kernel to enter a\n condition in which it could loop\n indefinitely.(CVE-2017-6214)\n\n - The hashbin_delete function in net/irda/irqueue.c in\n the Linux kernel improperly manages lock dropping,\n which allows local users to cause a denial of service\n (deadlock) via crafted operations on IrDA\n devices.(CVE-2017-6348)\n\n - It was found that the code in net/sctp/socket.c in the\n Linux kernel through 4.10.1 does not properly restrict\n association peel-off operations during certain wait\n states, which allows local users to cause a denial of\n service (invalid unlock and double free) via a\n multithreaded application. This vulnerability was\n introduced by CVE-2017-5986 fix (commit\n 2dcab5984841).(CVE-2017-6353)\n\n - The keyring_search_aux function in\n security/keys/keyring.c in the Linux kernel allows\n local users to cause a denial of service via a\n request_key system call for the 'dead' key\n type.(CVE-2017-6951)\n\n - The sg_ioctl function in drivers/scsi/sg.c in the Linux\n kernel allows local users to cause a denial of service\n (stack-based buffer overflow) or possibly have\n unspecified other impacts via a large command size in\n an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds\n write access in the sg_write function.(CVE-2017-7187)\n\n - In was found that in the Linux kernel, in\n vmw_surface_define_ioctl() function in\n 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' file, a\n 'num_sizes' parameter is assigned a user-controlled\n value which is not checked if it is zero. This is used\n in a call to kmalloc() and later leads to dereferencing\n ZERO_SIZE_PTR, which in turn leads to a GPF and\n possibly to a kernel panic.(CVE-2017-7261)\n\n - An out-of-bounds write vulnerability was found in the\n Linux kernel's vmw_surface_define_ioctl() function, in\n the 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' file. Due\n to the nature of the flaw, privilege escalation cannot\n be fully ruled out, although we believe it is\n unlikely.(CVE-2017-7294)\n\n - It was found that the packet_set_ring() function of the\n Linux kernel's networking implementation did not\n properly validate certain block-size data. A local\n attacker with CAP_NET_RAW capability could use this\n flaw to trigger a buffer overflow, resulting in the\n crash of the system. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled\n out.(CVE-2017-7308)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1502\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e37118f9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET packet_set_ring Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.6_42\",\n \"kernel-devel-3.10.0-862.14.1.6_42\",\n \"kernel-headers-3.10.0-862.14.1.6_42\",\n \"kernel-tools-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-devel-3.10.0-862.14.1.6_42\",\n \"perf-3.10.0-862.14.1.6_42\",\n \"python-perf-3.10.0-862.14.1.6_42\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-20T15:07:21", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\n - CVE-2017-7487 Li Qiang reported a reference counter leak in the ipxitf_ioctl function which may result into a use-after-free vulnerability, triggerable when a IPX interface is configured.\n\n - CVE-2017-7645 Tuomas Haanpaa and Matti Kamunen from Synopsys Ltd discovered that the NFSv2 and NFSv3 server implementations are vulnerable to an out-of-bounds memory access issue while processing arbitrarily long arguments sent by NFSv2/NFSv3 PRC clients, leading to a denial of service.\n\n - CVE-2017-7895 Ari Kauppi from Synopsys Ltd discovered that the NFSv2 and NFSv3 server implementations do not properly handle payload bounds checking of WRITE requests. A remote attacker with write access to a NFS mount can take advantage of this flaw to read chunks of arbitrary memory from both kernel-space and user-space.\n\n - CVE-2017-8064 Arnd Bergmann found that the DVB-USB core misused the device logging system, resulting in a use-after-free vulnerability, with unknown security impact.\n\n - CVE-2017-8890 It was discovered that the net_csk_clone_lock() function allows a remote attacker to cause a double free leading to a denial of service or potentially have other impact.\n\n - CVE-2017-8924 Johan Hovold found that the io_ti USB serial driver could leak sensitive information if a malicious USB device was connected.\n\n - CVE-2017-8925 Johan Hovold found a reference counter leak in the omninet USB serial driver, resulting in a use-after-free vulnerability. This can be triggered by a local user permitted to open tty devices.\n\n - CVE-2017-9074 Andrey Konovalov reported that the IPv6 fragmentation implementation could read beyond the end of a packet buffer. A local user or guest VM might be able to use this to leak sensitive information or to cause a denial of service (crash).\n\n - CVE-2017-9075 Andrey Konovalov reported that the SCTP/IPv6 implementation wrongly initialised address lists on connected sockets, resulting in a use-after-free vulnerability, a similar issue to CVE-2017-8890. This can be triggered by any local user.\n\n - CVE-2017-9076 / CVE-2017-9077 Cong Wang found that the TCP/IPv6 and DCCP/IPv6 implementations wrongly initialised address lists on connected sockets, a similar issue to CVE-2017-9075.\n\n - CVE-2017-9242 Andrey Konovalov reported a packet buffer overrun in the IPv6 implementation. A local user could use this for denial of service (memory corruption; crash) and possibly for privilege escalation.\n\n - CVE-2017-1000364 The Qualys Research Labs discovered that the size of the stack guard page is not sufficiently large. The stack-pointer can jump over the guard-page and moving from the stack into another memory region without accessing the guard-page. In this case no page-fault exception is raised and the stack extends into the other memory region. An attacker can exploit this flaw for privilege escalation.\n\n The default stack gap protection is set to 256 pages and can be configured via the stack_guard_gap kernel parameter on the kernel command line.\n\n Further details can be found at https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "Debian DSA-3886-1 : linux - security update (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000364", "CVE-2017-7487", "CVE-2017-7645", "CVE-2017-7895", "CVE-2017-8064", "CVE-2017-8890", "CVE-2017-8924", "CVE-2017-8925", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-3886.NASL", "href": "https://www.tenable.com/plugins/nessus/100877", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3886. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100877);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-1000364\", \"CVE-2017-7487\", \"CVE-2017-7645\", \"CVE-2017-7895\", \"CVE-2017-8064\", \"CVE-2017-8890\", \"CVE-2017-8924\", \"CVE-2017-8925\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"DSA\", value:\"3886\");\n\n script_name(english:\"Debian DSA-3886-1 : linux - security update (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\n - CVE-2017-7487\n Li Qiang reported a reference counter leak in the\n ipxitf_ioctl function which may result into a\n use-after-free vulnerability, triggerable when a IPX\n interface is configured.\n\n - CVE-2017-7645\n Tuomas Haanpaa and Matti Kamunen from Synopsys Ltd\n discovered that the NFSv2 and NFSv3 server\n implementations are vulnerable to an out-of-bounds\n memory access issue while processing arbitrarily long\n arguments sent by NFSv2/NFSv3 PRC clients, leading to a\n denial of service.\n\n - CVE-2017-7895\n Ari Kauppi from Synopsys Ltd discovered that the NFSv2\n and NFSv3 server implementations do not properly handle\n payload bounds checking of WRITE requests. A remote\n attacker with write access to a NFS mount can take\n advantage of this flaw to read chunks of arbitrary\n memory from both kernel-space and user-space.\n\n - CVE-2017-8064\n Arnd Bergmann found that the DVB-USB core misused the\n device logging system, resulting in a use-after-free\n vulnerability, with unknown security impact.\n\n - CVE-2017-8890\n It was discovered that the net_csk_clone_lock() function\n allows a remote attacker to cause a double free leading\n to a denial of service or potentially have other impact.\n\n - CVE-2017-8924\n Johan Hovold found that the io_ti USB serial driver\n could leak sensitive information if a malicious USB\n device was connected.\n\n - CVE-2017-8925\n Johan Hovold found a reference counter leak in the\n omninet USB serial driver, resulting in a use-after-free\n vulnerability. This can be triggered by a local user\n permitted to open tty devices.\n\n - CVE-2017-9074\n Andrey Konovalov reported that the IPv6 fragmentation\n implementation could read beyond the end of a packet\n buffer. A local user or guest VM might be able to use\n this to leak sensitive information or to cause a denial\n of service (crash).\n\n - CVE-2017-9075\n Andrey Konovalov reported that the SCTP/IPv6\n implementation wrongly initialised address lists on\n connected sockets, resulting in a use-after-free\n vulnerability, a similar issue to CVE-2017-8890. This\n can be triggered by any local user.\n\n - CVE-2017-9076 / CVE-2017-9077\n Cong Wang found that the TCP/IPv6 and DCCP/IPv6\n implementations wrongly initialised address lists on\n connected sockets, a similar issue to CVE-2017-9075.\n\n - CVE-2017-9242\n Andrey Konovalov reported a packet buffer overrun in the\n IPv6 implementation. A local user could use this for\n denial of service (memory corruption; crash) and\n possibly for privilege escalation.\n\n - CVE-2017-1000364\n The Qualys Research Labs discovered that the size of the\n stack guard page is not sufficiently large. The\n stack-pointer can jump over the guard-page and moving\n from the stack into another memory region without\n accessing the guard-page. In this case no page-fault\n exception is raised and the stack extends into the other\n memory region. An attacker can exploit this flaw for\n privilege escalation.\n\n The default stack gap protection is set to 256 pages and can be\n configured via the stack_guard_gap kernel parameter on the kernel\n command line.