Vulnerabilities > CVE-2011-4131 - Numeric Errors vulnerability in Linux Kernel 3.2/3.2.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 8 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_KERNEL-120620.NASL description The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.34, fixing a lot of bugs and security issues. The update from Linux kernel 3.0.31 to 3.0.34 also fixes various bugs not listed here. The following security issues have been fixed : - Local attackers could trigger an overflow in sock_alloc_send_pksb(), potentially crashing the machine or escalate privileges. (CVE-2012-2136) - A memory leak in transparent hugepages on mmap failure could be used by local attacker to run the machine out of memory (local denial of service). (CVE-2012-2390) - A malicious guest driver could overflow the host stack by passing a long descriptor, so potentially crashing the host system or escalating privileges on the host. (CVE-2012-2119) - Malicious NFS server could crash the clients when more than 2 GETATTR bitmap words are returned in response to the FATTR4_ACL attribute requests, only incompletely fixed by CVE-2011-4131. (CVE-2012-2375) The following non-security bugs have been fixed : Hyper-V : - storvsc: Properly handle errors from the host. (bnc#747404) - HID: hid-hyperv: Do not use hid_parse_report() directly. - HID: hyperv: Set the hid drvdata correctly. - drivers/hv: Get rid of an unnecessary check in vmbus_prep_negotiate_resp(). - drivers/hv: util: Properly handle version negotiations. - hv: fix return type of hv_post_message(). - net/hyperv: Add flow control based on hi/low watermark. - usb/net: rndis: break out <1/rndis.h> defines. only net/hyperv part - usb/net: rndis: remove ambiguous status codes. only net/hyperv part - usb/net: rndis: merge command codes. only net/hyperv part - net/hyperv: Adding cancellation to ensure rndis filter is closed. - update hv drivers to 3.4-rc1, requires new hv_kvp_daemon : - drivers: hv: kvp: Add/cleanup connector defines. - drivers: hv: kvp: Move the contents of hv_kvp.h to hyperv.h. - net/hyperv: Convert camel cased variables in rndis_filter.c to lower cases. - net/hyperv: Correct the assignment in netvsc_recv_callback(). - net/hyperv: Remove the unnecessary memset in rndis_filter_send(). - drivers: hv: Cleanup the kvp related state in hyperv.h. - tools: hv: Use hyperv.h to get the KVP definitions. - drivers: hv: kvp: Cleanup the kernel/user protocol. - drivers: hv: Increase the number of VCPUs supported in the guest. - net/hyperv: Fix data corruption in rndis_filter_receive(). - net/hyperv: Add support for vlan trunking from guests. - Drivers: hv: Add new message types to enhance KVP. - Drivers: hv: Support the newly introduced KVP messages in the driver. - Tools: hv: Fully support the new KVP verbs in the user level daemon. - Tools: hv: Support enumeration from all the pools. - net/hyperv: Fix the code handling tx busy. - patches.suse/suse-hv-pata_piix-ignore-disks.patch replace our version of this patch with upstream variant: ata_piix: defer disks to the Hyper-V drivers by default libata: add a host flag to ignore detected ATA devices. Btrfs : - btrfs: more module message prefixes. - vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them - btrfs: flush all the dirty pages if try_to_writeback_inodes_sb_nr() fails - vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them - btrfs: fix locking in btrfs_destroy_delayed_refs - btrfs: wake up transaction waiters when aborting a transaction - btrfs: abort the transaction if the commit fails - btrfs: fix btrfs_destroy_marked_extents - btrfs: unlock everything properly in the error case for nocow - btrfs: fix return code in drop_objectid_items - btrfs: check to see if the inode is in the log before fsyncing - btrfs: pass locked_page into extent_clear_unlock_delalloc if theres an error - btrfs: check the return code of btrfs_save_ino_cache - btrfs: do not update atime for RO snapshots (FATE#306586). - btrfs: convert the inode bit field to use the actual bit operations - btrfs: fix deadlock when the process of delayed refs fails - btrfs: stop defrag the files automatically when doin readonly remount or umount - btrfs: avoid memory leak of extent state in error handling routine - btrfs: make sure that we have made everything in pinned tree clean - btrfs: destroy the items of the delayed inodes in error handling routine - btrfs: ulist realloc bugfix - btrfs: bugfix in btrfs_find_parent_nodes - btrfs: bugfix: ignore the wrong key for indirect tree block backrefs - btrfs: avoid buffer overrun in btrfs_printk - btrfs: fall back to non-inline if we do not have enough space - btrfs: NUL-terminate path buffer in DEV_INFO ioctl result - btrfs: avoid buffer overrun in mount option handling - btrfs: do not do balance in readonly mode - btrfs: fix the same inode id problem when doing auto defragment - btrfs: fix wrong error returned by adding a device - btrfs: use fastpath in extent state ops as much as possible Misc : - tcp: drop SYN+FIN messages. (bnc#765102) - mm: avoid swapping out with swappiness==0 (swappiness). - thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE. (bnc#762991) - paravirt: Split paravirt MMU ops (bnc#556135, bnc#754690, FATE#306453). - paravirt: Only export pv_mmu_ops symbol if PARAVIRT_MMU - parvirt: Stub support KABI for KVM_MMU (bnc#556135, bnc#754690, FATE#306453). - tmpfs: implement NUMA node interleaving. (bnc#764209) - synaptics-hp-clickpad: Fix the detection of LED on the recent HP laptops. (bnc#765524) - supported.conf: mark xt_AUDIT as supported. (bnc#765253) - mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition. (bnc#762991 / CVE-2012-2373) - xhci: Do not free endpoints in xhci_mem_cleanup(). (bnc#763307) - xhci: Fix invalid loop check in xhci_free_tt_info(). (bnc#763307) - drm: Skip too big EDID extensions. (bnc#764900) - drm/i915: Add HP EliteBook to LVDS-temporary-disable list. (bnc#763717) - hwmon: (fam15h_power) Increase output resolution. (bnc#759336) - hwmon: (k10temp) Add support for AMD Trinity CPUs. (bnc#759336) - rpm/kernel-binary.spec.in: Own the right -kdump initrd. (bnc#764500) - memcg: prevent from OOM with too many dirty pages. - dasd: re-prioritize partition detection message (bnc#764091,LTC#81617). - kernel: pfault task state race (bnc#764091,LTC#81724). - kernel: clear page table for sw large page emulation (bnc#764091,LTC#81933). - USB: fix bug of device descriptor got from superspeed device. (bnc#761087) - xfrm: take net hdr len into account for esp payload size calculation. (bnc#759545) - st: clean up dev cleanup in st_probe. (bnc#760806) - st: clean up device file creation and removal. (bnc#760806) - st: get rid of scsi_tapes array. (bnc#760806) - st: raise device limit. (bnc#760806) - st: Use static class attributes. (bnc#760806) - mm: Optimize put_mems_allowed() usage (VM performance). - cifs: fix oops while traversing open file list (try #4). (bnc#756050) - scsi: Fix dm-multipath starvation when scsi host is busy. (bnc#763485) - dasd: process all requests in the device tasklet. (bnc#763267) - rt2x00:Add RT539b chipset support. (bnc#760237) - kabi/severities: Ignore changes in drivers/net/wireless/rt2x00, these are just exports used among the rt2x00 modules. - rt2800: radio 3xxx: reprogram only lower bits of RF_R3. (bnc#759805) - rt2800: radio 3xxx: program RF_R1 during channel switch. (bnc#759805) - rt2800: radio 3xxxx: channel switch RX/TX calibration fixes. (bnc#759805) - rt2x00: Avoid unnecessary uncached. (bnc#759805) - rt2x00: Introduce sta_add/remove callbacks. (bnc#759805) - rt2x00: Add WCID to crypto struct. (bnc#759805) - rt2x00: Add WCID to HT TX descriptor. (bnc#759805) - rt2x00: Move bssidx calculation into its own function. (bnc#759805) - rt2x00: Make use of sta_add/remove callbacks in rt2800. (bnc#759805) - rt2x00: Forbid aggregation for STAs not programmed into the hw. (bnc#759805) - rt2x00: handle spurious pci interrupts. (bnc#759805) - rt2800: disable DMA after firmware load. - rt2800: radio 3xxx: add channel switch calibration routines. (bnc#759805) - rpm/kernel-binary.spec.in: Obsolete ath3k, as it is now in the tree. - floppy: remove floppy-specific O_EXCL handling. (bnc#757315) - floppy: convert to delayed work and single-thread wq. (bnc#761245) last seen 2020-06-05 modified 2013-01-25 plugin id 64175 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64175 title SuSE 11.2 Security Update : Linux kernel (SAT Patch Number 6463) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(64175); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2011-4131", "CVE-2012-2119", "CVE-2012-2136", "CVE-2012-2373", "CVE-2012-2375", "CVE-2012-2390"); script_name(english:"SuSE 11.2 Security Update : Linux kernel (SAT Patch Number 6463)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.34, fixing a lot of bugs and security issues. The update from Linux kernel 3.0.31 to 3.0.34 also fixes various bugs not listed here. The following security issues have been fixed : - Local attackers could trigger an overflow in sock_alloc_send_pksb(), potentially crashing the machine or escalate privileges. (CVE-2012-2136) - A memory leak in transparent hugepages on mmap failure could be used by local attacker to run the machine out of memory (local denial of service). (CVE-2012-2390) - A malicious guest driver could overflow the host stack by passing a long descriptor, so potentially crashing the host system or escalating privileges on the host. (CVE-2012-2119) - Malicious NFS server could crash the clients when more than 2 GETATTR bitmap words are returned in response to the FATTR4_ACL attribute requests, only incompletely fixed by CVE-2011-4131. (CVE-2012-2375) The following non-security bugs have been fixed : Hyper-V : - storvsc: Properly handle errors from the host. (bnc#747404) - HID: hid-hyperv: Do not use hid_parse_report() directly. - HID: hyperv: Set the hid drvdata correctly. - drivers/hv: Get rid of an unnecessary check in vmbus_prep_negotiate_resp(). - drivers/hv: util: Properly handle version negotiations. - hv: fix return type of hv_post_message(). - net/hyperv: Add flow control based on hi/low watermark. - usb/net: rndis: break out <1/rndis.h> defines. only net/hyperv part - usb/net: rndis: remove ambiguous status codes. only net/hyperv part - usb/net: rndis: merge command codes. only net/hyperv part - net/hyperv: Adding cancellation to ensure rndis filter is closed. - update hv drivers to 3.4-rc1, requires new hv_kvp_daemon : - drivers: hv: kvp: Add/cleanup connector defines. - drivers: hv: kvp: Move the contents of hv_kvp.h to hyperv.h. - net/hyperv: Convert camel cased variables in rndis_filter.c to lower cases. - net/hyperv: Correct the assignment in netvsc_recv_callback(). - net/hyperv: Remove the unnecessary memset in rndis_filter_send(). - drivers: hv: Cleanup the kvp related state in hyperv.h. - tools: hv: Use hyperv.h to get the KVP definitions. - drivers: hv: kvp: Cleanup the kernel/user protocol. - drivers: hv: Increase the number of VCPUs supported in the guest. - net/hyperv: Fix data corruption in rndis_filter_receive(). - net/hyperv: Add support for vlan trunking from guests. - Drivers: hv: Add new message types to enhance KVP. - Drivers: hv: Support the newly introduced KVP messages in the driver. - Tools: hv: Fully support the new KVP verbs in the user level daemon. - Tools: hv: Support enumeration from all the pools. - net/hyperv: Fix the code handling tx busy. - patches.suse/suse-hv-pata_piix-ignore-disks.patch replace our version of this patch with upstream variant: ata_piix: defer disks to the Hyper-V drivers by default libata: add a host flag to ignore detected ATA devices. Btrfs : - btrfs: more module message prefixes. - vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them - btrfs: flush all the dirty pages if try_to_writeback_inodes_sb_nr() fails - vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them - btrfs: fix locking in btrfs_destroy_delayed_refs - btrfs: wake up transaction waiters when aborting a transaction - btrfs: abort the transaction if the commit fails - btrfs: fix btrfs_destroy_marked_extents - btrfs: unlock everything properly in the error case for nocow - btrfs: fix return code in drop_objectid_items - btrfs: check to see if the inode is in the log before fsyncing - btrfs: pass locked_page into extent_clear_unlock_delalloc if theres an error - btrfs: check the return code of btrfs_save_ino_cache - btrfs: do not update atime for RO snapshots (FATE#306586). - btrfs: convert the inode bit field to use the actual bit operations - btrfs: fix deadlock when the process of delayed refs fails - btrfs: stop defrag the files automatically when doin readonly remount or umount - btrfs: avoid memory leak of extent state in error handling routine - btrfs: make sure that we have made everything in pinned tree clean - btrfs: destroy the items of the delayed inodes in error handling routine - btrfs: ulist realloc bugfix - btrfs: bugfix in btrfs_find_parent_nodes - btrfs: bugfix: ignore the wrong key for indirect tree block backrefs - btrfs: avoid buffer overrun in btrfs_printk - btrfs: fall back to non-inline if we do not have enough space - btrfs: NUL-terminate path buffer in DEV_INFO ioctl result - btrfs: avoid buffer overrun in mount option handling - btrfs: do not do balance in readonly mode - btrfs: fix the same inode id problem when doing auto defragment - btrfs: fix wrong error returned by adding a device - btrfs: use fastpath in extent state ops as much as possible Misc : - tcp: drop SYN+FIN messages. (bnc#765102) - mm: avoid swapping out with swappiness==0 (swappiness). - thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE. (bnc#762991) - paravirt: Split paravirt MMU ops (bnc#556135, bnc#754690, FATE#306453). - paravirt: Only export pv_mmu_ops symbol if PARAVIRT_MMU - parvirt: Stub support KABI for KVM_MMU (bnc#556135, bnc#754690, FATE#306453). - tmpfs: implement NUMA node interleaving. (bnc#764209) - synaptics-hp-clickpad: Fix the detection of LED on the recent HP laptops. (bnc#765524) - supported.conf: mark xt_AUDIT as