\n\n Further details can be found at\n https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-8064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-8890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-8924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-8925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-9074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-9075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-8890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-9076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-9077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-9075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-9242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-1000364\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3886\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 3.16.43-2+deb8u1.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 4.9.30-2+deb9u1 or earlier versions before the stretch\nrelease.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-arm\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-x86\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-x86\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-3.16\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-586\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-686-pae\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-amd64\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armel\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armhf\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-i386\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-amd64\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp-lpae\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-common\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-ixp4xx\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-kirkwood\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-orion5x\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-versatile\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-586\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae-dbg\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64-dbg\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp-lpae\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-ixp4xx\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-kirkwood\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-orion5x\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-versatile\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-libc-dev\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-3.16\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-3.16\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-3.16.0-9\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-linux-system-3.16.0-9-amd64\", reference:\"3.16.43-2+deb8u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"hyperv-daemons\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower-dev\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower1\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libusbip-dev\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-arm\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-s390\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-x86\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-cpupower\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-4kc-malta\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-5kc-malta\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686-pae\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-amd64\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-arm64\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armel\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armhf\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-i386\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips64el\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mipsel\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-ppc64el\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-s390x\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-amd64\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-arm64\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp-lpae\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common-rt\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-loongson-3\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-marvell\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-octeon\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-powerpc64le\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-686-pae\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-amd64\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-s390x\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x-dbg\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-libc-dev\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.9\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.9.0-9\", reference:\"4.9.30-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"usbip\", reference:\"4.9.30-2+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:16:02", "description": "USN 3324-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience.\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nIt was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the output of the print_bpf_insn function. A local attacker could use this to obtain sensitive address information. (CVE-2017-9150)\n\nIt was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-30T00:00:00", "type": "nessus", "title": "Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3345-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000363", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9150", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3345-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101156", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3345-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101156);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9150\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3345-1\");\n\n script_name(english:\"Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3345-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN 3324-1 fixed a vulnerability in the Linux kernel. However, that\nfix introduced regressions for some Java applications. This update\naddresses the issue. We apologize for the inconvenience.\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nIt was discovered that a double-free vulnerability existed in the IPv4\nstack of the Linux kernel. An attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the\noutput of the print_bpf_insn function. A local attacker could use this\nto obtain sensitive address information. (CVE-2017-9150)\n\nIt was discovered that the IPv6 stack in the Linux kernel was\nperforming its over write consistency check after the data was\nactually overwritten. A local attacker could exploit this flaw to\ncause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3345-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9150\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3345-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-1010-raspi2\", pkgver:\"4.10.0-1010.13\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-26-generic\", pkgver:\"4.10.0-26.30\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-26-generic-lpae\", pkgver:\"4.10.0-26.30\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-26-lowlatency\", pkgver:\"4.10.0-26.30\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-generic\", pkgver:\"4.10.0.26.28\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.10.0.26.28\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.10.0.26.28\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.10.0.1010.12\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.10-generic / linux-image-4.10-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-20T15:06:29", "description": "The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939).\n\n - CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enabled scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697).\n\n - CVE-2016-3070: The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel improperly interacted with mm/migrate.c, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move (bnc#979215).\n\n - CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212).\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077).\n\n - CVE-2016-9588: arch/x86/kvm/vmx.c in the Linux kernel mismanages the #BP and #OF exceptions, which allowed guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest (bnc#1015703).\n\n - CVE-2016-10044: The aio_mount function in fs/aio.c in the Linux kernel did not properly restrict execute access, which made it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call (bnc#1023992).\n\n - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415).\n\n - CVE-2016-10208: The ext4_fill_super function in fs/ext4/super.c in the Linux kernel did not properly validate meta block groups, which allowed physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image (bnc#1023377).\n\n - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003).\n\n - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914).\n\n - CVE-2017-5897: The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allowed remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access (bnc#1023762).\n\n - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bnc#1024938).\n\n - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bnc#1025235).\n\n - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024).\n\n - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722).\n\n - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190).\n\n - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKET_FANOUT setsockopt system calls (bnc#1027189).\n\n - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178).\n\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066).\n\n - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213).\n\n - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052).\n\n - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440).\n\n - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579).\n\n - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bnc#1033336).