supported. (bnc#765253) - mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition. (bnc#762991 / CVE-2012-2373) - xhci: Do not free endpoints in xhci_mem_cleanup(). (bnc#763307) - xhci: Fix invalid loop check in xhci_free_tt_info(). (bnc#763307) - drm: Skip too big EDID extensions. (bnc#764900) - drm/i915: Add HP EliteBook to LVDS-temporary-disable list. (bnc#763717) - hwmon: (fam15h_power) Increase output resolution. (bnc#759336) - hwmon: (k10temp) Add support for AMD Trinity CPUs. (bnc#759336) - rpm/kernel-binary.spec.in: Own the right -kdump initrd. (bnc#764500) - memcg: prevent from OOM with too many dirty pages. - dasd: re-prioritize partition detection message (bnc#764091,LTC#81617). - kernel: pfault task state race (bnc#764091,LTC#81724). - kernel: clear page table for sw large page emulation (bnc#764091,LTC#81933). - USB: fix bug of device descriptor got from superspeed device. (bnc#761087) - xfrm: take net hdr len into account for esp payload size calculation. (bnc#759545) - st: clean up dev cleanup in st_probe. (bnc#760806) - st: clean up device file creation and removal. (bnc#760806) - st: get rid of scsi_tapes array. (bnc#760806) - st: raise device limit. (bnc#760806) - st: Use static class attributes. (bnc#760806) - mm: Optimize put_mems_allowed() usage (VM performance). - cifs: fix oops while traversing open file list (try #4). (bnc#756050) - scsi: Fix dm-multipath starvation when scsi host is busy. (bnc#763485) - dasd: process all requests in the device tasklet. (bnc#763267) - rt2x00:Add RT539b chipset support. (bnc#760237) - kabi/severities: Ignore changes in drivers/net/wireless/rt2x00, these are just exports used among the rt2x00 modules. - rt2800: radio 3xxx: reprogram only lower bits of RF_R3. (bnc#759805) - rt2800: radio 3xxx: program RF_R1 during channel switch. (bnc#759805) - rt2800: radio 3xxxx: channel switch RX/TX calibration fixes. (bnc#759805) - rt2x00: Avoid unnecessary uncached. (bnc#759805) - rt2x00: Introduce sta_add/remove callbacks. (bnc#759805) - rt2x00: Add WCID to crypto struct. (bnc#759805) - rt2x00: Add WCID to HT TX descriptor. (bnc#759805) - rt2x00: Move bssidx calculation into its own function. (bnc#759805) - rt2x00: Make use of sta_add/remove callbacks in rt2800. (bnc#759805) - rt2x00: Forbid aggregation for STAs not programmed into the hw. (bnc#759805) - rt2x00: handle spurious pci interrupts. (bnc#759805) - rt2800: disable DMA after firmware load. - rt2800: radio 3xxx: add channel switch calibration routines. (bnc#759805) - rpm/kernel-binary.spec.in: Obsolete ath3k, as it is now in the tree. - floppy: remove floppy-specific O_EXCL handling. (bnc#757315) - floppy: convert to delayed work and single-thread wq. (bnc#761245)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=556135" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=735909" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=743579" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=744404" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=747404" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=754690" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=756050" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=757315" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=758243" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=759336" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=759545" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=759805" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=760237" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=760806" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=761087" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=761245" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=762991" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=762992" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=763267" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=763307" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=763485" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=763717" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=764091" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=764150" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=764209" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=764500" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=764900" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=765102" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=765253" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=765320" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=765524" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-4131.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2119.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2136.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2373.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2375.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2390.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 6463."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-syms"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2012/06/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2"); flag = 0; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-base-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-devel-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-extra-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-source-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-syms-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-base-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-devel-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-extra-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-base-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-devel-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-extra-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-default-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-default-base-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-default-devel-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-base-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-devel-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-source-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-syms-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-trace-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-trace-base-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-trace-devel-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-base-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-devel-3.0.34-0.7.9")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1541.NASL description Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6.2 Extended Update Support. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages contain the Linux kernel. Security fixes : * A malicious NFSv4 server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2011-4131, Moderate) * A flaw in the dl2k driver could allow a local, unprivileged user to issue potentially harmful IOCTLs, possibly causing Ethernet adapters using the driver to malfunction (such as losing network connectivity). (CVE-2012-2313, Low) Red Hat would like to thank Andy Adamson for reporting CVE-2011-4131, and Stephan Mueller for reporting CVE-2012-2313. Bug fixes : * A kernel oops occurred in the nf_nat code when a bogus pointer was dereferenced in the nf_conn_nat structure. Consequently, if Source Network Address Translation (SNAT) was performed, incorrect information could be received by other CTS (Clear to Send) signals. A conntrack entry is now placed in the source hash after SNAT has been completed, which prevents the described problems. (BZ#865715) * Previously, the ixgbe_setup_tc() function was called recursively when the set_state() CEE (Convergence Enhanced Ethernet) API routine was called in IEEE DCBX (Data Center Bridging eXchange) mode. This is considered unsafe according to the IEEE standards. With this update, the ixgbe driver has been modified to no longer call the set_state() routine in IEEE DCBX mode. The driver now calls routines of the PFC (Priority-based Flow Control) and ETS (Enhanced Transmission Selection) extensions instead of the CEE extension routines in IEEE DCBX mode. (BZ#867859) * A Symmetric Multi Processing (SMP) race condition between the munmap() and exit() function could lead to false-positive triggering of the BUG_ON() macro if Transparent Huge Pages (THP) were enabled. This update fixes the race condition, which avoids false-positive triggering of the BUG_ON() macro in this scenario. (BZ#875121) * The kernel allows high priority real time tasks, such as tasks scheduled with the SCHED_FIFO policy, to be throttled. Previously, the CPU stop tasks were scheduled as high priority real time tasks and could be thus throttled accordingly. However, the replenishment timer, which is responsible for clearing a throttle flag on tasks, could be pending on the just disabled CPU. This could lead to the situation that the throttled tasks were never scheduled to run. Consequently, if any of such tasks was needed to complete the CPU disabling, the system became unresponsive. This update introduces a new scheduler class, which gives a task the highest possible system priority and such a task cannot be throttled. The stop-task scheduling class is now used for the CPU stop tasks, and the system shutdown completes as expected in the scenario described. (BZ#876078) * Previously, XFS log buffers were handled incorrectly so that XFS could, in certain circumstances, incorrectly read metadata from the journal during XFS log recovery. As a consequence, XFS log recovery terminated with an error message and prevented the file system from being mounted. This problem could result in a loss of data if the user forcibly emptied the log to allow the file system to be mounted. This update ensures that metadata is read correctly from the log and journal recovery thus completes successfully, and the file system mounts as expected. (BZ#876498) * Previously, kernel was allowed to reduce the number of unnecessary commit calls by skipping the commit when there was a large number of outstanding pages being written. However, a test on the number of commits (ncommit) did not properly handle the edge case when ncommit was zero. Consequently, inodes sometimes remained on the sb->s_dirty list and could not be freed by the inode cache shrinker. As a result, the nfs_inode_cache structure grew very large over time. With this update, the call to the nfs_write_inode() function is immediately returned when commit == 0, thus fixing this bug. (BZ#877394) last seen 2020-06-01 modified 2020-06-02 plugin id 64068 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64068 title RHEL 6 : kernel (RHSA-2012:1541) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:1541. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(64068); script_version("1.18"); script_cvs_date("Date: 2019/10/24 15:35:36"); script_cve_id("CVE-2011-4131", "CVE-2012-2313"); script_bugtraq_id(50655, 53965); script_xref(name:"RHSA", value:"2012:1541"); script_name(english:"RHEL 6 : kernel (RHSA-2012:1541)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6.2 Extended Update Support. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages contain the Linux kernel. Security fixes : * A malicious NFSv4 server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2011-4131, Moderate) * A flaw in the dl2k driver could allow a local, unprivileged user to issue potentially harmful IOCTLs, possibly causing Ethernet adapters using the driver to malfunction (such as losing network connectivity). (CVE-2012-2313, Low) Red Hat would like to thank Andy Adamson for reporting CVE-2011-4131, and Stephan Mueller for reporting CVE-2012-2313. Bug fixes : * A kernel oops occurred in the nf_nat code when a bogus pointer was dereferenced in the nf_conn_nat structure. Consequently, if Source Network Address Translation (SNAT) was performed, incorrect information could be received by other CTS (Clear to Send) signals. A conntrack entry is now placed in the source hash after SNAT has been completed, which prevents the described problems. (BZ#865715) * Previously, the ixgbe_setup_tc() function was called recursively when the set_state() CEE (Convergence Enhanced Ethernet) API routine was called in IEEE DCBX (Data Center Bridging eXchange) mode. This is considered unsafe according to the IEEE standards. With this update, the ixgbe driver has been modified to no longer call the set_state() routine in IEEE DCBX mode. The driver now calls routines of the PFC (Priority-based Flow Control) and ETS (Enhanced Transmission Selection) extensions instead of the CEE extension routines in IEEE DCBX mode. (BZ#867859) * A Symmetric Multi Processing (SMP) race condition between the munmap() and exit() function could lead to false-positive triggering of the BUG_ON() macro if Transparent Huge Pages (THP) were enabled. This update fixes the race condition, which avoids false-positive triggering of the BUG_ON() macro in this scenario. (BZ#875121) * The kernel allows high priority real time tasks, such as tasks scheduled with the SCHED_FIFO policy, to be throttled. Previously, the CPU stop tasks were scheduled as high priority real time tasks and could be thus throttled accordingly. However, the replenishment timer, which is responsible for clearing a throttle flag on tasks, could be pending on the just disabled CPU. This could lead to the situation that the throttled tasks were never scheduled to run. Consequently, if any of such tasks was needed to complete the CPU disabling, the system became unresponsive. This update introduces a new scheduler class, which gives a task the highest possible system priority and such a task cannot be throttled. The stop-task scheduling class is now used for the CPU stop tasks, and the system shutdown completes as expected in the scenario described. (BZ#876078) * Previously, XFS log buffers were handled incorrectly so that XFS could, in certain circumstances, incorrectly read metadata from the journal during