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-12T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:1247-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1350", "CVE-2016-10044", "CVE-2016-10200", "CVE-2016-10208", "CVE-2016-2117", "CVE-2016-3070", "CVE-2016-5243", "CVE-2016-7117", "CVE-2016-9588", "CVE-2017-2671", "CVE-2017-5669", "CVE-2017-5897", "CVE-2017-5970", "CVE-2017-5986", "CVE-2017-6074", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6346", "CVE-2017-6348", "CVE-2017-6353", "CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7294", "CVE-2017-7308", "CVE-2017-7616"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_72-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_72-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-1247-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100150", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1247-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100150);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-1350\", \"CVE-2016-10044\", \"CVE-2016-10200\", \"CVE-2016-10208\", \"CVE-2016-2117\", \"CVE-2016-3070\", \"CVE-2016-5243\", \"CVE-2016-7117\", \"CVE-2016-9588\", \"CVE-2017-2671\", \"CVE-2017-5669\", \"CVE-2017-5897\", \"CVE-2017-5970\", \"CVE-2017-5986\", \"CVE-2017-6074\", \"CVE-2017-6214\", \"CVE-2017-6345\", \"CVE-2017-6346\", \"CVE-2017-6348\", \"CVE-2017-6353\", \"CVE-2017-7187\", \"CVE-2017-7261\", \"CVE-2017-7294\", \"CVE-2017-7308\", \"CVE-2017-7616\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2017:1247-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive\nvarious security and bugfixes. The following security bugs were \nfixed :\n\n - CVE-2015-1350: The VFS subsystem in the Linux kernel\n provided an incomplete set of requirements for setattr\n operations that underspecifies removing extended\n privilege attributes, which allowed local users to cause\n a denial of service (capability stripping) via a failed\n invocation of a system call, as demonstrated by using\n chown to remove a capability from the ping or Wireshark\n dumpcap program (bnc#914939).\n\n - CVE-2016-2117: The atl2_probe function in\n drivers/net/ethernet/atheros/atlx/atl2.c in the Linux\n kernel incorrectly enabled scatter/gather I/O, which\n allowed remote attackers to obtain sensitive information\n from kernel memory by reading packet data (bnc#968697).\n\n - CVE-2016-3070: The trace_writeback_dirty_page\n implementation in include/trace/events/writeback.h in\n the Linux kernel improperly interacted with\n mm/migrate.c, which allowed local users to cause a\n denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact by\n triggering a certain page move (bnc#979215).\n\n - CVE-2016-5243: The tipc_nl_compat_link_dump function in\n net/tipc/netlink_compat.c in the Linux kernel did not\n properly copy a certain string, which allowed local\n users to obtain sensitive information from kernel stack\n memory by reading a Netlink message (bnc#983212).\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux\n kernel allowed remote attackers to execute arbitrary\n code via vectors involving a recvmmsg system call that\n is mishandled during error processing (bnc#1003077).\n\n - CVE-2016-9588: arch/x86/kvm/vmx.c in the Linux kernel\n mismanages the #BP and #OF exceptions, which allowed\n guest OS users to cause a denial of service (guest OS\n crash) by declining to handle an exception thrown by an\n L2 guest (bnc#1015703).\n\n - CVE-2016-10044: The aio_mount function in fs/aio.c in\n the Linux kernel did not properly restrict execute\n access, which made it easier for local users to bypass\n intended SELinux W^X policy restrictions, and\n consequently gain privileges, via an io_setup system\n call (bnc#1023992).\n\n - CVE-2016-10200: Race condition in the L2TPv3 IP\n Encapsulation feature in the Linux kernel allowed local\n users to gain privileges or cause a denial of service\n (use-after-free) by making multiple bind system calls\n without properly ascertaining whether a socket has the\n SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and\n net/l2tp/l2tp_ip6.c (bnc#1028415).\n\n - CVE-2016-10208: The ext4_fill_super function in\n fs/ext4/super.c in the Linux kernel did not properly\n validate meta block groups, which allowed physically\n proximate attackers to cause a denial of service\n (out-of-bounds read and system crash) via a crafted ext4\n image (bnc#1023377).\n\n - CVE-2017-2671: The ping_unhash function in\n net/ipv4/ping.c in the Linux kernel is too late in\n obtaining a certain lock and consequently cannot ensure\n that disconnect function calls are safe, which allowed\n local users to cause a denial of service (panic) by\n leveraging access to the protocol value of IPPROTO_ICMP\n in a socket system call (bnc#1031003).\n\n - CVE-2017-5669: The do_shmat function in ipc/shm.c in the\n Linux kernel did not restrict the address calculated by\n a certain rounding operation, which allowed local users\n to map page zero, and consequently bypass a protection\n mechanism that exists for the mmap system call, by\n making crafted shmget and shmat system calls in a\n privileged context (bnc#1026914).\n\n - CVE-2017-5897: The ip6gre_err function in\n net/ipv6/ip6_gre.c in the Linux kernel allowed remote\n attackers to have unspecified impact via vectors\n involving GRE flags in an IPv6 packet, which trigger an\n out-of-bounds access (bnc#1023762).\n\n - CVE-2017-5970: The ipv4_pktinfo_prepare function in\n net/ipv4/ip_sockglue.c in the Linux kernel allowed\n attackers to cause a denial of service (system crash)\n via (1) an application that made crafted system calls or\n possibly (2) IPv4 traffic with invalid IP options\n (bnc#1024938).\n\n - CVE-2017-5986: Race condition in the\n sctp_wait_for_sndbuf function in net/sctp/socket.c in\n the Linux kernel allowed local users to cause a denial\n of service (assertion failure and panic) via a\n multithreaded application that peels off an association\n in a certain buffer-full state (bnc#1025235).\n\n - CVE-2017-6074: The dccp_rcv_state_process function in\n net/dccp/input.c in the Linux kernel mishandled\n DCCP_PKT_REQUEST packet data structures in the LISTEN\n state, which allowed local users to obtain root\n privileges or cause a denial of service (double free)\n via an application that made an IPV6_RECVPKTINFO\n setsockopt system call (bnc#1026024).\n\n - CVE-2017-6214: The tcp_splice_read function in\n net/ipv4/tcp.c in the Linux kernel allowed remote\n attackers to cause a denial of service (infinite loop\n and soft lockup) via vectors involving a TCP packet with\n the URG flag (bnc#1026722).\n\n - CVE-2017-6345: The LLC subsystem in the Linux kernel did\n not ensure that a certain destructor exists in required\n circumstances, which allowed local users to cause a\n denial of service (BUG_ON) or possibly have unspecified\n other impact via crafted system calls (bnc#1027190).\n\n - CVE-2017-6346: Race condition in net/packet/af_packet.c\n in the Linux kernel allowed local users to cause a\n denial of service (use-after-free) or possibly have\n unspecified other impact via a multithreaded application\n that made PACKET_FANOUT setsockopt system calls\n (bnc#1027189).\n\n - CVE-2017-6348: The hashbin_delete function in\n net/irda/irqueue.c in the Linux kernel improperly\n managed lock dropping, which allowed local users to\n cause a denial of service (deadlock) via crafted\n operations on IrDA devices (bnc#1027178).\n\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did\n not properly restrict association peel-off operations\n during certain wait states, which allowed local users to\n cause a denial of service (invalid unlock and double\n free) via a multithreaded application. NOTE: this\n vulnerability exists because of an incorrect fix for\n CVE-2017-5986 (bnc#1027066).\n\n - CVE-2017-7187: The sg_ioctl function in\n drivers/scsi/sg.c in the Linux kernel allowed local\n users to cause a denial of service (stack-based buffer\n overflow) or possibly have unspecified other impact via\n a large command size in an SG_NEXT_CMD_LEN ioctl call,\n leading to out-of-bounds write access in the sg_write\n function (bnc#1030213).\n\n - CVE-2017-7261: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux\n kernel did not check for a zero value of certain levels\n data, which allowed local users to cause a denial of\n service (ZERO_SIZE_PTR dereference, and GPF and possibly\n panic) via a crafted ioctl call for a /dev/dri/renderD*\n device (bnc#1031052).\n\n - CVE-2017-7294: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux\n kernel did not validate addition of certain levels data,\n which allowed local users to trigger an integer overflow\n and out-of-bounds write, and cause a denial of service\n (system hang or crash) or possibly gain privileges, via\n a crafted ioctl call for a /dev/dri/renderD* device\n (bnc#1031440).\n\n - CVE-2017-7308: The packet_set_ring function in\n net/packet/af_packet.c in the Linux kernel did not\n properly validate certain block-size data, which allowed\n local users to cause a denial of service (overflow) or\n possibly have unspecified other impact via crafted\n system calls (bnc#1031579).\n\n - CVE-2017-7616: Incorrect error handling in the\n set_mempolicy and mbind compat syscalls in\n mm/mempolicy.c in the Linux kernel allowed local users\n to obtain sensitive information from uninitialized stack\n data by triggering failure of a certain bitmap operation\n (bnc#1033336).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1025235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029986\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=914939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954763\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968697\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989056\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1350/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10044/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10200/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10208/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2117/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3070/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5243/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7117/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9588/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2671/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5669/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5897/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5970/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5986/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6074/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6214/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6345/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6346/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6348/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6353/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7187/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7261/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7294/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7308/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7616/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171247-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f96323f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-749=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-749=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2017-749=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET packet_set_ring Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_72-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_72-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_72-default-1-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_72-xen-1-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-debuginfo-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debuginfo-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debugsource-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-devel-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-syms-3.12.61-52.72.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:14:41", "description": "The openSUSE Leap 42.2 kernel was updated to 4.4.62 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-7618: crypto/ahash.c in the Linux kernel allowed attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue (bnc#1033340).\n\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362).\n\n - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bnc#986365).\n\n - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bnc#1033336).\n\n - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel was too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003).\n\n - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579).\n\n - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440).\n\n - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052).\n\n - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213).\n\n - CVE-2017-7374: Use-after-free vulnerability in fs/crypto/ in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely (bnc#1032006).\n\nThe following non-security bugs were fixed :\n\n - acpi, nfit: fix acpi_nfit_flush_probe() crash (bsc#1031717).\n\n - acpi, nfit: fix extended status translations for ACPI DSMs (bsc#1031717).\n\n - arm64: hugetlb: fix the wrong address for several functions (bsc#1032681).\n\n - arm64: hugetlb: fix the wrong return value for huge_ptep_set_access_flags (bsc#1032681).\n\n - arm64: hugetlb: remove the wrong pmd check in find_num_contig() (bsc#1032681).\n\n - arm64: Use full path in KBUILD_IMAGE definition (bsc#1010032).\n\n - arm: Use full path in KBUILD_IMAGE definition (bsc#1010032).\n\n - blacklist.conf: 73667e31a153 x86/hyperv: Hide unused label\n\n - blacklist.conf: Add ed10858 ('scsi: smartpqi: fix time handling') to blacklist\n\n - blacklist.conf: blacklist 9770404a which was subsequently reverted\n\n - blacklist.conf: Blacklist f2fs fix\n\n - blacklist.conf: Blacklist unneeded commit, because of a partial backport.\n\n - blacklist.conf: Split SP2 and SP3 entries to ease merging\n\n - blacklist: Fix blacklisting of 0c313cb20732\n\n - block: copy NOMERGE flag from bio to request (bsc#1030070).\n\n - bonding: fix 802.3ad aggregator reselection (bsc#1029514).\n\n - btrfs: add transaction space reservation tracepoints (bsc#1012452).\n\n - btrfs: allow unlink to exceed subvolume quota (bsc#1019614).\n\n - btrfs: avoid uninitialized variable warning (bsc#1012452).\n\n - btrfs: __btrfs_buffered_write: Reserve/release extents aligned to block size (bsc#1012452).\n\n - btrfs: btrfs_ioctl_clone: Truncate complete page after performing clone operation (bsc#1012452).\n\n - btrfs: btrfs_page_mkwrite: Reserve space in sectorsized units (bsc#1012452).\n\n - btrfs: btrfs_submit_direct_hook: Handle map_length < bio vector length (bsc#1012452).\n\n - btrfs: change how we update the global block rsv (bsc#1012452).\n\n - btrfs: Change qgroup_meta_rsv to 64bit (bsc#1019614).\n\n - btrfs: check reserved when deciding to background flush (bsc#1012452).\n\n - btrfs: Clean pte corresponding to page straddling i_size (bsc#1012452).\n\n - btrfs: Compute and look up csums based on sectorsized blocks (bsc#1012452).\n\n - btrfs: csum_tree_block: return proper errno value (bsc#1012452).\n\n - btrfs: device add and remove: use GFP_KERNEL (bsc#1012452).\n\n - btrfs: Direct I/O read: Work on sectorsized blocks (bsc#1012452).\n\n - btrfs: do not write corrupted metadata blocks to disk (bsc#1012452).\n\n - btrfs: extent same: use GFP_KERNEL for page array allocations (bsc#1012452).\n\n - btrfs: fallback to vmalloc in btrfs_compare_tree (bsc#1012452).\n\n - btrfs: fallocate: use GFP_KERNEL (bsc#1012452).\n\n - btrfs: fallocate: Work with sectorsized blocks (bsc#1012452).\n\n - btrfs: Fix block size returned to user space (bsc#1012452).\n\n - btrfs: fix build warning (bsc#1012452).\n\n - btrfs: fix delalloc accounting after copy_from_user faults (bsc#1012452).\n\n - btrfs: fix extent_same allowing destination offset beyond i_size (bsc#1012452).\n\n - btrfs: fix handling of faults from btrfs_copy_from_user (bsc#1012452).\n\n - btrfs: fix invalid reference in replace_path (bsc#1012452).\n\n - btrfs: fix listxattrs not listing all xattrs packed in the same item (bsc#1012452).\n\n - btrfs: fix lockdep deadlock warning due to dev_replace (bsc#1012452).\n\n - btrfs: fix truncate_space_check (bsc#1012452).\n\n - btrfs: Improve FL_KEEP_SIZE handling in fallocate (bsc#1012452).\n\n - btrfs: let callers of btrfs_alloc_root pass gfp flags (bsc#1012452).\n\n - btrfs: Limit inline extents to root->sectorsize (bsc#1012452).\n\n - btrfs: make sure we stay inside the bvec during\n __btrfs_lookup_bio_sums (bsc#1012452).\n\n - btrfs: Output more info for enospc_debug mount option (bsc#1012452).\n\n - btrfs: Print Warning only if ENOSPC_DEBUG is enabled (bsc#1012452).\n\n - btrfs: qgroups: Retry after commit on getting EDQUOT (bsc#1019614).\n\n - btrfs: reada: add all reachable mirrors into reada device list (bsc#1012452).\n\n - btrfs: reada: Add missed segment checking in reada_find_zone (bsc#1012452).\n\n - btrfs: reada: Avoid many times of empty loop (bsc#1012452).\n\n - btrfs: reada: avoid undone reada extents in btrfs_reada_wait (bsc#1012452).\n\n - btrfs: reada: bypass adding extent when all zone failed (bsc#1012452).\n\n - btrfs: reada: Fix a debug code typo (bsc#1012452).\n\n - btrfs: reada: Fix in-segment calculation for reada (bsc#1012452).\n\n - btrfs: reada: ignore creating reada_extent for a non-existent device (bsc#1012452).\n\n - btrfs: reada: Jump into cleanup in direct way for\n __readahead_hook() (bsc#1012452).\n\n - btrfs: reada: limit max works count (bsc#1012452).\n\n - btrfs: reada: Move is_need_to_readahead contition earlier (bsc#1012452).\n\n - btrfs: reada: move reada_extent_put to place after\n __readahead_hook() (bsc#1012452).\n\n - btrfs: reada: Pass reada_extent into __readahead_hook directly (bsc#1012452).\n\n - btrfs: reada: reduce additional fs_info->reada_lock in reada_find_zone (bsc#1012452).\n\n - btrfs: reada: Remove level argument in severial functions (bsc#1012452).\n\n - btrfs: reada: simplify dev->reada_in_flight processing (bsc#1012452).\n\n - btrfs: reada: Use fs_info instead of root in\n __readahead_hook's argument (bsc#1012452).\n\n - btrfs: reada: use GFP_KERNEL everywhere (bsc#1012452).\n\n - btrfs: readdir: use GFP_KERNEL (bsc#1012452).\n\n - btrfs: remove redundant error check (bsc#1012452).\n\n - btrfs: Reset IO error counters before start of device replacing (bsc#1012452).\n\n - btrfs: scrub: use GFP_KERNEL on the submission path (bsc#1012452).\n\n - btrfs: Search for all ordered extents that could span across a page (bsc#1012452).\n\n - btrfs: send: use GFP_KERNEL everywhere (bsc#1012452).\n\n - btrfs: switch to kcalloc in btrfs_cmp_data_prepare (bsc#1012452).\n\n - btrfs: Use (eb->start, seq) as search key for tree modification log (bsc#1012452).\n\n - btrfs: use proper type for failrec in extent_state (bsc#1012452).\n\n - ceph: fix recursively call between ceph_set_acl and\n __ceph_setattr (bsc#1034902).\n\n - cgroup/pids: remove spurious suspicious RCU usage warning (bnc#1031831).\n\n - cxgb4: Add control net_device for configuring PCIe VF (bsc#1021424).\n\n - cxgb4: Add llseek operation for flash debugfs entry (bsc#1021424).\n\n - cxgb4: add new routine to get adapter info (bsc#1021424).\n\n - cxgb4: Add PCI device ID for new adapter (bsc#1021424).\n\n - cxgb4: Add port description for new cards (bsc#1021424).\n\n - cxgb4: Add support to enable logging of firmware mailbox commands (bsc#1021424).\n\n - cxgb4: Check for firmware errors in the mailbox command loop (bsc#1021424).\n\n - cxgb4: correct device ID of T6 adapter (bsc#1021424).\n\n - cxgb4/cxgb4vf: Add set VF mac address support (bsc#1021424).\n\n - cxgb4/cxgb4vf: Allocate more queues for 25G and 100G adapter (bsc#1021424).\n\n - cxgb4/cxgb4vf: Assign netdev->dev_port with port ID (bsc#1021424).\n\n - cxgb4/cxgb4vf: Display 25G and 100G link speed (bsc#1021424).\n\n - cxgb4/cxgb4vf: Remove deprecated module parameters (bsc#1021424).\n\n - cxgb4: DCB message handler needs to use correct portid to netdev mapping (bsc#1021424).\n\n - cxgb4: Decode link down reason code obtained from firmware (bsc#1021424).\n\n - cxgb4: Do not assume FW_PORT_CMD reply is always port info msg (bsc#1021424).\n\n - cxgb4: do not call napi_hash_del() (bsc#1021424).\n\n - cxgb4: Do not sleep when mbox cmd is issued from interrupt context (bsc#1021424).\n\n - cxgb4: Enable SR-IOV configuration via PCI sysfs interface (bsc#1021424).\n\n - cxgb4: Fix issue while re-registering VF mgmt netdev (bsc#1021424).\n\n - cxgb4: MU requested by Chelsio (bsc#1021424).\n\n - cxgb4: Properly decode port module type (bsc#1021424).\n\n - cxgb4: Refactor t4_port_init function (bsc#1021424).\n\n - cxgb4: Reset dcb state machine and tx queue prio only if dcb is enabled (bsc#1021424).\n\n - cxgb4: Support compressed error vector for T6 (bsc#1021424).\n\n - cxgb4: Synchronize access to mailbox (bsc#1021424).\n\n - cxgb4: update latest firmware version supported (bsc#1021424).\n\n - device-dax: fix private mapping restriction, permit read-only (bsc#1031717).\n\n - drivers: hv: util: do not forget to init host_ts.lock (bsc#1031206).\n\n - drivers: hv: vmbus: Raise retry/wait limits in vmbus_post_msg() (fate#320485, bsc#1023287, bsc#1028217).\n\n - drm/i915: Fix crash after S3 resume with DP MST mode change (bsc#1029634).