XFS log recovery. As a consequence, XFS log recovery terminated with an error message and prevented the file system from being mounted. This problem could result in a loss of data if the user forcibly emptied the log to allow the file system to be mounted. This update ensures that metadata is read correctly from the log and journal recovery thus completes successfully, and the file system mounts as expected. (BZ#876498) * Previously, kernel was allowed to reduce the number of unnecessary commit calls by skipping the commit when there was a large number of outstanding pages being written. However, a test on the number of commits (ncommit) did not properly handle the edge case when ncommit was zero. Consequently, inodes sometimes remained on the sb->s_dirty list and could not be freed by the inode cache shrinker. As a result, the nfs_inode_cache structure grew very large over time. With this update, the call to the nfs_write_inode() function is immediately returned when commit == 0, thus fixing this bug. (BZ#877394)" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2012:1541" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-4131" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-2313" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:A/AC:H/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-firmware"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/17"); script_set_attribute(attribute:"patch_publication_date", value:"2012/12/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2011-4131", "CVE-2012-2313"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2012:1541"); } else { __rpm_report = ksplice_reporting_text(); } } yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2012:1541"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"kernel-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"kernel-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"kernel-debug-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"kernel-debug-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debug-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"kernel-debug-debuginfo-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"kernel-debug-debuginfo-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debug-debuginfo-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"kernel-debug-devel-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"kernel-debug-devel-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debug-devel-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"kernel-debuginfo-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"kernel-debuginfo-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debuginfo-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"kernel-debuginfo-common-i686-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"kernel-debuginfo-common-s390x-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"kernel-devel-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"kernel-devel-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-devel-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"kernel-doc-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"kernel-firmware-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"kernel-headers-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"kernel-headers-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-headers-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"kernel-kdump-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"kernel-kdump-debuginfo-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"kernel-kdump-devel-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"perf-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"perf-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perf-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"perf-debuginfo-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"perf-debuginfo-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perf-debuginfo-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"python-perf-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"python-perf-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"python-perf-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"python-perf-debuginfo-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"s390x", reference:"python-perf-debuginfo-2.6.32-220.30.1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"python-perf-debuginfo-2.6.32-220.30.1.el6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc"); } }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1472-1.NASL description Andy Adamson discovered a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 59476 published 2012-06-13 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59476 title Ubuntu 11.10 : linux vulnerabilities (USN-1472-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1472-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(59476); script_version("1.11"); script_cvs_date("Date: 2019/09/19 12:54:28"); script_cve_id("CVE-2011-4131", "CVE-2012-2121", "CVE-2012-2133", "CVE-2012-2313", "CVE-2012-2319", "CVE-2012-2383", "CVE-2012-2384"); script_bugtraq_id(53401); script_xref(name:"USN", value:"1472-1"); script_name(english:"Ubuntu 11.10 : linux vulnerabilities (USN-1472-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Andy Adamson discovered a flaw in the Linux kernel's NFSv4 implementation. A remote NFS server (attacker) could exploit this flaw to cause a denial of service. (CVE-2011-4131) A flaw was discovered in the Linux kernel's KVM (kernel virtual machine). An administrative user in the guest OS could leverage this flaw to cause a denial of service in the host OS. (CVE-2012-2121) Schacher Raindel discovered a flaw in the Linux kernel's memory handling when hugetlb is enabled. An unprivileged local attacker could exploit this flaw to cause a denial of service and potentially gain higher privileges. (CVE-2012-2133) Stephan Mueller reported a flaw in the Linux kernel's dl2k network driver's handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. (CVE-2012-2313) Timo Warns reported multiple flaws in the Linux kernel's hfsplus filesystem. An unprivileged local user could exploit these flaws to gain root system priviliges. (CVE-2012-2319) Xi Wang discovered a flaw in the Linux kernel's i915 graphics driver handling of cliprect on 32 bit systems. An unprivileged local attacker could leverage this flaw to cause a denial of service or potentially gain root privileges. (CVE-2012-2383) Xi Wang discovered a flaw in the Linux kernel's i915 graphics driver handling of buffer_count on 32 bit systems. An unprivileged local attacker could leverage this flaw to cause a denial of service or potentially gain root privileges. (CVE-2012-2384). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1472-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-virtual"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/17"); script_set_attribute(attribute:"patch_publication_date", value:"2012/06/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(11\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 11.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2011-4131", "CVE-2012-2121", "CVE-2012-2133", "CVE-2012-2313", "CVE-2012-2319", "CVE-2012-2383", "CVE-2012-2384"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1472-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"11.10", pkgname:"linux-image-3.0.0-21-generic", pkgver:"3.0.0-21.35")) flag++; if (ubuntu_check(osver:"11.10", pkgname:"linux-image-3.0.0-21-generic-pae", pkgver:"3.0.0-21.35")) flag++; if (ubuntu_check(osver:"11.10", pkgname:"linux-image-3.0.0-21-server", pkgver:"3.0.0-21.35")) flag++; if (ubuntu_check(osver:"11.10", pkgname:"linux-image-3.0.0-21-virtual", pkgver:"3.0.0-21.35")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.0-generic / linux-image-3.0-generic-pae / etc"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1530-1.NASL description Andy Adamson discovered a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 61508 published 2012-08-13 reporter Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61508 title USN-1530-1 : linux-ti-omap4 vulnerabilities code # This script was automatically generated from Ubuntu Security # Notice USN-1530-1. It is released under the Nessus Script # Licence. # # Ubuntu Security Notices are (C) Canonical, Inc. # See http://www.ubuntu.com/usn/ # Ubuntu(R) is a registered trademark of Canonical, Inc. if (!defined_func("bn_random")) exit(0); include("compat.inc"); if (description) { script_id(61508); script_version("$Revision: 1.3 $"); script_cvs_date("$Date: 2016/12/01 20:56:51 $"); script_cve_id("CVE-2011-4131", "CVE-2012-2123", "CVE-2012-2136", "CVE-2012-2313", "CVE-2012-2319", "CVE-2012-2372", "CVE-2012-2375"); script_xref(name:"USN", value:"1530-1"); script_name(english:"USN-1530-1 : linux-ti-omap4 vulnerabilities"); script_summary(english:"Checks dpkg output for updated package(s)"); script_set_attribute(attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches."); script_set_attribute(attribute:"description", value: "Andy Adamson discovered a flaw in the Linux kernel's NFSv4 implementation. A remote NFS server (attacker) could exploit this flaw to cause a denial of service. (CVE-2011-4131) Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. (CVE-2012-2123) An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. (CVE-2012-2136) Stephan Mueller reported a flaw in the Linux kernel's dl2k network driver's handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. (CVE-2012-2313) Timo Warns reported multiple flaws in the Linux kernel's hfsplus filesystem. An unprivileged local user could exploit these flaws to gain root system priviliges. (CVE-2012-2319) A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2372) A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS). (CVE-2012-2375)"); script_set_attribute(attribute:"see_also", value:"http://www.ubuntu.com/usn/usn-1530-1/"); script_set_attribute(attribute:"solution", value:"Update the affected package(s)."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Ubuntu Local Security Checks"); script_copyright("Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("ubuntu.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/Ubuntu/release")) exit(0, "The host is not running Ubuntu."); if (!get_kb_item("Host/Debian/dpkg-l")) exit(1, "Could not obtain the list of installed packages."); flag = 0; if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-1209-omap4", pkgver:"2.6.38-1209.25")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");
NASL family SuSE Local Security Checks NASL id SUSE_11_KERNEL-120418.NASL description The SUSE Linux Enterprise 11 SP2 kernel has been updated to 3.0.26, which fixes a lot of bugs and security issues. The following security issues have been fixed : - A locking problem in transparent hugepage support could be used by local attackers to potentially crash the host, or via kvm a privileged guest user could crash the kvm host system. (CVE-2012-1179) - A potential hypervisor escape by issuing SG_IO commands to partitiondevices was fixed by restricting access to these commands. (CVE-2011-4127) - A local attacker could oops the kernel using memory control groups and eventfds. (CVE-2012-1146) - Limit the path length users can build using epoll() to avoid local attackers consuming lots of kernel CPU time. (CVE-2011-1083) - The regset common infrastructure assumed that regsets would always have .get and .set methods, but necessarily .active methods. Unfortunately people have since written regsets without .set method, so NULL pointer dereference attacks were possible. (CVE-2012-1097) - Access to the /proc/pid/taskstats file requires root access to avoid side channel (timing keypresses etc.) attacks on other users. (CVE-2011-2494) - Fixed a oops in jbd/jbd2 that could be caused by specific filesystem access patterns. (CVE-2011-4086) - A malicious NFSv4 server could have caused a oops in the nfsv4 acl handling. (CVE-2011-4131) - Fixed a oops in jbd/jbd2 that could be caused by mounting a malicious prepared filesystem. (Also included are all fixes from the 3.0.14 -> 3.0.25 stable kernel updates.). (CVE-2011-4132) The following non-security issues have been fixed : EFI : - efivars: add missing parameter to efi_pstore_read(). BTRFS : - add a few error cleanups. - btrfs: handle errors when excluding super extents (FATE#306586 bnc#751015). - btrfs: Fix missing goto in btrfs_ioctl_clone. - btrfs: Fixed mishandled -EAGAIN error case from btrfs_split_item. (bnc#750459) - btrfs: disallow unequal data/metadata blocksize for mixed block groups (FATE#306586). - btrfs: enhance superblock sanity checks (FATE#306586 bnc#749651). - btrfs: update message levels (FATE#306586). - btrfs 3.3-rc6 updates : - avoid setting ->d_op twice (FATE#306586 bnc#731387). - btrfs: fix wrong information of the directory in the snapshot (FATE#306586). - btrfs: fix race in reada (FATE#306586). - btrfs: do not add both copies of DUP to reada extent tree (FATE#306586). - btrfs: stop silently switching single chunks to raid0 on balance (FATE#306586). - btrfs: fix locking issues in find_parent_nodes() (FATE#306586). - btrfs: fix casting error in scrub reada code (FATE#306586). - btrfs sync with upstream up to 3.3-rc5 (FATE#306586) - btrfs: Sector Size check during Mount - btrfs: avoid positive number with ERR_PTR - btrfs: return the internal error unchanged if btrfs_get_extent_fiemap() call failed for SEEK_DATA/SEEK_HOLE inquiry. - btrfs: fix trim 0 bytes after a device delete - btrfs: do not check DUP chunks twice - btrfs: fix memory leak in load_free_space_cache() - btrfs: delalloc for page dirtied out-of-band in fixup worker - btrfs: fix structs where bitfields and spinlock/atomic share 8B word. - btrfs: silence warning in raid array setup. - btrfs: honor umask when creating subvol root. - btrfs: fix return value check of extent_io_ops. - btrfs: fix deadlock on page lock when doing auto-defragment. - btrfs: check return value of lookup_extent_mapping() correctly. - btrfs: skip states when they does