\n\n - drm/i915: Introduce Kabypoint PCH for Kabylake H/DT (bsc#1032581).\n\n - drm/i915: Only enable hotplug interrupts if the display interrupts are enabled (bsc#1031717).\n\n - ext4: fix use-after-iput when fscrypt contexts are inconsistent (bsc#1012829).\n\n - hid: usbhid: Quirk a AMI virtual mouse and keyboard with ALWAYS_POLL (bsc#1022340).\n\n - hv: export current Hyper-V clocksource (bsc#1031206).\n\n - hv_utils: implement Hyper-V PTP source (bsc#1031206).\n\n - ibmvnic: Allocate number of rx/tx buffers agreed on by firmware (fate#322021, bsc#1031512).\n\n - ibmvnic: Call napi_disable instead of napi_enable in failure path (fate#322021, bsc#1031512).\n\n - ibmvnic: Correct ibmvnic handling of device open/close (fate#322021, bsc#1031512).\n\n - ibmvnic: Fix endian errors in error reporting output (fate#322021, bsc#1031512).\n\n - ibmvnic: Fix endian error when requesting device capabilities (fate#322021, bsc#1031512).\n\n - ibmvnic: Fix initial MTU settings (bsc#1031512).\n\n - ibmvnic: Fix overflowing firmware/hardware TX queue (fate#322021, bsc#1031512).\n\n - ibmvnic: Free tx/rx scrq pointer array when releasing sub-crqs (fate#322021, bsc#1031512).\n\n - ibmvnic: Handle processing of CRQ messages in a tasklet (fate#322021, bsc#1031512).\n\n - ibmvnic: Initialize completion variables before starting work (fate#322021, bsc#1031512).\n\n - ibmvnic: Make CRQ interrupt tasklet wait for all capabilities crqs (fate#322021, bsc#1031512).\n\n - ibmvnic: Move ibmvnic adapter intialization to its own routine (fate#322021, bsc#1031512).\n\n - ibmvnic: Move login and queue negotiation into ibmvnic_open (fate#322021, bsc#1031512).\n\n - ibmvnic: Move login to its own routine (fate#322021, bsc#1031512).\n\n - ibmvnic: Use common counter for capabilities checks (fate#322021, bsc#1031512).\n\n - ibmvnic: use max_mtu instead of req_mtu for MTU range check (bsc#1031512).\n\n - iommu/vt-d: Make sure IOMMUs are off when intel_iommu=off (bsc#1031208).\n\n - iscsi-target: Return error if unable to add network portal (bsc#1032803).\n\n - kABI: restore ttm_ref_object_add parameters (kabi).\n\n - kgr: Mark eeh_event_handler() kthread safe using a timeout (bsc#1031662).\n\n - kvm: svm: add support for RDTSCP (bsc#1033117).\n\n - l2tp: hold tunnel socket when handling control frames in l2tp_ip and l2tp_ip6 (bsc#1028415).\n\n - libcxgb: add library module for Chelsio drivers (bsc#1021424).\n\n - libnvdimm, pfn: fix memmap reservation size versus 4K alignment (bsc#1031717).\n\n - locking/semaphore: Add down_interruptible_timeout() (bsc#1031662).\n\n - md: handle read-only member devices better (bsc#1033281).\n\n - mem-hotplug: fix node spanned pages when we have a movable node (bnc#1034671).\n\n - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp (bnc#1030118).\n\n - mm/memblock.c: fix memblock_next_valid_pfn() (bnc#1031200).\n\n - mm: page_alloc: skip over regions of invalid pfns where possible (bnc#1031200).\n\n - netfilter: allow logging from non-init namespaces (bsc#970083).\n\n - net: ibmvnic: Remove unused net_stats member from struct ibmvnic_adapter (fate#322021, bsc#1031512).\n\n - nfs: flush out dirty data on file fput() (bsc#1021762).\n\n - nvme: Delete created IO queues on reset (bsc#1031717).\n\n - overlayfs: compat, fix incorrect dentry use in ovl_rename2 (bsc#1032400).\n\n - overlayfs: compat, use correct dentry to detect compat mode in ovl_compat_is_whiteout (bsc#1032400).\n\n - ping: implement proper locking (bsc#1031003).\n\n - powerpc/fadump: Reserve memory at an offset closer to bottom of RAM (bsc#1032141).\n\n - powerpc/fadump: Update fadump documentation (bsc#1032141).\n\n - Revert 'btrfs: qgroup: Move half of the qgroup accounting time out of' (bsc#1017461 bsc#1033885).\n\n - Revert 'btrfs: qgroup: Move half of the qgroup accounting time out of' This reverts commit f69c1d0f6254c73529a48fd2f87815d047ad7288.\n\n - Revert 'Revert 'btrfs: qgroup: Move half of the qgroup accounting time' This reverts commit 8567943ca56d937acfc417947cba917de653b09c.\n\n - sbp-target: Fix second argument of percpu_ida_alloc() (bsc#1032803).\n\n - scsi: cxgb4i: libcxgbi: cxgb4: add T6 iSCSI completion feature (bsc#1021424).\n\n - scsi_error: count medium access timeout only once per EH run (bsc#993832, bsc#1032345).\n\n - scsi: ipr: do not set DID_PASSTHROUGH on CHECK CONDITION (bsc#1034419).\n\n - scsi: ipr: Driver version 2.6.4 (bsc#1031555, fate#321595).\n\n - scsi: ipr: Error path locking fixes (bsc#1031555, fate#321595).\n\n - scsi: ipr: Fix abort path race condition (bsc#1031555, fate#321595).\n\n - scsi: ipr: Fix missed EH wakeup (bsc#1031555, fate#321595).\n\n - scsi: ipr: Fix SATA EH hang (bsc#1031555, fate#321595).\n\n - scsi: ipr: Remove redundant initialization (bsc#1031555, fate#321595).\n\n - scsi_transport_fc: do not call queue_work under lock (bsc#1013887).\n\n - scsi_transport_fc: fixup race condition in fc_rport_final_delete() (bsc#1013887).\n\n - scsi_transport_fc: return -EBUSY for deleted vport (bsc#1013887).\n\n - sysfs: be careful of error returns from ops->show() (bsc#1028883).\n\n - thp: fix MADV_DONTNEED vs. numa balancing race (bnc#1027974).\n\n - thp: reduce indentation level in change_huge_pmd() (bnc#1027974).\n\n - tpm: fix checks for policy digest existence in tpm2_seal_trusted() (bsc#1034048, Pending fixes 2017-04-10).\n\n - tpm: fix RC value check in tpm2_seal_trusted (bsc#1034048, Pending fixes 2017-04-10).\n\n - tpm: fix: set continueSession attribute for the unseal operation (bsc#1034048, Pending fixes 2017-04-10).\n\n - vmxnet3: segCnt can be 1 for LRO packets (bsc#988065).\n\n - x86/CPU/AMD: Fix Zen SMT topology (bsc#1027512).\n\n - x86/ioapic: Change prototype of acpi_ioapic_add() (bsc#1027153, bsc#1027616).\n\n - x86/ioapic: Fix incorrect pointers in ioapic_setup_resources() (bsc#1027153, bsc#1027616).\n\n - x86/ioapic: Fix IOAPIC failing to request resource (bsc#1027153, bsc#1027616).\n\n - x86/ioapic: fix kABI (hide added include) (bsc#1027153, bsc#1027616).\n\n - x86/ioapic: Fix lost IOAPIC resource after hot-removal and hotadd (bsc#1027153, bsc#1027616).\n\n - x86/ioapic: Fix setup_res() failing to get resource (bsc#1027153, bsc#1027616).\n\n - x86/ioapic: Ignore root bridges without a companion ACPI device (bsc#1027153, bsc#1027616).\n\n - x86/ioapic: Simplify ioapic_setup_resources() (bsc#1027153, bsc#1027616).\n\n - x86/ioapic: Support hot-removal of IOAPICs present during boot (bsc#1027153, bsc#1027616).\n\n - x86/mce: Fix copy/paste error in exception table entries (fate#319858).\n\n - x86/platform/uv: Fix calculation of Global Physical Address (bsc#1031147).\n\n - x86/ras/therm_throt: Do not log a fake MCE for thermal events (bsc#1028027).\n\n - xen: Use machine addresses in /sys/kernel/vmcoreinfo when PV (bsc#1014136)\n\n - xgene_enet: remove bogus forward declarations (bsc#1032673).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-02T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2017-532)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4997", "CVE-2016-4998", "CVE-2017-2671", "CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7294", "CVE-2017-7308", "CVE-2017-7374", "CVE-2017-7616", "CVE-2017-7618"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-532.NASL", "href": "https://www.tenable.com/plugins/nessus/99927", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-532.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99927);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-4997\", \"CVE-2016-4998\", \"CVE-2017-2671\", \"CVE-2017-7187\", \"CVE-2017-7261\", \"CVE-2017-7294\", \"CVE-2017-7308\", \"CVE-2017-7374\", \"CVE-2017-7616\", \"CVE-2017-7618\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2017-532)\");\n script_summary(english:\"Check for the openSUSE-2017-532 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.2 kernel was updated to 4.4.62 to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-7618: crypto/ahash.c in the Linux kernel\n allowed attackers to cause a denial of service (API\n operation calling its own callback, and infinite\n recursion) by triggering EBUSY on a full queue\n (bnc#1033340).\n\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and\n IP6T_SO_SET_REPLACE setsockopt implementations in the\n netfilter subsystem in the Linux kernel allowed local\n users to gain privileges or cause a denial of service\n (memory corruption) by leveraging in-container root\n access to provide a crafted offset value that triggers\n an unintended decrement (bnc#986362).\n\n - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt\n implementation in the netfilter subsystem in the Linux\n kernel allowed local users to cause a denial of service\n (out-of-bounds read) or possibly obtain sensitive\n information from kernel heap memory by leveraging\n in-container root access to provide a crafted offset\n value that leads to crossing a ruleset blob boundary\n (bnc#986365).\n\n - CVE-2017-7616: Incorrect error handling in the\n set_mempolicy and mbind compat syscalls in\n mm/mempolicy.c in the Linux kernel allowed local users\n to obtain sensitive information from uninitialized stack\n data by triggering failure of a certain bitmap operation\n (bnc#1033336).\n\n - CVE-2017-2671: The ping_unhash function in\n net/ipv4/ping.c in the Linux kernel was too late in\n obtaining a certain lock and consequently cannot ensure\n that disconnect function calls are safe, which allowed\n local users to cause a denial of service (panic) by\n leveraging access to the protocol value of IPPROTO_ICMP\n in a socket system call (bnc#1031003).\n\n - CVE-2017-7308: The packet_set_ring function in\n net/packet/af_packet.c in the Linux kernel did not\n properly validate certain block-size data, which allowed\n local users to cause a denial of service (overflow) or\n possibly have unspecified other impact via crafted\n system calls (bnc#1031579).\n\n - CVE-2017-7294: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux\n kernel did not validate addition of certain levels data,\n which allowed local users to trigger an integer overflow\n and out-of-bounds write, and cause a denial of service\n (system hang or crash) or possibly gain privileges, via\n a crafted ioctl call for a /dev/dri/renderD* device\n (bnc#1031440).\n\n - CVE-2017-7261: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux\n kernel did not check for a zero value of certain levels\n data, which allowed local users to cause a denial of\n service (ZERO_SIZE_PTR dereference, and GPF and possibly\n panic) via a crafted ioctl call for a /dev/dri/renderD*\n device (bnc#1031052).\n\n - CVE-2017-7187: The sg_ioctl function in\n drivers/scsi/sg.c in the Linux kernel allowed local\n users to cause a denial of service (stack-based buffer\n overflow) or possibly have unspecified other impact via\n a large command size in an SG_NEXT_CMD_LEN ioctl call,\n leading to out-of-bounds write access in the sg_write\n function (bnc#1030213).\n\n - CVE-2017-7374: Use-after-free vulnerability in\n fs/crypto/ in the Linux kernel allowed local users to\n cause a denial of service (NULL pointer dereference) or\n possibly gain privileges by revoking keyring keys being\n used for ext4, f2fs, or ubifs encryption, causing\n cryptographic transform objects to be freed prematurely\n (bnc#1032006).\n\nThe following non-security bugs were fixed :\n\n - acpi, nfit: fix acpi_nfit_flush_probe() crash\n (bsc#1031717).\n\n - acpi, nfit: fix extended status translations for ACPI\n DSMs (bsc#1031717).\n\n - arm64: hugetlb: fix the wrong address for several\n functions (bsc#1032681).\n\n - arm64: hugetlb: fix the wrong return value for\n huge_ptep_set_access_flags (bsc#1032681).\n\n - arm64: hugetlb: remove the wrong pmd check in\n find_num_contig() (bsc#1032681).\n\n - arm64: Use full path in KBUILD_IMAGE definition\n (bsc#1010032).\n\n - arm: Use full path in KBUILD_IMAGE definition\n (bsc#1010032).\n\n - blacklist.conf: 73667e31a153 x86/hyperv: Hide unused\n label\n\n - blacklist.conf: Add ed10858 ('scsi: smartpqi: fix time\n handling') to blacklist\n\n - blacklist.conf: blacklist 9770404a which was\n subsequently reverted\n\n - blacklist.conf: Blacklist f2fs fix\n\n - blacklist.conf: Blacklist unneeded commit, because of a\n partial backport.\n\n - blacklist.conf: Split SP2 and SP3 entries to ease\n merging\n\n - blacklist: Fix blacklisting of 0c313cb20732\n\n - block: copy NOMERGE flag from bio to request\n (bsc#1030070).\n\n - bonding: fix 802.3ad aggregator reselection\n (bsc#1029514).\n\n - btrfs: add transaction space reservation tracepoints\n (bsc#1012452).\n\n - btrfs: allow unlink to exceed subvolume quota\n (bsc#1019614).\n\n - btrfs: avoid uninitialized variable warning\n (bsc#1012452).\n\n - btrfs: __btrfs_buffered_write: Reserve/release extents\n aligned to block size (bsc#1012452).\n\n - btrfs: btrfs_ioctl_clone: Truncate complete page after\n performing clone operation (bsc#1012452).\n\n - btrfs: btrfs_page_mkwrite: Reserve space in sectorsized\n units (bsc#1012452).\n\n - btrfs: btrfs_submit_direct_hook: Handle map_length < bio\n vector length (bsc#1012452).\n\n - btrfs: change how we update the global block rsv\n (bsc#1012452).\n\n - btrfs: Change qgroup_meta_rsv to 64bit (bsc#1019614).\n\n - btrfs: check reserved when deciding to background flush\n (bsc#1012452).\n\n - btrfs: Clean pte corresponding to page straddling i_size\n (bsc#1012452).\n\n - btrfs: Compute and look up csums based on sectorsized\n blocks (bsc#1012452).\n\n - btrfs: csum_tree_block: return proper errno value\n (bsc#1012452).\n\n - btrfs: device add and remove: use GFP_KERNEL\n (bsc#1012452).\n\n - btrfs: Direct I/O read: Work on sectorsized blocks\n (bsc#1012452).\n\n - btrfs: do not write corrupted metadata blocks to disk\n (bsc#1012452).\n\n - btrfs: extent same: use GFP_KERNEL for page array\n allocations (bsc#1012452).\n\n - btrfs: fallback to vmalloc in btrfs_compare_tree\n (bsc#1012452).\n\n - btrfs: fallocate: use GFP_KERNEL (bsc#1012452).\n\n - btrfs: fallocate: Work with sectorsized blocks\n (bsc#1012452).\n\n - btrfs: Fix block size returned to user space\n (bsc#1012452).\n\n - btrfs: fix build warning (bsc#1012452).\n\n - btrfs: fix delalloc accounting after copy_from_user\n faults (bsc#1012452).\n\n - btrfs: fix extent_same allowing destination offset\n beyond i_size (bsc#1012452).\n\n - btrfs: fix handling of faults from btrfs_copy_from_user\n (bsc#1012452).\n\n - btrfs: fix invalid reference in replace_path\n (bsc#1012452).\n\n - btrfs: fix listxattrs not listing all xattrs packed in\n the same item (bsc#1012452).\n\n - btrfs: fix lockdep deadlock warning due to dev_replace\n (bsc#1012452).\n\n - btrfs: fix truncate_space_check (bsc#1012452).\n\n - btrfs: Improve FL_KEEP_SIZE handling in fallocate\n (bsc#1012452).\n\n - btrfs: let callers of btrfs_alloc_root pass gfp flags\n (bsc#1012452).\n\n - btrfs: Limit inline extents to root->sectorsize\n (bsc#1012452).\n\n - btrfs: make sure we stay inside the bvec during\n __btrfs_lookup_bio_sums (bsc#1012452).\n\n - btrfs: Output more info for enospc_debug mount option\n (bsc#1012452).\n\n - btrfs: Print Warning only if ENOSPC_DEBUG is enabled\n (bsc#1012452).\n\n - btrfs: qgroups: Retry after commit on getting EDQUOT\n (bsc#1019614).\n\n - btrfs: reada: add all reachable mirrors into reada\n device list (bsc#1012452).\n\n - btrfs: reada: Add missed segment checking in\n reada_find_zone (bsc#1012452).\n\n - btrfs: reada: Avoid many times of empty loop\n (bsc#1012452).\n\n - btrfs: reada: avoid undone reada extents in\n btrfs_reada_wait (bsc#1012452).\n\n - btrfs: reada: bypass adding extent when all zone failed\n (bsc#1012452).\n\n - btrfs: reada: Fix a debug code typo (bsc#1012452).\n\n - btrfs: reada: Fix in-segment calculation for reada\n (bsc#1012452).\n\n - btrfs: reada: ignore creating reada_extent for a\n non-existent device (bsc#1012452).\n\n - btrfs: reada: Jump into cleanup in direct way for\n __readahead_hook() (bsc#1012452).\n\n - btrfs: reada: limit max works count (bsc#1012452).\n\n - btrfs: reada: Move is_need_to_readahead contition\n earlier (bsc#1012452).\n\n - btrfs: reada: move reada_extent_put to place after\n __readahead_hook() (bsc#1012452).\n\n - btrfs: reada: Pass reada_extent into __readahead_hook\n directly (bsc#1012452).\n\n - btrfs: reada: reduce additional fs_info->reada_lock in\n reada_find_zone (bsc#1012452).\n\n - btrfs: reada: Remove level argument in severial\n functions (bsc#1012452).\n\n - btrfs: reada: simplify dev->reada_in_flight processing\n (bsc#1012452).\n\n - btrfs: reada: Use fs_info instead of root in\n __readahead_hook's argument (bsc#1012452).\n\n - btrfs: reada: use GFP_KERNEL everywhere (bsc#1012452).\n\n - btrfs: readdir: use GFP_KERNEL (bsc#1012452).\n\n - btrfs: remove redundant error check (bsc#1012452).\n\n - btrfs: Reset IO error counters before start of device\n replacing (bsc#1012452).\n\n - btrfs: scrub: use GFP_KERNEL on the submission path\n (bsc#1012452).\n\n - btrfs: Search for all ordered extents that could span\n across a page (bsc#1012452).\n\n - btrfs: send: use GFP_KERNEL everywhere (bsc#1012452).\n\n - btrfs: switch to kcalloc in btrfs_cmp_data_prepare\n (bsc#1012452).\n\n - btrfs: Use (eb->start, seq) as search key for tree\n modification log (bsc#1012452).\n\n - btrfs: use proper type for failrec in extent_state\n (bsc#1012452).\n\n - ceph: fix recursively call between ceph_set_acl and\n __ceph_setattr (bsc#1034902).\n\n - cgroup/pids: remove spurious suspicious RCU usage\n warning (bnc#1031831).\n\n - cxgb4: Add control net_device for configuring PCIe VF\n (bsc#1021424).\n\n - cxgb4: Add llseek operation for flash debugfs entry\n (bsc#1021424).\n\n - cxgb4: add new routine to get adapter info\n (bsc#1021424).\n\n - cxgb4: Add PCI device ID for new adapter (bsc#1021424).\n\n - cxgb4: Add port description for new cards (bsc#1021424).\n\n - cxgb4: Add support to enable logging of firmware mailbox\n commands (bsc#1021424).\n\n - cxgb4: Check for firmware errors in the mailbox command\n loop (bsc#1021424).\n\n - cxgb4: correct device ID of T6 adapter (bsc#1021424).\n\n - cxgb4/cxgb4vf: Add set VF mac address support\n (bsc#1021424).\n\n - cxgb4/cxgb4vf: Allocate more queues for 25G and 100G\n adapter (bsc#1021424).\n\n - cxgb4/cxgb4vf: Assign netdev->dev_port with port ID\n (bsc#1021424).\n\n - cxgb4/cxgb4vf: Display 25G and 100G link speed\n (bsc#1021424).\n\n - cxgb4/cxgb4vf: Remove deprecated module parameters\n (bsc#1021424).\n\n - cxgb4: DCB message handler needs to use correct portid\n to netdev mapping (bsc#1021424).\n\n - cxgb4: Decode link down reason code obtained from\n firmware (bsc#1021424).\n\n - cxgb4: Do not assume FW_PORT_CMD reply is always port\n info msg (bsc#1021424).\n\n - cxgb4: do not call napi_hash_del() (bsc#1021424).\n\n - cxgb4: Do not sleep when mbox cmd is issued from\n interrupt context (bsc#1021424).\n\n - cxgb4: Enable SR-IOV configuration via PCI sysfs\n interface (bsc#1021424).\n\n - cxgb4: Fix issue while re-registering VF mgmt netdev\n (bsc#1021424).\n\n - cxgb4: MU requested by Chelsio (bsc#1021424).\n\n - cxgb4: Properly decode port module type (bsc#1021424).\n\n - cxgb4: Refactor t4_port_init function (bsc#1021424).\n\n - cxgb4: Reset dcb state machine and tx queue prio only if\n dcb is enabled (bsc#1021424).\n\n - cxgb4: Support compressed error vector for T6\n (bsc#1021424).\n\n - cxgb4: Synchronize access to mailbox (bsc#1021424).\n\n - cxgb4: update latest firmware version supported\n (bsc#1021424).\n\n - device-dax: fix private mapping restriction, permit\n read-only (bsc#1031717).\n\n - drivers: hv: util: do not forget to init host_ts.lock\n (bsc#1031206).\n\n - drivers: hv: vmbus: Raise retry/wait limits in\n vmbus_post_msg() (fate#320485, bsc#1023287,\n bsc#1028217).\n\n - drm/i915: Fix crash after S3 resume with DP MST mode\n change (bsc#1029634).\n\n - drm/i915: Introduce Kabypoint PCH for Kabylake H/DT\n (bsc#1032581).\n\n - drm/i915: Only enable hotplug interrupts if the display\n interrupts are enabled (bsc#1031717).\n\n - ext4: fix use-after-iput when fscrypt contexts are\n inconsistent (bsc#1012829).\n\n - hid: usbhid: Quirk a AMI virtual mouse and keyboard with\n ALWAYS_POLL (bsc#1022340).\n\n - hv: export current Hyper-V clocksource (bsc#1031206).\n\n - hv_utils: implement Hyper-V PTP source (bsc#1031206).\n\n - ibmvnic: Allocate number of rx/tx buffers agreed on by\n firmware (fate#322021, bsc#1031512).\n\n - ibmvnic: Call napi_disable instead of napi_enable in\n failure path (fate#322021, bsc#1031512).\n\n - ibmvnic: Correct ibmvnic handling of device open/close\n (fate#322021, bsc#1031512).\n\n - ibmvnic: Fix endian errors in error reporting output\n (fate#322021, bsc#1031512).\n\n - ibmvnic: Fix endian error when requesting device\n capabilities (fate#322021, bsc#1031512).\n\n - ibmvnic: Fix initial MTU settings (bsc#1031512).\n\n - ibmvnic: Fix overflowing firmware/hardware TX queue\n (fate#322021, bsc#1031512).\n\n - ibmvnic: Free tx/rx scrq pointer array when releasing\n sub-crqs (fate#322021, bsc#1031512).