not contain bits to clear. - btrfs: kick out redundant stuff in convert_extent_bit. - btrfs: fix a bug on overcommit stuff. - btrfs: be less strict on finding next node in clear_extent_bit. - btrfs: improve error handling for btrfs_insert_dir_item callers. - btrfs: make sure we update latest_bdev. - btrfs: add extra sanity checks on the path names in btrfs_mksubvol. - btrfs: clear the extent uptodate bits during parent transid failures. - btrfs: increase the global block reserve estimates. - btrfs: fix compiler warnings on 32 bit systems. - Clean up unused code, fix use of error-indicated pointer in transaction teardown. (bnc#748854) - btrfs: fix return value check of extent_io_ops. - btrfs: fix deadlock on page lock when doing auto-defragment. - btrfs: check return value of lookup_extent_mapping() correctly. - btrfs: skip states when they does not contain bits to clear. - btrfs: kick out redundant stuff in convert_extent_bit. - btrfs: fix a bug on overcommit stuff. - btrfs: be less strict on finding next node in clear_extent_bit. - btrfs: do not reserve data with extents locked in btrfs_fallocate. - btrfs: avoid positive number with ERR_PTR. - btrfs: return the internal error unchanged if btrfs_get_extent_fiemap() call failed for SEEK_DATA/SEEK_HOLE inquiry. - btrfs: fix trim 0 bytes after a device delete. - btrfs: do not check DUP chunks twice. - btrfs: fix memory leak in load_free_space_cache(). - btrfs: fix permissions of new subvolume. (bnc#746373) - btrfs: set ioprio of scrub readahead to idle. - fix logic in condition in BTRFS_FEATURE_INCOMPAT_MIXED_GROUPS - fix incorrect exclusion of superblock from blockgroups. (bnc#751743) - patches.suse/btrfs-8059-handle-errors-when-excluding-sup er-extents.patch: fix incorrect default value. - fix aio/dio bio refcounting bnc#718918. - btrfs: fix locking issues in find_parent_nodes() - Btrfs: fix casting error in scrub reada code - patches.suse/btrfs-8059-handle-errors-when-excluding-sup er-extents.patch: Fix uninitialized variable. - btrfs: handle errors from read_tree_block. (bnc#748632) - btrfs: push-up errors from btrfs_num_copies. (bnc#748632) - patches.suse/btrfs-8059-handle-errors-when-excluding-sup er-extents.patch: disable due to potential corruptions (bnc#751743) XFS : - XFS read/write calls do not generate DMAPI events. (bnc#751885) - xfs/dmapi: Remove cached vfsmount. (bnc#749417) - xfs: Fix oops on IO error during xlog_recover_process_iunlinks() (bnc#716850). NFS : - nfs: Do not allow multiple mounts on same mountpoint when using -o noac. (bnc#745422) - lockd: fix arg parsing for grace_period and timeout (bnc#733761). MD : - raid10: Disable recovery when recovery cannot proceed. (bnc#751171) - md/bitmap: ensure to load bitmap when creating via sysfs. - md: do not set md arrays to readonly on shutdown. (bnc#740180, bnc#713148, bnc#734900) - md: allow last device to be forcibly removed from RAID1/RAID10. (bnc#746717) - md: allow re-add to failed arrays. (bnc#746717) - md: Correctly handle read failure from last working device in RAID10. (bnc#746717) - patches.suse/0003-md-raid1-add-failfast-handling-for-wri tes.patch: Refresh to not crash when handling write error on FailFast devices. bnc#747159 - md/raid10: Fix kernel oops during drive failure. (bnc#750995) - patches.suse/md-re-add-to-failed: Update references. (bnc#746717) - md/raid10: handle merge_bvec_fn in member devices. - md/raid10 - support resizing some RAID10 arrays. Hyper-V : - update hyperv drivers to 3.3-rc7 and move them out of staging: hv_timesource -> merged into core kernel hv_vmbus -> drivers/hv/hv_vmbus hv_utils -> drivers/hv/hv_utils hv_storvsc -> drivers/scsi/hv_storvsc hv_netvsc -> drivers/net/hyperv/hv_netvsc hv_mousevsc -> drivers/hid/hid-hyperv add compat modalias for hv_mousevsc update supported.conf rename all 333 patches, use msft-hv- and suse-hv- as prefix - net/hyperv: Use netif_tx_disable() instead of netif_stop_queue() when necessary. - net/hyperv: rx_bytes should account the ether header size. - net/hyperv: fix the issue that large packets be dropped under bridge. - net/hyperv: Fix the page buffer when an RNDIS message goes beyond page boundary. - net/hyperv: fix erroneous NETDEV_TX_BUSY use. SCSI : - sd: mark busy sd majors as allocated (bug#744658). - st: expand tape driver ability to write immediate filemarks. (bnc#688996) - scsi scan: do not fail scans when host is in recovery (bnc#747867). S/390 : - dasd: Implement block timeout handling. (bnc#746717) - callhome: fix broken proc interface and activate compid (bnc#748862,LTC#79115). - ctcmpc: use correct idal word list for ctcmpc (bnc#750173,LTC#79264). - Fix recovery in case of concurrent asynchronous deliveries (bnc#748629,LTC#78309). - kernel: 3215 console deadlock (bnc#748629,LTC#78612). - qeth: synchronize discipline module loading (bnc#748629,LTC#78788). - memory hotplug: prevent memory zone interleave (bnc#748629,LTC#79113). - dasd: fix fixpoint divide exception in define_extent (bnc#748629,LTC#79125). - kernel: incorrect kernel message tags (bnc#744795,LTC#78356). - lcs: lcs offline failure (bnc#752484,LTC#79788). - qeth: add missing wake_up call (bnc#752484,LTC#79899). - dasd: Terminate inactive cqrs correctly. (bnc#750995) - dasd: detailed I/O errors. (bnc#746717) - patches.suse/dasd-blk-timeout.patch: Only activate blk_timeout for failfast requests (bnc#753617). ALSA : - ALSA: hda - Set codec to D3 forcibly even if not used. (bnc#750426) - ALSA: hda - Add Realtek ALC269VC codec support. (bnc#748827) - ALSA: hda/realtek - Apply the coef-setup only to ALC269VB. (bnc#748827) - ALSA: pcm - Export snd_pcm_lib_default_mmap() helper. (bnc#748384,bnc#738597) - ALSA: hda - Add snoop option. (bnc#748384,bnc#738597) - ALSA: HDA: Add support for new AMD products. (bnc#748384,bnc#738597) - ALSA: hda - Fix audio playback support on HP Zephyr system. (bnc#749787) - ALSA: hda - Fix mute-LED VREF value for new HP laptops (bnc#745741). EXT3 : - enable patches.suse/ext3-increase-reservation-window.patch. DRM : - drm/i915: Force explicit bpp selection for intel_dp_link_required. (bnc#749980) - drm/i915/dp: Dither down to 6bpc if it makes the mode fit. (bnc#749980) - drm/i915/dp: Read more DPCD registers on connection probe. (bnc#749980) - drm/i915: fixup interlaced bits clearing in PIPECONF on PCH_SPLIT. (bnc#749980) - drm/i915: read full receiver capability field during DP hot plug. (bnc#749980) - drm/intel: Fix initialization if startup happens in interlaced mode [v2]. (bnc#749980) - drm/i915 IVY/SNB fix patches from upstream 3.3-rc5 & rc6: patches.drivers/drm-i915-Prevent-a-machine-hang-by-check ing-crtc-act, patches.drivers/drm-i915-do-not-enable-RC6p-on-Sandy-Bri dge, patches.drivers/drm-i915-fix-operator-precedence-when-en abling-RC6p, patches.drivers/drm-i915-gen7-Disable-the-RHWO-optimizat ion-as-it-ca, patches.drivers/drm-i915-gen7-Implement-an-L3-caching-wo rkaround, patches.drivers/drm-i915-gen7-implement-rczunit-workarou nd, patches.drivers/drm-i915-gen7-work-around-a-system-hang- on-IVB - drm/i915: Clear the TV sense state bits on cantiga to make TV detection reliable. (bnc#750041) - drm/i915: Do not write DSPSURF for old chips. (bnc#747071) - drm: Do not delete DPLL Multiplier during DAC init. (bnc#728840) - drm: Set depth on low mem Radeon cards to 16 instead of 8. (bnc#746883) - patches.drivers/drm-i915-set-AUD_CONFIG_N_index-for-DP: Refresh. Updated the patch from the upstream. (bnc#722560) - Add a few missing drm/i915 fixes from upstream 3.2 kernel (bnc#744392) : - drm/i915: Sanitize BIOS debugging bits from PIPECONF. (bnc#751916) - drm/i915: Add lvds_channel module option. (bnc#739837) - drm/i915: Check VBIOS value for determining LVDS dual channel mode, too. (bnc#739837) - agp: fix scratch page cleanup. (bnc#738679) - drm/i915: suspend fbdev device around suspend/hibernate (bnc#732908). ACPI : - supported.conf: Add acpi_ipmi as supported (bnc#716971). MM : - cpusets: avoid looping when storing to mems_allowed if one. - cpusets: avoid stall when updating mems_allowed for mempolicy. - cpuset: mm: Reduce large amounts of memory barrier related slowdown. - mm: make swapin readahead skip over holes. - mm: allow PF_MEMALLOC from softirq context. - mm: Ensure processes do not remain throttled under memory pressure. (Swap over NFS (fate#304949, bnc#747944). - mm: Allow sparsemem usemap allocations for very large NUMA nodes. (bnc#749049) - backing-dev: fix wakeup timer races with bdi_unregister(). (bnc#741824) - readahead: fix pipeline break caused by block plug. (bnc#746454) - Fix uninitialised variable warning and obey the [get|put]_mems_allowed API. CIFS : - cifs: fix dentry refcount leak when opening a FIFO on lookup (CVE-2012-1090 / bnc#749569). USB : - xhci: Fix encoding for HS bulk/control NAK rate. (bnc#750402) - USB: Fix handoff when BIOS disables host PCI device. (bnc#747878) - USB: Do not fail USB3 probe on missing legacy PCI IRQ. (bnc#749543) - USB: Adding #define in hub_configure() and hcd.c file. (bnc#714604) - USB: remove BKL comments. (bnc#714604) - xHCI: Adding #define values used for hub descriptor. (bnc#714604) - xHCI: Kick khubd when USB3 resume really completes. (bnc#714604) - xhci: Fix oops caused by more USB2 ports than USB3 ports. (bnc#714604) - USB/xhci: Enable remote wakeup for USB3 devices. (bnc#714604) - USB: Suspend functions before putting dev into U3. (bnc#714604) - USB/xHCI: Enable USB 3.0 hub remote wakeup. (bnc#714604) - USB: Refactor hub remote wake handling. (bnc#714604) - USB/xHCI: Support device-initiated USB 3.0 resume. (bnc#714604) - USB: Set wakeup bits for all children hubs. (bnc#714604) - USB: Turn on auto-suspend for USB 3.0 hubs. (bnc#714604) - USB: Set hub depth after USB3 hub reset. (bnc#749115) - xhci: Fix USB 3.0 device restart on resume. (bnc#745867) - xhci: Remove scary warnings about transfer issues. (bnc#745867) - xhci: Remove warnings about MSI and MSI-X capabilities (bnc#745867). Other : - PCI / PCIe: Introduce command line option to disable ARI. (bnc#742845) - PCI: Set device power state to PCI_D0 for device without native PM support (bnc#752972). X86 : - x86/UV: Lower UV rtc clocksource rating. (bnc#748456) - x86, mce, therm_throt: Do not report power limit and package level thermal throttle events in mcelog. (bnc#745876) - x86: Unlock nmi lock after kdb_ipi call. (bnc#745424) - x86, tsc: Fix SMI induced variation in quick_pit_calibrate(). (bnc#751322) XEN : - Update Xen patches to 3.0.22. - xenbus_dev: add missing error checks to watch handling. - drivers/xen/: use strlcpy() instead of strncpy(). - xenoprof: backward compatibility for changed XENOPROF_ESCAPE_CODE. - blkfront: properly fail packet requests. (bnc#745929) - Refresh other Xen patches. (bnc#732070, bnc#742871) - xenbus: do not free other end details too early. - blkback: also call blkif_disconnect() when frontend switched to closed. - gnttab: add deferred freeing logic. - blkback: failure to write last seen 2020-06-05 modified 2012-04-24 plugin id 58845 published 2012-04-24 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58845 title SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6163 / 6164 / 6172) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(58845); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2011-1083", "CVE-2011-2494", "CVE-2011-4086", "CVE-2011-4127", "CVE-2011-4131", "CVE-2011-4132", "CVE-2012-1090", "CVE-2012-1097", "CVE-2012-1146", "CVE-2012-1179"); script_name(english:"SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6163 / 6164 / 6172)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The SUSE Linux Enterprise 11 SP2 kernel has been updated to 3.0.26, which fixes a lot of bugs and security issues. The following security issues have been fixed : - A locking problem in transparent hugepage support could be used by local attackers to potentially crash the host, or via kvm a privileged guest user could crash the kvm host system. (CVE-2012-1179) - A potential hypervisor escape by issuing SG_IO commands to partitiondevices was fixed by restricting access to these commands. (CVE-2011-4127) - A local attacker could oops the kernel using memory control groups and eventfds. (CVE-2012-1146) - Limit the path length users can build using epoll() to avoid local attackers consuming lots of kernel CPU time. (CVE-2011-1083) - The regset common infrastructure assumed that regsets would always have .get and .set methods, but necessarily .active methods. Unfortunately people have since written regsets without .set method, so NULL pointer dereference attacks were possible. (CVE-2012-1097) - Access to the /proc/pid/taskstats file requires root access to avoid side channel (timing keypresses etc.) attacks on other users. (CVE-2011-2494) - Fixed a oops in jbd/jbd2 that could be caused by specific filesystem access patterns. (CVE-2011-4086) - A malicious NFSv4 server could have caused a oops in the nfsv4 acl handling. (CVE-2011-4131) - Fixed a oops in jbd/jbd2 that could be caused by mounting a malicious prepared filesystem. (Also included are all fixes from the 3.0.14 -> 3.0.25 stable kernel updates.). (CVE-2011-4132) The following non-security issues have been fixed : EFI : - efivars: add missing parameter to efi_pstore_read(). BTRFS : - add a few error cleanups. - btrfs: handle errors when excluding super extents (FATE#306586 bnc#751015). - btrfs: Fix missing goto in btrfs_ioctl_clone. - btrfs: Fixed mishandled -EAGAIN error case from btrfs_split_item. (bnc#750459) - btrfs: disallow unequal data/metadata blocksize for mixed block groups (FATE#306586). - btrfs: enhance superblock sanity checks (FATE#306586 bnc#749651). - btrfs: update message levels (FATE#306586). - btrfs 3.3-rc6 updates : - avoid setting ->d_op twice (FATE#306586 bnc#731387). - btrfs: fix wrong information of the directory in the snapshot (FATE#306586). - btrfs: fix race in reada (FATE#306586). - btrfs: do not add both copies of DUP to reada extent tree (FATE#306586). - btrfs: stop silently switching single chunks to raid0 on balance (FATE#306586). - btrfs: fix locking issues in find_parent_nodes() (FATE#306586). - btrfs: fix casting error in scrub reada