\n\n - ibmvnic: Handle processing of CRQ messages in a tasklet\n (fate#322021, bsc#1031512).\n\n - ibmvnic: Initialize completion variables before starting\n work (fate#322021, bsc#1031512).\n\n - ibmvnic: Make CRQ interrupt tasklet wait for all\n capabilities crqs (fate#322021, bsc#1031512).\n\n - ibmvnic: Move ibmvnic adapter intialization to its own\n routine (fate#322021, bsc#1031512).\n\n - ibmvnic: Move login and queue negotiation into\n ibmvnic_open (fate#322021, bsc#1031512).\n\n - ibmvnic: Move login to its own routine (fate#322021,\n bsc#1031512).\n\n - ibmvnic: Use common counter for capabilities checks\n (fate#322021, bsc#1031512).\n\n - ibmvnic: use max_mtu instead of req_mtu for MTU range\n check (bsc#1031512).\n\n - iommu/vt-d: Make sure IOMMUs are off when\n intel_iommu=off (bsc#1031208).\n\n - iscsi-target: Return error if unable to add network\n portal (bsc#1032803).\n\n - kABI: restore ttm_ref_object_add parameters (kabi).\n\n - kgr: Mark eeh_event_handler() kthread safe using a\n timeout (bsc#1031662).\n\n - kvm: svm: add support for RDTSCP (bsc#1033117).\n\n - l2tp: hold tunnel socket when handling control frames in\n l2tp_ip and l2tp_ip6 (bsc#1028415).\n\n - libcxgb: add library module for Chelsio drivers\n (bsc#1021424).\n\n - libnvdimm, pfn: fix memmap reservation size versus 4K\n alignment (bsc#1031717).\n\n - locking/semaphore: Add down_interruptible_timeout()\n (bsc#1031662).\n\n - md: handle read-only member devices better\n (bsc#1033281).\n\n - mem-hotplug: fix node spanned pages when we have a\n movable node (bnc#1034671).\n\n - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp\n (bnc#1030118).\n\n - mm/memblock.c: fix memblock_next_valid_pfn()\n (bnc#1031200).\n\n - mm: page_alloc: skip over regions of invalid pfns where\n possible (bnc#1031200).\n\n - netfilter: allow logging from non-init namespaces\n (bsc#970083).\n\n - net: ibmvnic: Remove unused net_stats member from struct\n ibmvnic_adapter (fate#322021, bsc#1031512).\n\n - nfs: flush out dirty data on file fput() (bsc#1021762).\n\n - nvme: Delete created IO queues on reset (bsc#1031717).\n\n - overlayfs: compat, fix incorrect dentry use in\n ovl_rename2 (bsc#1032400).\n\n - overlayfs: compat, use correct dentry to detect compat\n mode in ovl_compat_is_whiteout (bsc#1032400).\n\n - ping: implement proper locking (bsc#1031003).\n\n - powerpc/fadump: Reserve memory at an offset closer to\n bottom of RAM (bsc#1032141).\n\n - powerpc/fadump: Update fadump documentation\n (bsc#1032141).\n\n - Revert 'btrfs: qgroup: Move half of the qgroup\n accounting time out of' (bsc#1017461 bsc#1033885).\n\n - Revert 'btrfs: qgroup: Move half of the qgroup\n accounting time out of' This reverts commit\n f69c1d0f6254c73529a48fd2f87815d047ad7288.\n\n - Revert 'Revert 'btrfs: qgroup: Move half of the qgroup\n accounting time' This reverts commit\n 8567943ca56d937acfc417947cba917de653b09c.\n\n - sbp-target: Fix second argument of percpu_ida_alloc()\n (bsc#1032803).\n\n - scsi: cxgb4i: libcxgbi: cxgb4: add T6 iSCSI completion\n feature (bsc#1021424).\n\n - scsi_error: count medium access timeout only once per EH\n run (bsc#993832, bsc#1032345).\n\n - scsi: ipr: do not set DID_PASSTHROUGH on CHECK CONDITION\n (bsc#1034419).\n\n - scsi: ipr: Driver version 2.6.4 (bsc#1031555,\n fate#321595).\n\n - scsi: ipr: Error path locking fixes (bsc#1031555,\n fate#321595).\n\n - scsi: ipr: Fix abort path race condition (bsc#1031555,\n fate#321595).\n\n - scsi: ipr: Fix missed EH wakeup (bsc#1031555,\n fate#321595).\n\n - scsi: ipr: Fix SATA EH hang (bsc#1031555, fate#321595).\n\n - scsi: ipr: Remove redundant initialization (bsc#1031555,\n fate#321595).\n\n - scsi_transport_fc: do not call queue_work under lock\n (bsc#1013887).\n\n - scsi_transport_fc: fixup race condition in\n fc_rport_final_delete() (bsc#1013887).\n\n - scsi_transport_fc: return -EBUSY for deleted vport\n (bsc#1013887).\n\n - sysfs: be careful of error returns from ops->show()\n (bsc#1028883).\n\n - thp: fix MADV_DONTNEED vs. numa balancing race\n (bnc#1027974).\n\n - thp: reduce indentation level in change_huge_pmd()\n (bnc#1027974).\n\n - tpm: fix checks for policy digest existence in\n tpm2_seal_trusted() (bsc#1034048, Pending fixes\n 2017-04-10).\n\n - tpm: fix RC value check in tpm2_seal_trusted\n (bsc#1034048, Pending fixes 2017-04-10).\n\n - tpm: fix: set continueSession attribute for the unseal\n operation (bsc#1034048, Pending fixes 2017-04-10).\n\n - vmxnet3: segCnt can be 1 for LRO packets (bsc#988065).\n\n - x86/CPU/AMD: Fix Zen SMT topology (bsc#1027512).\n\n - x86/ioapic: Change prototype of acpi_ioapic_add()\n (bsc#1027153, bsc#1027616).\n\n - x86/ioapic: Fix incorrect pointers in\n ioapic_setup_resources() (bsc#1027153, bsc#1027616).\n\n - x86/ioapic: Fix IOAPIC failing to request resource\n (bsc#1027153, bsc#1027616).\n\n - x86/ioapic: fix kABI (hide added include) (bsc#1027153,\n bsc#1027616).\n\n - x86/ioapic: Fix lost IOAPIC resource after hot-removal\n and hotadd (bsc#1027153, bsc#1027616).\n\n - x86/ioapic: Fix setup_res() failing to get resource\n (bsc#1027153, bsc#1027616).\n\n - x86/ioapic: Ignore root bridges without a companion ACPI\n device (bsc#1027153, bsc#1027616).\n\n - x86/ioapic: Simplify ioapic_setup_resources()\n (bsc#1027153, bsc#1027616).\n\n - x86/ioapic: Support hot-removal of IOAPICs present\n during boot (bsc#1027153, bsc#1027616).\n\n - x86/mce: Fix copy/paste error in exception table entries\n (fate#319858).\n\n - x86/platform/uv: Fix calculation of Global Physical\n Address (bsc#1031147).\n\n - x86/ras/therm_throt: Do not log a fake MCE for thermal\n events (bsc#1028027).\n\n - xen: Use machine addresses in /sys/kernel/vmcoreinfo\n when PV (bsc#1014136)\n\n - xgene_enet: remove bogus forward declarations\n (bsc#1032673).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1017461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1019614\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1023287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1028027\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1028217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1028415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1028883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1029514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1029634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1030070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1030118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1030213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031200\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031208\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1032006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1032141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1032345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1032400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1032581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1032673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1032681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1032803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1033117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1033281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1033336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1033340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1033885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1034048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1034419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1034671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1034902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986362\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=988065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=993832\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET packet_set_ring Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-4.4.62-18.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-base-4.4.62-18.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-base-debuginfo-4.4.62-18.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-debuginfo-4.4.62-18.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-debugsource-4.4.62-18.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-devel-4.4.62-18.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-devel-debuginfo-4.4.62-18.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-4.4.62-18.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-base-4.4.62-18.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-base-debuginfo-4.4.62-18.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-debuginfo-4.4.62-18.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-debugsource-4.4.62-18.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-devel-4.4.62-18.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-devel-4.4.62-18.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-docs-html-4.4.62-18.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-docs-pdf-4.4.62-18.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-macros-4.4.62-18.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-obs-build-4.4.62-18.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-obs-build-debugsource-4.4.62-18.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-obs-qa-4.4.62-18.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-source-4.4.62-18.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-source-vanilla-4.4.62-18.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-syms-4.4.62-18.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-4.4.62-18.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-base-4.4.62-18.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-base-debuginfo-4.4.62-18.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-debuginfo-4.4.62-18.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-debugsource-4.4.62-18.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-devel-4.4.62-18.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-docs-html / kernel-docs-pdf / kernel-devel / kernel-macros / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:23:21", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074)\n\n - The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.(CVE-2017-6214)\n\n - The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context.(CVE-2017-5669)\n\n - The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on IrDA devices.(CVE-2017-6348)\n\n - Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.(CVE-2017-2636)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1057)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2636", "CVE-2017-5669", "CVE-2017-6074", "CVE-2017-6214", "CVE-2017-6348"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1057.NASL", "href": "https://www.tenable.com/plugins/nessus/99902", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99902);\n script_version(\"1.42\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-2636\",\n \"CVE-2017-5669\",\n \"CVE-2017-6074\",\n \"CVE-2017-6214\",\n \"CVE-2017-6348\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1057)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A use-after-free flaw was found in the way the Linux\n kernel's Datagram Congestion Control Protocol (DCCP)\n implementation freed SKB (socket buffer) resources for\n a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO\n option is set on the socket. A local, unprivileged user\n could use this flaw to alter the kernel memory,\n allowing them to escalate their privileges on the\n system. (CVE-2017-6074)\n\n - The tcp_splice_read function in net/ipv4/tcp.c in the\n Linux kernel before 4.9.11 allows remote attackers to\n cause a denial of service (infinite loop and soft\n lockup) via vectors involving a TCP packet with the URG\n flag.(CVE-2017-6214)\n\n - The do_shmat function in ipc/shm.c in the Linux kernel\n through 4.9.12 does not restrict the address calculated\n by a certain rounding operation, which allows local\n users to map page zero, and consequently bypass a\n protection mechanism that exists for the mmap system\n call, by making crafted shmget and shmat system calls\n in a privileged context.(CVE-2017-5669)\n\n - The hashbin_delete function in net/irda/irqueue.c in\n the Linux kernel before 4.9.13 improperly manages lock\n dropping, which allows local users to cause a denial of\n service (deadlock) via crafted operations on IrDA\n devices.(CVE-2017-6348)\n\n - Race condition in drivers/tty/n_hdlc.c in the Linux\n kernel through 4.10.1 allows local users to gain\n privileges or cause a denial of service (double free)\n by setting the HDLC line discipline.(CVE-2017-2636)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1057\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3d80be91\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-229.48.1.121\",\n \"kernel-debug-3.10.0-229.48.1.121\",\n \"kernel-debuginfo-3.10.0-229.48.1.121\",\n \"kernel-debuginfo-common-x86_64-3.10.0-229.48.1.121\",\n \"kernel-devel-3.10.0-229.48.1.121\",\n \"kernel-headers-3.10.0-229.48.1.121\",\n \"kernel-tools-3.10.0-229.48.1.121\",\n \"kernel-tools-libs-3.10.0-229.48.1.121\",\n \"perf-3.10.0-229.48.1.121\",\n \"python-perf-3.10.0-229.48.1.121\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:15:37", "description": "USN 3326-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience.\n\nIt was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nIngo Molnar discovered that the VideoCore DRM driver in the Linux kernel did not return an error after detecting certain overflows. A local attacker could exploit this issue to cause a denial of service (OOPS). (CVE-2017-5577)\n\nLi Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nIt was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-30T00:00:00", "type": "nessus", "title": "Ubuntu 16.10 : linux, linux-raspi2 vulnerabilities (USN-3342-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000363", "CVE-2017-5577", "CVE-2017-7294", "CVE-2017-7374", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3342-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101150", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3342-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101150);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-5577\", \"CVE-2017-7294\", \"CVE-2017-7374\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3342-1\");\n\n script_name(english:\"Ubuntu 16.10 : linux, linux-raspi2 vulnerabilities (USN-3342-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN 3326-1 fixed a vulnerability in the Linux kernel. However, that\nfix introduced regressions for some Java applications. This update\naddresses the issue. We apologize for the inconvenience.\n\nIt was discovered that a use-after-free flaw existed in the filesystem\nencryption subsystem in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2017-7374)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nIngo Molnar discovered that the VideoCore DRM driver in the Linux\nkernel did not return an error after detecting certain overflows. A\nlocal attacker could exploit this issue to cause a denial of service\n(OOPS). (CVE-2017-5577)\n\nLi Qiang discovered that an integer overflow vulnerability existed in\nthe Direct Rendering Manager (DRM) driver for VMware devices in the\nLinux kernel. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nIt was discovered that a double-free vulnerability existed in the IPv4\nstack of the Linux kernel. An attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was\nperforming its over write consistency check after the data was\nactually overwritten. A local attacker could exploit this flaw to\ncause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3342-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000363\", \"CVE-2017-5577\", \"CVE-2017-7294\", \"CVE-2017-7374\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3342-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-1042-raspi2\", pkgver:\"4.8.0-1042.46\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-58-generic\", pkgver:\"4.8.0-58.63\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-58-generic-lpae\", pkgver:\"4.8.0-58.63\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-58-lowlatency\", pkgver:\"4.8.0-58.63\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-generic\", pkgver:\"4.8.0.58.71\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.8.0.58.71\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.8.0.58.71\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-raspi2\", pkgver:\"4.8.0.1042.46\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-virtual\", pkgver:\"4.8.0.58.71\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.8-generic / linux-image-4.8-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:15:15", "description": "USN-3342-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10.\nThis update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS.\n\nUSN-3333-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience.\n\nIt was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374)\n\nRoee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)\n\nIngo Molnar discovered that the VideoCore DRM driver in the Linux kernel did not return an error after detecting certain overflows. A local attacker could exploit this issue to cause a denial of service (OOPS). (CVE-2017-5577)\n\nLi Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nIt was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-30T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-hwe vulnerabilities (USN-3342-2)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000363", "CVE-2017-5577", "CVE-2017-7294", "CVE-2017-7374", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3342-2.NASL", "href": "https://www.tenable.com/plugins/nessus/101151", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3342-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101151);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-1000363\", \"CVE-2017-5577\", \"CVE-2017-7294\", \"CVE-2017-7374\", \"CVE-2017-8890\", \"CVE-2017-9074\", \"CVE-2017-9075\", \"CVE-2017-9076\", \"CVE-2017-9077\", \"CVE-2017-9242\");\n script_xref(name:\"USN\", value:\"3342-2\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-hwe vulnerabilities (USN-3342-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3342-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10.\nThis update provides the corresponding updates for the Linux Hardware\nEnablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS.\n\nUSN-3333-1 fixed a vulnerability in the Linux kernel. However, that\nfix introduced regressions for some Java applications. This update\naddresses the issue. We apologize for the inconvenience.\n\nIt was discovered that a use-after-free flaw existed in the filesystem\nencryption subsystem in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2017-7374)\n\nRoee Hay discovered that the parallel port printer driver in the Linux\nkernel did not properly bounds check passed arguments. A local\nattacker with write access to the kernel command line arguments could\nuse this to execute arbitrary code. (CVE-2017-1000363)\n\nIngo Molnar discovered that the VideoCore DRM driver in the Linux\nkernel did not return an error after detecting certain overflows. A\nlocal attacker could exploit this issue to cause a denial of service\n(OOPS). (CVE-2017-5577)\n\nLi Qiang discovered that an integer overflow vulnerability existed in\nthe Direct Rendering Manager (DRM) driver for VMware devices in the\nLinux kernel. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nIt was discovered that a double-free vulnerability existed in the IPv4\nstack of the Linux kernel. An attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-8890)\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the\nLinux kernel's IPv6 stack. A local attacker could cause a denial of\nservice or potentially other unspecified problems. (CVE-2017-9074)\n\nAndrey Konovalov discovered a flaw in the handling of inheritance in\nthe Linux kernel's IPv6 stack. A local user could exploit this issue\nto cause a denial of service or possibly other unspecified problems.\n(CVE-2017-9075)\n\nIt was discovered that dccp v6 in the Linux kernel mishandled\ninheritance. A local attacker could exploit this issue to cause a\ndenial of service or potentially other unspecified problems.\n(CVE-2017-9076)\n\nIt was discovered that the transmission control protocol (tcp) v6 in\nthe Linux kernel mishandled inheritance. A local attacker could\nexploit this issue to cause a denial of service or potentially other\nunspecified problems. (CVE-2017-9077)\n\nIt was discovered that the IPv6 stack in the Linux kernel was\nperforming its over write consistency check after the data was\nactually overwritten. A local attacker could exploit this flaw to\ncause a denial of service (system crash). (CVE-2017-9242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3342-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C