code (FATE#306586). - btrfs sync with upstream up to 3.3-rc5 (FATE#306586) - btrfs: Sector Size check during Mount - btrfs: avoid positive number with ERR_PTR - btrfs: return the internal error unchanged if btrfs_get_extent_fiemap() call failed for SEEK_DATA/SEEK_HOLE inquiry. - btrfs: fix trim 0 bytes after a device delete - btrfs: do not check DUP chunks twice - btrfs: fix memory leak in load_free_space_cache() - btrfs: delalloc for page dirtied out-of-band in fixup worker - btrfs: fix structs where bitfields and spinlock/atomic share 8B word. - btrfs: silence warning in raid array setup. - btrfs: honor umask when creating subvol root. - btrfs: fix return value check of extent_io_ops. - btrfs: fix deadlock on page lock when doing auto-defragment. - btrfs: check return value of lookup_extent_mapping() correctly. - btrfs: skip states when they does not contain bits to clear. - btrfs: kick out redundant stuff in convert_extent_bit. - btrfs: fix a bug on overcommit stuff. - btrfs: be less strict on finding next node in clear_extent_bit. - btrfs: improve error handling for btrfs_insert_dir_item callers. - btrfs: make sure we update latest_bdev. - btrfs: add extra sanity checks on the path names in btrfs_mksubvol. - btrfs: clear the extent uptodate bits during parent transid failures. - btrfs: increase the global block reserve estimates. - btrfs: fix compiler warnings on 32 bit systems. - Clean up unused code, fix use of error-indicated pointer in transaction teardown. (bnc#748854) - btrfs: fix return value check of extent_io_ops. - btrfs: fix deadlock on page lock when doing auto-defragment. - btrfs: check return value of lookup_extent_mapping() correctly. - btrfs: skip states when they does not contain bits to clear. - btrfs: kick out redundant stuff in convert_extent_bit. - btrfs: fix a bug on overcommit stuff. - btrfs: be less strict on finding next node in clear_extent_bit. - btrfs: do not reserve data with extents locked in btrfs_fallocate. - btrfs: avoid positive number with ERR_PTR. - btrfs: return the internal error unchanged if btrfs_get_extent_fiemap() call failed for SEEK_DATA/SEEK_HOLE inquiry. - btrfs: fix trim 0 bytes after a device delete. - btrfs: do not check DUP chunks twice. - btrfs: fix memory leak in load_free_space_cache(). - btrfs: fix permissions of new subvolume. (bnc#746373) - btrfs: set ioprio of scrub readahead to idle. - fix logic in condition in BTRFS_FEATURE_INCOMPAT_MIXED_GROUPS - fix incorrect exclusion of superblock from blockgroups. (bnc#751743) - patches.suse/btrfs-8059-handle-errors-when-excluding-sup er-extents.patch: fix incorrect default value. - fix aio/dio bio refcounting bnc#718918. - btrfs: fix locking issues in find_parent_nodes() - Btrfs: fix casting error in scrub reada code - patches.suse/btrfs-8059-handle-errors-when-excluding-sup er-extents.patch: Fix uninitialized variable. - btrfs: handle errors from read_tree_block. (bnc#748632) - btrfs: push-up errors from btrfs_num_copies. (bnc#748632) - patches.suse/btrfs-8059-handle-errors-when-excluding-sup er-extents.patch: disable due to potential corruptions (bnc#751743) XFS : - XFS read/write calls do not generate DMAPI events. (bnc#751885) - xfs/dmapi: Remove cached vfsmount. (bnc#749417) - xfs: Fix oops on IO error during xlog_recover_process_iunlinks() (bnc#716850). NFS : - nfs: Do not allow multiple mounts on same mountpoint when using -o noac. (bnc#745422) - lockd: fix arg parsing for grace_period and timeout (bnc#733761). MD : - raid10: Disable recovery when recovery cannot proceed. (bnc#751171) - md/bitmap: ensure to load bitmap when creating via sysfs. - md: do not set md arrays to readonly on shutdown. (bnc#740180, bnc#713148, bnc#734900) - md: allow last device to be forcibly removed from RAID1/RAID10. (bnc#746717) - md: allow re-add to failed arrays. (bnc#746717) - md: Correctly handle read failure from last working device in RAID10. (bnc#746717) - patches.suse/0003-md-raid1-add-failfast-handling-for-wri tes.patch: Refresh to not crash when handling write error on FailFast devices. bnc#747159 - md/raid10: Fix kernel oops during drive failure. (bnc#750995) - patches.suse/md-re-add-to-failed: Update references. (bnc#746717) - md/raid10: handle merge_bvec_fn in member devices. - md/raid10 - support resizing some RAID10 arrays. Hyper-V : - update hyperv drivers to 3.3-rc7 and move them out of staging: hv_timesource -> merged into core kernel hv_vmbus -> drivers/hv/hv_vmbus hv_utils -> drivers/hv/hv_utils hv_storvsc -> drivers/scsi/hv_storvsc hv_netvsc -> drivers/net/hyperv/hv_netvsc hv_mousevsc -> drivers/hid/hid-hyperv add compat modalias for hv_mousevsc update supported.conf rename all 333 patches, use msft-hv- and suse-hv- as prefix - net/hyperv: Use netif_tx_disable() instead of netif_stop_queue() when necessary. - net/hyperv: rx_bytes should account the ether header size. - net/hyperv: fix the issue that large packets be dropped under bridge. - net/hyperv: Fix the page buffer when an RNDIS message goes beyond page boundary. - net/hyperv: fix erroneous NETDEV_TX_BUSY use. SCSI : - sd: mark busy sd majors as allocated (bug#744658). - st: expand tape driver ability to write immediate filemarks. (bnc#688996) - scsi scan: do not fail scans when host is in recovery (bnc#747867). S/390 : - dasd: Implement block timeout handling. (bnc#746717) - callhome: fix broken proc interface and activate compid (bnc#748862,LTC#79115). - ctcmpc: use correct idal word list for ctcmpc (bnc#750173,LTC#79264). - Fix recovery in case of concurrent asynchronous deliveries (bnc#748629,LTC#78309). - kernel: 3215 console deadlock (bnc#748629,LTC#78612). - qeth: synchronize discipline module loading (bnc#748629,LTC#78788). - memory hotplug: prevent memory zone interleave (bnc#748629,LTC#79113). - dasd: fix fixpoint divide exception in define_extent (bnc#748629,LTC#79125). - kernel: incorrect kernel message tags (bnc#744795,LTC#78356). - lcs: lcs offline failure (bnc#752484,LTC#79788). - qeth: add missing wake_up call (bnc#752484,LTC#79899). - dasd: Terminate inactive cqrs correctly. (bnc#750995) - dasd: detailed I/O errors. (bnc#746717) - patches.suse/dasd-blk-timeout.patch: Only activate blk_timeout for failfast requests (bnc#753617). ALSA : - ALSA: hda - Set codec to D3 forcibly even if not used. (bnc#750426) - ALSA: hda - Add Realtek ALC269VC codec support. (bnc#748827) - ALSA: hda/realtek - Apply the coef-setup only to ALC269VB. (bnc#748827) - ALSA: pcm - Export snd_pcm_lib_default_mmap() helper. (bnc#748384,bnc#738597) - ALSA: hda - Add snoop option. (bnc#748384,bnc#738597) - ALSA: HDA: Add support for new AMD products. (bnc#748384,bnc#738597) - ALSA: hda - Fix audio playback support on HP Zephyr system. (bnc#749787) - ALSA: hda - Fix mute-LED VREF value for new HP laptops (bnc#745741). EXT3 : - enable patches.suse/ext3-increase-reservation-window.patch. DRM : - drm/i915: Force explicit bpp selection for intel_dp_link_required. (bnc#749980) - drm/i915/dp: Dither down to 6bpc if it makes the mode fit. (bnc#749980) - drm/i915/dp: Read more DPCD registers on connection probe. (bnc#749980) - drm/i915: fixup interlaced bits clearing in PIPECONF on PCH_SPLIT. (bnc#749980) - drm/i915: read full receiver capability field during DP hot plug. (bnc#749980) - drm/intel: Fix initialization if startup happens in interlaced mode [v2]. (bnc#749980) - drm/i915 IVY/SNB fix patches from upstream 3.3-rc5 & rc6: patches.drivers/drm-i915-Prevent-a-machine-hang-by-check ing-crtc-act, patches.drivers/drm-i915-do-not-enable-RC6p-on-Sandy-Bri dge, patches.drivers/drm-i915-fix-operator-precedence-when-en abling-RC6p, patches.drivers/drm-i915-gen7-Disable-the-RHWO-optimizat ion-as-it-ca, patches.drivers/drm-i915-gen7-Implement-an-L3-caching-wo rkaround, patches.drivers/drm-i915-gen7-implement-rczunit-workarou nd, patches.drivers/drm-i915-gen7-work-around-a-system-hang- on-IVB - drm/i915: Clear the TV sense state bits on cantiga to make TV detection reliable. (bnc#750041) - drm/i915: Do not write DSPSURF for old chips. (bnc#747071) - drm: Do not delete DPLL Multiplier during DAC init. (bnc#728840) - drm: Set depth on low mem Radeon cards to 16 instead of 8. (bnc#746883) - patches.drivers/drm-i915-set-AUD_CONFIG_N_index-for-DP: Refresh. Updated the patch from the upstream. (bnc#722560) - Add a few missing drm/i915 fixes from upstream 3.2 kernel (bnc#744392) : - drm/i915: Sanitize BIOS debugging bits from PIPECONF. (bnc#751916) - drm/i915: Add lvds_channel module option. (bnc#739837) - drm/i915: Check VBIOS value for determining LVDS dual channel mode, too. (bnc#739837) - agp: fix scratch page cleanup. (bnc#738679) - drm/i915: suspend fbdev device around suspend/hibernate (bnc#732908). ACPI : - supported.conf: Add acpi_ipmi as supported (bnc#716971). MM : - cpusets: avoid looping when storing to mems_allowed if one. - cpusets: avoid stall when updating mems_allowed for mempolicy. - cpuset: mm: Reduce large amounts of memory barrier related slowdown. - mm: make swapin readahead skip over holes. - mm: allow PF_MEMALLOC from softirq context. - mm: Ensure processes do not remain throttled under memory pressure. (Swap over NFS (fate#304949, bnc#747944). - mm: Allow sparsemem usemap allocations for very large NUMA nodes. (bnc#749049) - backing-dev: fix wakeup timer races with bdi_unregister(). (bnc#741824) - readahead: fix pipeline break caused by block plug. (bnc#746454) - Fix uninitialised variable warning and obey the [get|put]_mems_allowed API. CIFS : - cifs: fix dentry refcount leak when opening a FIFO on lookup (CVE-2012-1090 / bnc#749569). USB : - xhci: Fix encoding for HS bulk/control NAK rate. (bnc#750402) - USB: Fix handoff when BIOS disables host PCI device. (bnc#747878) - USB: Do not fail USB3 probe on missing legacy PCI IRQ. (bnc#749543) - USB: Adding #define in hub_configure() and hcd.c file. (bnc#714604) - USB: remove BKL comments. (bnc#714604) - xHCI: Adding #define values used for hub descriptor. (bnc#714604) - xHCI: Kick khubd when USB3 resume really completes. (bnc#714604) - xhci: Fix oops caused by more USB2 ports than USB3 ports. (bnc#714604) - USB/xhci: Enable remote wakeup for USB3 devices. (bnc#714604) - USB: Suspend functions before putting dev into U3. (bnc#714604) - USB/xHCI: Enable USB 3.0 hub remote wakeup. (bnc#714604) - USB: Refactor hub remote wake handling. (bnc#714604) - USB/xHCI: Support device-initiated USB 3.0 resume. (bnc#714604) - USB: Set wakeup bits for all children hubs. (bnc#714604) - USB: Turn on auto-suspend for USB 3.0 hubs. (bnc#714604) - USB: Set hub depth after USB3 hub reset. (bnc#749115) - xhci: Fix USB 3.0 device restart on resume. (bnc#745867) - xhci: Remove scary warnings about transfer issues. (bnc#745867) - xhci: Remove warnings about MSI and MSI-X capabilities (bnc#745867). Other : - PCI / PCIe: Introduce command line option to disable ARI. (bnc#742845) - PCI: Set device power state to PCI_D0 for device without native PM support (bnc#752972). X86 : - x86/UV: Lower UV rtc clocksource rating. (bnc#748456) - x86, mce, therm_throt: Do not report power limit and package level thermal throttle events in mcelog. (bnc#745876) - x86: Unlock nmi lock after kdb_ipi call. (bnc#745424) - x86, tsc: Fix SMI induced variation in quick_pit_calibrate(). (bnc#751322) XEN : - Update Xen patches to 3.0.22. - xenbus_dev: add missing error checks to watch handling. - drivers/xen/: use strlcpy() instead of strncpy(). - xenoprof: backward compatibility for changed XENOPROF_ESCAPE_CODE. - blkfront: properly fail packet requests. (bnc#745929) - Refresh other Xen patches. (bnc#732070, bnc#742871) - xenbus: do not free other end details too early. - blkback: also call blkif_disconnect() when frontend switched to closed. - gnttab: add deferred freeing logic. - blkback: failure to write 'feature-barrier' node is non-fatal. Infiniband : - RDMA/cxgb4: Make sure flush CQ entries are collected on connection close. (bnc#721587) - RDMA/cxgb4: Serialize calls to CQs comp_handler. (bnc#721587) - mlx4_en: Assigning TX irq per ring (bnc#624072). Bluetooth : - Bluetooth: Add Atheros AR3012 Maryann PID/VID supported in ath3k. (bnc#732296) - Bluetooth: btusb: fix bInterval for high/super speed isochronous endpoints (bnc#754052). SCTP : - dlm: Do not allocate a fd for peeloff. (bnc#729247) - sctp: Export sctp_do_peeloff (bnc#729247). Other : - qlge: Removing needless prints which are not. (bnc#718863) - ibft: Fix finding IBFT ACPI table on UEFI. (bnc#746579) - proc: Consider NO_HZ when printing idle and iowait times. (bnc#705551) - procfs: do not confuse jiffies with cputime64_t. (bnc#705551) - procfs: do not overflow get_{idle,iowait}_time for nohz. (bnc#705551) - bfa: Do not return DID_ABORT on failure. (bnc#745400) - epoll: Do not limit non-nested epoll paths. (bnc#676204) - Bridge: Always send NETDEV_CHANGEADDR up on br MAC change. (bnc#752408) - hp_accel: Ignore the error from lis3lv02d_poweron() at resume. (bnc#751903) - watchdog: make sure the watchdog thread gets CPU on loaded system. (bnc#738583)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=624072" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=676204" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=688996" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=703156" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=705551" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=713148" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=714604" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=716850" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=716971" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=718863" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=718918" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=721587" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=722560" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=728840" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=729247" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=730117" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=730118" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=731387" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=732070" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=732296" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=732908" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=733761" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=734900" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=735909" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=738583" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=738597" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=738679" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=739837" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=740180" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=741824" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=742845" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=742871" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=744315" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=744392" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=744658" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=744795" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=745400" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=745422" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=745424" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=745741" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=745832" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=745867" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=745876" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=745929" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=746373" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=746454" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=746526" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=746579" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=746717" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=746883" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=747071" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=747159" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=747867" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=747878" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=747944" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=748384" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=748456" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=748629" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=748632" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=748827" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=748854" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=748862" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=749049" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=749115" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=749417" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=749543" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=749569" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=749651" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=749787" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=749980" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=750041" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=750079" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=750173" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=750402" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=750426" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=750459" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=750959" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=750995" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=751015" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=751171" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=751322" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=751743" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=751885" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=751903" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=751916" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=752408" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=752484" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=752599" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=752972" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=754052" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=756821" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-1083.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2494.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-4086.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-4127.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-4131.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-4132.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-1090.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-1097.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-1146.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-1179.html" ); script_set_attribute( attribute:"solution", value:"Apply SAT patch number 6163 / 6164 / 6172 as appropriate." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-man"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-syms"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2"); flag = 0; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-base-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-devel-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-extra-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-base-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-devel-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-extra-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-source-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-syms-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-base-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-devel-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-extra-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-base-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-devel-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-extra-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-base-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-devel-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-extra-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-source-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-syms-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-base-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-devel-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-extra-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-base-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-devel-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-extra-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"kernel-default-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"kernel-default-base-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"kernel-default-devel-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"kernel-source-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"kernel-syms-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"kernel-trace-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"kernel-trace-base-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"kernel-trace-devel-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-ec2-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-ec2-base-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-ec2-devel-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-pae-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-pae-base-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-pae-devel-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-xen-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-xen-base-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-xen-devel-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"kernel-default-man-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-base-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-devel-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-base-3.0.26-0.7.6")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-devel-3.0.26-0.7.6")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0333.NASL description Updated kernel-rt packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise MRG 2.1. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages contain the Linux kernel. Security fixes : * SG_IO ioctl SCSI requests on partitions or LVM volumes could be passed to the underlying block device, allowing a privileged user to bypass restrictions and gain read and write access (and be able to issue other SCSI commands) to the entire block device. (CVE-2011-4127, Important) * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) * A local, unprivileged user could use a flaw in the Performance Events implementation to cause a denial of service. (CVE-2011-2918, Moderate) * A local, unprivileged user could use flaws in the XFS file system implementation to cause a denial of service or escalate their privileges by mounting a specially crafted disk. (CVE-2011-4077, CVE-2012-0038, Moderate) * A local, unprivileged user could use a flaw in the Out of Memory (OOM) killer to monopolize memory, have their process skipped by the OOM killer, or cause other tasks to be terminated. (CVE-2011-4097, Moderate) * A local, unprivileged user could use a flaw in the key management facility to cause a denial of service. (CVE-2011-4110, Moderate) * A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2011-4131, Moderate) * A local attacker could use a flaw in the Journaling Block Device (JBD) to crash the system by mounting a specially crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate) * A flaw in igmp_heard_query() could allow an attacker, who is able to send certain IGMP (Internet Group Management Protocol) packets to a target system, to cause a denial of service. (CVE-2012-0207, Moderate) * If lock contention during signal sending occurred when in a software interrupt handler that is using the per-CPU debug stack, the task could be scheduled out on the realtime kernel, possibly leading to debug stack corruption. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-0810, Moderate) Red Hat would like to thank Chen Haogang for reporting CVE-2012-0044; Wang Xi for reporting CVE-2012-0038; Shubham Goyal for reporting CVE-2011-4097; Andy Adamson for reporting CVE-2011-4131; and Simon McVittie for reporting CVE-2012-0207. Bug fixes : * When a sleeping task, waiting on a futex (fast userspace mutex), tried to get the spin_lock(hb->lock) RT-mutex, if the owner of the futex released the lock, the sleeping task was put on a futex proxy lock. Consequently, the sleeping task was blocked on two locks and eventually terminated in the BUG_ON() function. With this update, the WAKEUP_INPROGRESS pseudo-lock has been added to be used as a proxy lock. This pseudo-lock tells the sleeping task that it is being woken up so that the task no longer tries to get the second lock. Now, the futex code works as expected and sleeping tasks no longer crash in the described scenario. (BZ#784733) * When the CONFIG_CRYPTO_FIPS configuration option was disabled, some services such as sshd and ipsec, while working properly, returned warning messages regarding this missing option during start up. With this update, CONFIG_CRYPTO_FIPS has been enabled and no warning messages are now returned in the described scenario. (BZ#786145) * Previously, when a read operation on a loop device failed, the data successfully read from the device was not cleared and could eventually leak. This bug has been fixed and all data are now properly cleared in the described scenario. (BZ#761420) * Due to an assembler-sourced object, the perf utility (from the perf-rt package) for AMD64 and Intel 64 architectures contained an executable stack. This update adds the last seen 2020-06-01 modified 2020-06-02 plugin id 76639 published 2014-07-22 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76639 title RHEL 6 : MRG (RHSA-2012:0333) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:0333. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(76639); script_version("1.12"); script_cvs_date("Date: 2020/02/18"); script_cve_id("CVE-2011-2918", "CVE-2011-4077", "CVE-2011-4097", "CVE-2011-4110", "CVE-2011-4127", "CVE-2011-4131", "CVE-2011-4132", "CVE-2012-0038", "CVE-2012-0044", "CVE-2012-0207", "CVE-2012-0810"); script_bugtraq_id(49152, 50370, 50459, 50655, 50663, 50755, 51176, 51343, 51371, 51380, 52182); script_xref(name:"RHSA", value:"2012:0333"); script_name(english:"RHEL 6 : MRG (RHSA-2012:0333)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel-rt packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise MRG 2.1. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages contain the Linux kernel. Security fixes : * SG_IO ioctl SCSI requests on partitions or LVM volumes could be passed to the underlying block device, allowing a privileged user to bypass restrictions and gain read and write access (and be able to issue other SCSI commands) to the entire block device. (CVE-2011-4127, Important) * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) * A local, unprivileged user could use a flaw in the Performance Events implementation to cause a denial of service. (CVE-2011-2918, Moderate) * A local, unprivileged user could use flaws in the XFS file system implementation to cause a denial of service or escalate their privileges by mounting a specially crafted disk. (CVE-2011-4077, CVE-2012-0038, Moderate) * A local, unprivileged user could use a flaw in the Out of Memory (OOM) killer to monopolize memory, have their process skipped by the OOM killer, or cause other tasks to be terminated. (CVE-2011-4097, Moderate) * A local, unprivileged user could use a flaw in the key management facility to cause a denial of service. (CVE-2011-4110, Moderate) * A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2011-4131, Moderate) * A local attacker could use a flaw in the Journaling Block Device (JBD) to crash the system by mounting a specially crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate) * A flaw in igmp_heard_query() could allow an attacker, who is able to send certain IGMP (Internet Group Management Protocol) packets to a target system, to cause a denial of service. (CVE-2012-0207, Moderate) * If lock contention during signal sending occurred when in a software interrupt handler that is using the per-CPU debug stack, the task could be scheduled out on the realtime kernel, possibly leading to debug stack corruption. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-0810, Moderate) Red Hat would like to thank Chen Haogang for reporting CVE-2012-0044; Wang Xi for reporting CVE-2012-0038; Shubham Goyal for reporting CVE-2011-4097; Andy Adamson for reporting CVE-2011-4131; and Simon McVittie for reporting CVE-2012-0207. Bug fixes : * When a sleeping task, waiting on a futex (fast userspace mutex), tried to get the spin_lock(hb->lock) RT-mutex, if the owner of the futex released the lock, the sleeping task was put on a futex proxy lock. Consequently, the sleeping task was blocked on two locks and eventually terminated in the BUG_ON() function. With this update, the WAKEUP_INPROGRESS pseudo-lock has been added to be used as a proxy lock. This pseudo-lock tells the sleeping task that it is being woken up so that the task no longer tries to get the second lock. Now, the futex code works as expected and sleeping tasks no longer crash in the described scenario. (BZ#784733) * When the CONFIG_CRYPTO_FIPS configuration option was disabled, some services such as sshd and ipsec, while working properly, returned warning messages regarding this missing option during start up. With this update, CONFIG_CRYPTO_FIPS has been enabled and no warning messages are now returned in the described scenario. (BZ#786145) * Previously, when a read operation on a loop device failed, the data successfully read from the device was not cleared and could eventually leak. This bug has been fixed and all data are now properly cleared in the described scenario. (BZ#761420) * Due to an assembler-sourced object, the perf utility (from the perf-rt package) for AMD64 and Intel 64 architectures contained an executable stack. This update adds the '.note.GNU-stack' section definition to the bench/mem-memcpy-x86-64-asm.S component of perf, with all flags disabled, and perf no longer contains an executable stack, thus fixing this bug. (BZ#783570)" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-2918" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-4077" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-4097" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-4110" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-4127" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-4131" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-4132" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-0038" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-0044" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-0207" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-0810" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2012:0333" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/27"); script_set_attribute(attribute:"patch_publication_date", value:"2012/02/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2011-2918", "CVE-2011-4077", "CVE-2011-4097", "CVE-2011-4110", "CVE-2011-4127", "CVE-2011-4131", "CVE-2011-4132", "CVE-2012-0038", "CVE-2012-0044", "CVE-2012-0207", "CVE-2012-0810"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2012:0333"); } else { __rpm_report = ksplice_reporting_text(); } } yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2012:0333"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (! (rpm_exists(release:"RHEL6", rpm:"mrg-release"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "MRG"); if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-3.0.18-rt34.53.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-3.0.18-rt34.53.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-debuginfo-3.0.18-rt34.53.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-devel-3.0.18-rt34.53.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debuginfo-3.0.18-rt34.53.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debuginfo-common-x86_64-3.0.18-rt34.53.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-devel-3.0.18-rt34.53.el6rt")) flag++; if (rpm_check(release:"RHEL6", reference:"kernel-rt-doc-3.0.18-rt34.53.el6rt")) flag++; if (rpm_check(release:"RHEL6", reference:"kernel-rt-firmware-3.0.18-rt34.53.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-3.0.18-rt34.53.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-debuginfo-3.0.18-rt34.53.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-devel-3.0.18-rt34.53.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-3.0.18-rt34.53.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-debuginfo-3.0.18-rt34.53.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-devel-3.0.18-rt34.53.el6rt")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc"); } }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1457-1.NASL description Andy Adamson discovered a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 59321 published 2012-06-01 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59321 title Ubuntu 11.04 : linux vulnerabilities (USN-1457-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1457-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(59321); script_version("1.11"); script_cvs_date("Date: 2019/09/19 12:54:28"); script_cve_id("CVE-2011-4131", "CVE-2012-1601", "CVE-2012-2121", "CVE-2012-2123", "CVE-2012-2133"); script_xref(name:"USN", value:"1457-1"); script_name(english:"Ubuntu 11.04 : linux vulnerabilities (USN-1457-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Andy Adamson discovered a flaw in the Linux kernel's NFSv4 implementation. A remote NFS server (attacker) could exploit this flaw to cause a denial of service. (CVE-2011-4131) A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. (CVE-2012-1601) A flaw was discovered in the Linux kernel's KVM (kernel virtual machine). An administrative user in the guest OS could leverage this flaw to cause a denial of service in the host OS. (CVE-2012-2121) Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. (CVE-2012-2123) Schacher Raindel discovered a flaw in the Linux kernel's memory handling when hugetlb is enabled. An unprivileged local attacker could exploit this flaw to cause a denial of service and potentially gain higher privileges. (CVE-2012-2133). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1457-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/17"); script_set_attribute(attribute:"patch_publication_date", value:"2012/05/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(11\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 11.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2011-4131", "CVE-2012-1601", "CVE-2012-2121", "CVE-2012-2123", "CVE-2012-2133"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1457-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-15-generic", pkgver:"2.6.38-15.60")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-15-generic-pae", pkgver:"2.6.38-15.60")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-15-server", pkgver:"2.6.38-15.60")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-15-versatile", pkgver:"2.6.38-15.60")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-15-virtual", pkgver:"2.6.38-15.60")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-2.6-generic / linux-image-2.6-generic-pae / etc"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2011-16621.NASL description Update from kernel 3.1.1 to 3.1.4 : - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3. 1.4 - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog- 3.1.3 - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog- 3.1.2 Additional changes : - Fix virtualbox: use a different method to fake version 2.6.4X - Partially fix reported stalls during heavy I/O - Fix problems with udev probing Wacom bluetooth tablets - Fix a Nouveau bug (#751753) reported against F16 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 57076 published 2011-12-12 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57076 title Fedora 15 : kernel-2.6.41.4-1.fc15 (2011-16621) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2012-0042.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix bug number for commit last seen 2020-06-01 modified 2020-06-02 plugin id 79484 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79484 title OracleVM 3.1 : kernel-uek (OVMSA-2012-0042) NASL family Fedora Local Security Checks NASL id FEDORA_2012-8359.NASL description The 3.3.7 stable kernel contains a number of important bug fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-05-29 plugin id 59280 published 2012-05-29 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59280 title Fedora 16 : kernel-3.3.7-1.fc16 (2012-8359) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1476-1.NASL description Andy Adamson discovered a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 59553 published 2012-06-18 reporter Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59553 title USN-1476-1 : linux-ti-omap4 vulnerabilities NASL family Scientific Linux Local Security Checks NASL id SL_20121218_KERNEL_ON_SL6_X.NASL description This update fixes the following security issues : - It was found that a previous update did not correctly fix the CVE-2011-4131 issue. A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2012-2375, Moderate) - A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to last seen 2020-03-18 modified 2012-12-20 plugin id 63313 published 2012-12-20 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63313 title Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20121218) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-2022.NASL description Description of changes: * Avoid bug caused by corrupted Ext4 filesystem. When mounting an ext4 filesystem, the kernel was not checking for zero length extents. This would cause a BUG_ON assertion failure in the log. * NULL pointer dereference in the SCSI subsystem. A NULL dereference may occur if a SCSI device is physically removed without being logically removed from the system. This would lead to a NULL dereference since the revalidation routine assumed the device is always present while it runs. * Resource leak in USB networking driver. The usbnet core incorrectly cleared a pointer to the underlying device resulting in a resource leak when unlinking requests. * Inode corruption in XFS inode lookup. The XFS inode cache did not correctly initialize the inode before insertion into the cache which could result in corruption when racing with an inode lookup. * Kernel crash in SUNRPC cache management. Many SUNRPC cache implementations would not handle a zero-length string resulting in a kernel panic. * Unbalanced locking in VFS non-local alias search. A code path responsible for finding aliases on a non-local filesystem did not correctly release a lock resulting in a system hang. * Memory corruption on nfsd shutdown. A race condition between closing down a SUNRPC transport and enqueueing data could result in a use-after-free condition resulting in a denial-of-service or privilege escalation. * NULL pointer dereference with misconfigured USB FTDI devices. A USB FTDI without a manufacturer string would result in a NULL pointer dereference and kernel crash when the device was plugged in. * Kernel information leak in X86 ptrace TLS regset. The TLS lookup could run off the end of the descriptor list reading from kernel memory. * Divide-by-zero in NTP. Integer overflow in NTP when setting the time could result in a divide-by-zero and kernel panic. * CVE-2011-4127: KVM privilege escalation through insufficient validation in SG_IO ioctl. Using the SG_IO IOCTL to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged user only had access to a single partition or LVM volume, they could use this flaw to bypass those restrictions and gain read and write access (and be able to issue other SCSI commands) to the entire block device. In KVM (Kernel-based Virtual Machine) environments using raw format virtio disks backed by a partition or LVM volume, a privileged guest user could bypass intended restrictions and issue read and write requests (and other SCSI commands) on the host, and possibly access the data of other guests that reside on the same underlying block device. * CVE-2012-2384: Integer overflow in Intel i915 command processing. An integer overflow in the Intel i915 family display driver could cause memory corruption on 32-bit systems. * Correctly merge virtual memory areas when binding. When mbind() is called for adjacent areas, they are expected to be merged into a single virtual memory area. * Small UDP packets dropped on transmission consistently in vmxnet3. Small (<54 byte) packets will get dropped consistently on transmission due to an error in the optimization of the code. * CVE-2011-4131: Kernel crash in NFSv4. nfs4_getfacl decoding causes a kernel crash when a server returns more than 2 GETATTR bitmap words in response to the FATTR4_ACL attribute request. last seen 2020-06-01 modified 2020-06-02 plugin id 68677 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68677 title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2022) NASL family Fedora Local Security Checks NASL id FEDORA_2012-8931.NASL description Update to Linux 2.6.43.8 (3.3.8). Disabled 32bit NX emulation. Suspected of being broken and it deviates from upstream. Unless there are further security issues, this will likely be the last F15 kernel update before End-of-Life. The 3.3.7 stable kernel contains a number of important bug fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-06-25 plugin id 59661 published 2012-06-25 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59661 title Fedora 15 : kernel-2.6.43.8-1.fc15 (2012-8931) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-1580.NASL description Updated kernel packages that fix multiple security issues, numerous bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * It was found that the RHSA-2012:0862 update did not correctly fix the CVE-2011-4131 issue. A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2012-2375, Moderate) * A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to last seen 2020-06-01 modified 2020-06-02 plugin id 63305 published 2012-12-20 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63305 title CentOS 6 : kernel (CESA-2012:1580) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-0862.NASL description Updated kernel packages that fix two security issues, address several hundred bugs and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the third regular update. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 59925 published 2012-07-11 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59925 title CentOS 6 : kernel (CESA-2012:0862) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1471-1.NASL description Andy Adamson discovered a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 59475 published 2012-06-13 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59475 title Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1471-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0862.NASL description Updated kernel packages that fix two security issues, address several hundred bugs and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the third regular update. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 59590 published 2012-06-20 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59590 title RHEL 6 : kernel (RHSA-2012:0862) NASL family Fedora Local Security Checks NASL id FEDORA_2011-15959.NASL description Security update to fix CVE-2011-4131 and CVE-2011-4132 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56897 published 2011-11-22 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56897 title Fedora 16 : kernel-3.1.1-2.fc16 (2011-15959) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-0862.NASL description From Red Hat Security Advisory 2012:0862 : Updated kernel packages that fix two security issues, address several hundred bugs and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the third regular update. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 68554 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68554 title Oracle Linux 6 : kernel (ELSA-2012-0862) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1470-1.NASL description Andy Adamson discovered a flaw in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 59474 published 2012-06-13 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59474 title Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1470-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-1580.NASL description From Red Hat Security Advisory 2012:1580 : Updated kernel packages that fix multiple security issues, numerous bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * It was found that the RHSA-2012:0862 update did not correctly fix the CVE-2011-4131 issue. A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2012-2375, Moderate) * A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to last seen 2020-06-01 modified 2020-06-02 plugin id 68666 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68666 title Oracle Linux 6 : kernel (ELSA-2012-1580) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0566.NASL description Updated kernel-rt packages that fix several security issues and multiple bugs are now available for Red Hat Enterprise MRG 2.3. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A buffer overflow flaw was found in the way UTF-8 characters were converted to UTF-16 in the utf8s_to_utf16s() function of the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 76658 published 2014-07-22 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76658 title RHEL 6 : MRG (RHSA-2013:0566) NASL family Fedora Local Security Checks NASL id FEDORA_2012-8314.NASL description The 3.3.7 stable kernel contains a number of important bug fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-05-29 plugin id 59279 published 2012-05-29 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59279 title Fedora 17 : kernel-3.3.7-1.fc17 (2012-8314) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1580.NASL description Updated kernel packages that fix multiple security issues, numerous bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * It was found that the RHSA-2012:0862 update did not correctly fix the CVE-2011-4131 issue. A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2012-2375, Moderate) * A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to last seen 2020-06-01 modified 2020-06-02 plugin id 63292 published 2012-12-19 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63292 title RHEL 6 : kernel (RHSA-2012:1580) NASL family SuSE Local Security Checks NASL id SUSE_11_KERNEL-120621.NASL description The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.34, fixing a lot of bugs and security issues. The update from Linux kernel 3.0.31 to 3.0.34 also fixes various bugs not listed here. The following security issues have been fixed : - Local attackers could trigger an overflow in sock_alloc_send_pksb(), potentially crashing the machine or escalate privileges. (CVE-2012-2136) - A memory leak in transparent hugepages on mmap failure could be used by local attacker to run the machine out of memory (local denial of service). (CVE-2012-2390) - A malicious guest driver could overflow the host stack by passing a long descriptor, so potentially crashing the host system or escalating privileges on the host. (CVE-2012-2119) - Malicious NFS server could crash the clients when more than 2 GETATTR bitmap words are returned in response to the FATTR4_ACL attribute requests, only incompletely fixed by CVE-2011-4131. (CVE-2012-2375) The following non-security bugs have been fixed : Hyper-V : - storvsc: Properly handle errors from the host. (bnc#747404) - HID: hid-hyperv: Do not use hid_parse_report() directly. - HID: hyperv: Set the hid drvdata correctly. - drivers/hv: Get rid of an unnecessary check in vmbus_prep_negotiate_resp(). - drivers/hv: util: Properly handle version negotiations. - hv: fix return type of hv_post_message(). - net/hyperv: Add flow control based on hi/low watermark. - usb/net: rndis: break out <1/rndis.h> defines. only net/hyperv part - usb/net: rndis: remove ambiguous status codes. only net/hyperv part - usb/net: rndis: merge command codes. only net/hyperv part - net/hyperv: Adding cancellation to ensure rndis filter is closed. - update hv drivers to 3.4-rc1, requires new hv_kvp_daemon : - drivers: hv: kvp: Add/cleanup connector defines. - drivers: hv: kvp: Move the contents of hv_kvp.h to hyperv.h. - net/hyperv: Convert camel cased variables in rndis_filter.c to lower cases. - net/hyperv: Correct the assignment in netvsc_recv_callback(). - net/hyperv: Remove the unnecessary memset in rndis_filter_send(). - drivers: hv: Cleanup the kvp related state in hyperv.h. - tools: hv: Use hyperv.h to get the KVP definitions. - drivers: hv: kvp: Cleanup the kernel/user protocol. - drivers: hv: Increase the number of VCPUs supported in the guest. - net/hyperv: Fix data corruption in rndis_filter_receive(). - net/hyperv: Add support for vlan trunking from guests. - Drivers: hv: Add new message types to enhance KVP. - Drivers: hv: Support the newly introduced KVP messages in the driver. - Tools: hv: Fully support the new KVP verbs in the user level daemon. - Tools: hv: Support enumeration from all the pools. - net/hyperv: Fix the code handling tx busy. - patches.suse/suse-hv-pata_piix-ignore-disks.patch replace our version of this patch with upstream variant: ata_piix: defer disks to the Hyper-V drivers by default libata: add a host flag to ignore detected ATA devices. Btrfs : - btrfs: more module message prefixes. - vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them - btrfs: flush all the dirty pages if try_to_writeback_inodes_sb_nr() fails - vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them - btrfs: fix locking in btrfs_destroy_delayed_refs - btrfs: wake up transaction waiters when aborting a transaction - btrfs: abort the transaction if the commit fails - btrfs: fix btrfs_destroy_marked_extents - btrfs: unlock everything properly in the error case for nocow - btrfs: fix return code in drop_objectid_items - btrfs: check to see if the inode is in the log before fsyncing - btrfs: pass locked_page into extent_clear_unlock_delalloc if theres an error - btrfs: check the return code of btrfs_save_ino_cache - btrfs: do not update atime for RO snapshots (FATE#306586). - btrfs: convert the inode bit field to use the actual bit operations - btrfs: fix deadlock when the process of delayed refs fails - btrfs: stop defrag the files automatically when doin readonly remount or umount - btrfs: avoid memory leak of extent state in error handling routine - btrfs: make sure that we have made everything in pinned tree clean - btrfs: destroy the items of the delayed inodes in error handling routine - btrfs: ulist realloc bugfix - btrfs: bugfix in btrfs_find_parent_nodes - btrfs: bugfix: ignore the wrong key for indirect tree block backrefs - btrfs: avoid buffer overrun in btrfs_printk - btrfs: fall back to non-inline if we do not have enough space - btrfs: NUL-terminate path buffer in DEV_INFO ioctl result - btrfs: avoid buffer overrun in mount option handling - btrfs: do not do balance in readonly mode - btrfs: fix the same inode id problem when doing auto defragment - btrfs: fix wrong error returned by adding a device - btrfs: use fastpath in extent state ops as much as possible Misc : - tcp: drop SYN+FIN messages. (bnc#765102) - mm: avoid swapping out with swappiness==0 (swappiness). - thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE. (bnc#762991) - paravirt: Split paravirt MMU ops (bnc#556135, bnc#754690, FATE#306453). - paravirt: Only export pv_mmu_ops symbol if PARAVIRT_MMU - parvirt: Stub support KABI for KVM_MMU (bnc#556135, bnc#754690, FATE#306453). - tmpfs: implement NUMA node interleaving. (bnc#764209) - synaptics-hp-clickpad: Fix the detection of LED on the recent HP laptops. (bnc#765524) - supported.conf: mark xt_AUDIT as supported. (bnc#765253) - mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition. (bnc#762991 / CVE-2012-2373) - xhci: Do not free endpoints in xhci_mem_cleanup(). (bnc#763307) - xhci: Fix invalid loop check in xhci_free_tt_info(). (bnc#763307) - drm: Skip too big EDID extensions. (bnc#764900) - drm/i915: Add HP EliteBook to LVDS-temporary-disable list. (bnc#763717) - hwmon: (fam15h_power) Increase output resolution. (bnc#759336) - hwmon: (k10temp) Add support for AMD Trinity CPUs. (bnc#759336) - rpm/kernel-binary.spec.in: Own the right -kdump initrd. (bnc#764500) - memcg: prevent from OOM with too many dirty pages. - dasd: re-prioritize partition detection message (bnc#764091,LTC#81617). - kernel: pfault task state race (bnc#764091,LTC#81724). - kernel: clear page table for sw large page emulation (bnc#764091,LTC#81933). - USB: fix bug of device descriptor got from superspeed device. (bnc#761087) - xfrm: take net hdr len into account for esp payload size calculation. (bnc#759545) - st: clean up dev cleanup in st_probe. (bnc#760806) - st: clean up device file creation and removal. (bnc#760806) - st: get rid of scsi_tapes array. (bnc#760806) - st: raise device limit. (bnc#760806) - st: Use static class attributes. (bnc#760806) - mm: Optimize put_mems_allowed() usage (VM performance). - cifs: fix oops while traversing open file list (try #4). (bnc#756050) - scsi: Fix dm-multipath starvation when scsi host is busy. (bnc#763485) - dasd: process all requests in the device tasklet. (bnc#763267) - rt2x00:Add RT539b chipset support. (bnc#760237) - kabi/severities: Ignore changes in drivers/net/wireless/rt2x00, these are just exports used among the rt2x00 modules. - rt2800: radio 3xxx: reprogram only lower bits of RF_R3. (bnc#759805) - rt2800: radio 3xxx: program RF_R1 during channel switch. (bnc#759805) - rt2800: radio 3xxxx: channel switch RX/TX calibration fixes. (bnc#759805) - rt2x00: Avoid unnecessary uncached. (bnc#759805) - rt2x00: Introduce sta_add/remove callbacks. (bnc#759805) - rt2x00: Add WCID to crypto struct. (bnc#759805) - rt2x00: Add WCID to HT TX descriptor. (bnc#759805) - rt2x00: Move bssidx calculation into its own function. (bnc#759805) - rt2x00: Make use of sta_add/remove callbacks in rt2800. (bnc#759805) - rt2x00: Forbid aggregation for STAs not programmed into the hw. (bnc#759805) - rt2x00: handle spurious pci interrupts. (bnc#759805) - rt2800: disable DMA after firmware load. - rt2800: radio 3xxx: add channel switch calibration routines. (bnc#759805) - rpm/kernel-binary.spec.in: Obsolete ath3k, as it is now in the tree. - floppy: remove floppy-specific O_EXCL handling. (bnc#757315) - floppy: convert to delayed work and single-thread wq. (bnc#761245) last seen 2020-06-05 modified 2013-01-25 plugin id 64176 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64176 title SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6453 / 6457) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2012-100.NASL description A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 69590 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69590 title Amazon Linux AMI : kernel (ALAS-2012-100)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2
- https://github.com/torvalds/linux/commit/bf118a342f10dafe44b14451a1392c3254629a1f
- http://www.openwall.com/lists/oss-security/2011/11/12/1
- https://bugzilla.redhat.com/show_bug.cgi?id=747106
- http://rhn.redhat.com/errata/RHSA-2012-0862.html
- http://secunia.com/advisories/48898
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081280.html
- http://rhn.redhat.com/errata/RHSA-2012-1541.html
- http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bf118a342f10dafe44b14451a1392c3254629a1f