Vulnerabilities > CVE-2012-2119 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service (crash) via a long descriptor with a long vector length.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_KERNEL-120620.NASL description The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.34, fixing a lot of bugs and security issues. The update from Linux kernel 3.0.31 to 3.0.34 also fixes various bugs not listed here. The following security issues have been fixed : - Local attackers could trigger an overflow in sock_alloc_send_pksb(), potentially crashing the machine or escalate privileges. (CVE-2012-2136) - A memory leak in transparent hugepages on mmap failure could be used by local attacker to run the machine out of memory (local denial of service). (CVE-2012-2390) - A malicious guest driver could overflow the host stack by passing a long descriptor, so potentially crashing the host system or escalating privileges on the host. (CVE-2012-2119) - Malicious NFS server could crash the clients when more than 2 GETATTR bitmap words are returned in response to the FATTR4_ACL attribute requests, only incompletely fixed by CVE-2011-4131. (CVE-2012-2375) The following non-security bugs have been fixed : Hyper-V : - storvsc: Properly handle errors from the host. (bnc#747404) - HID: hid-hyperv: Do not use hid_parse_report() directly. - HID: hyperv: Set the hid drvdata correctly. - drivers/hv: Get rid of an unnecessary check in vmbus_prep_negotiate_resp(). - drivers/hv: util: Properly handle version negotiations. - hv: fix return type of hv_post_message(). - net/hyperv: Add flow control based on hi/low watermark. - usb/net: rndis: break out <1/rndis.h> defines. only net/hyperv part - usb/net: rndis: remove ambiguous status codes. only net/hyperv part - usb/net: rndis: merge command codes. only net/hyperv part - net/hyperv: Adding cancellation to ensure rndis filter is closed. - update hv drivers to 3.4-rc1, requires new hv_kvp_daemon : - drivers: hv: kvp: Add/cleanup connector defines. - drivers: hv: kvp: Move the contents of hv_kvp.h to hyperv.h. - net/hyperv: Convert camel cased variables in rndis_filter.c to lower cases. - net/hyperv: Correct the assignment in netvsc_recv_callback(). - net/hyperv: Remove the unnecessary memset in rndis_filter_send(). - drivers: hv: Cleanup the kvp related state in hyperv.h. - tools: hv: Use hyperv.h to get the KVP definitions. - drivers: hv: kvp: Cleanup the kernel/user protocol. - drivers: hv: Increase the number of VCPUs supported in the guest. - net/hyperv: Fix data corruption in rndis_filter_receive(). - net/hyperv: Add support for vlan trunking from guests. - Drivers: hv: Add new message types to enhance KVP. - Drivers: hv: Support the newly introduced KVP messages in the driver. - Tools: hv: Fully support the new KVP verbs in the user level daemon. - Tools: hv: Support enumeration from all the pools. - net/hyperv: Fix the code handling tx busy. - patches.suse/suse-hv-pata_piix-ignore-disks.patch replace our version of this patch with upstream variant: ata_piix: defer disks to the Hyper-V drivers by default libata: add a host flag to ignore detected ATA devices. Btrfs : - btrfs: more module message prefixes. - vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them - btrfs: flush all the dirty pages if try_to_writeback_inodes_sb_nr() fails - vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them - btrfs: fix locking in btrfs_destroy_delayed_refs - btrfs: wake up transaction waiters when aborting a transaction - btrfs: abort the transaction if the commit fails - btrfs: fix btrfs_destroy_marked_extents - btrfs: unlock everything properly in the error case for nocow - btrfs: fix return code in drop_objectid_items - btrfs: check to see if the inode is in the log before fsyncing - btrfs: pass locked_page into extent_clear_unlock_delalloc if theres an error - btrfs: check the return code of btrfs_save_ino_cache - btrfs: do not update atime for RO snapshots (FATE#306586). - btrfs: convert the inode bit field to use the actual bit operations - btrfs: fix deadlock when the process of delayed refs fails - btrfs: stop defrag the files automatically when doin readonly remount or umount - btrfs: avoid memory leak of extent state in error handling routine - btrfs: make sure that we have made everything in pinned tree clean - btrfs: destroy the items of the delayed inodes in error handling routine - btrfs: ulist realloc bugfix - btrfs: bugfix in btrfs_find_parent_nodes - btrfs: bugfix: ignore the wrong key for indirect tree block backrefs - btrfs: avoid buffer overrun in btrfs_printk - btrfs: fall back to non-inline if we do not have enough space - btrfs: NUL-terminate path buffer in DEV_INFO ioctl result - btrfs: avoid buffer overrun in mount option handling - btrfs: do not do balance in readonly mode - btrfs: fix the same inode id problem when doing auto defragment - btrfs: fix wrong error returned by adding a device - btrfs: use fastpath in extent state ops as much as possible Misc : - tcp: drop SYN+FIN messages. (bnc#765102) - mm: avoid swapping out with swappiness==0 (swappiness). - thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE. (bnc#762991) - paravirt: Split paravirt MMU ops (bnc#556135, bnc#754690, FATE#306453). - paravirt: Only export pv_mmu_ops symbol if PARAVIRT_MMU - parvirt: Stub support KABI for KVM_MMU (bnc#556135, bnc#754690, FATE#306453). - tmpfs: implement NUMA node interleaving. (bnc#764209) - synaptics-hp-clickpad: Fix the detection of LED on the recent HP laptops. (bnc#765524) - supported.conf: mark xt_AUDIT as supported. (bnc#765253) - mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition. (bnc#762991 / CVE-2012-2373) - xhci: Do not free endpoints in xhci_mem_cleanup(). (bnc#763307) - xhci: Fix invalid loop check in xhci_free_tt_info(). (bnc#763307) - drm: Skip too big EDID extensions. (bnc#764900) - drm/i915: Add HP EliteBook to LVDS-temporary-disable list. (bnc#763717) - hwmon: (fam15h_power) Increase output resolution. (bnc#759336) - hwmon: (k10temp) Add support for AMD Trinity CPUs. (bnc#759336) - rpm/kernel-binary.spec.in: Own the right -kdump initrd. (bnc#764500) - memcg: prevent from OOM with too many dirty pages. - dasd: re-prioritize partition detection message (bnc#764091,LTC#81617). - kernel: pfault task state race (bnc#764091,LTC#81724). - kernel: clear page table for sw large page emulation (bnc#764091,LTC#81933). - USB: fix bug of device descriptor got from superspeed device. (bnc#761087) - xfrm: take net hdr len into account for esp payload size calculation. (bnc#759545) - st: clean up dev cleanup in st_probe. (bnc#760806) - st: clean up device file creation and removal. (bnc#760806) - st: get rid of scsi_tapes array. (bnc#760806) - st: raise device limit. (bnc#760806) - st: Use static class attributes. (bnc#760806) - mm: Optimize put_mems_allowed() usage (VM performance). - cifs: fix oops while traversing open file list (try #4). (bnc#756050) - scsi: Fix dm-multipath starvation when scsi host is busy. (bnc#763485) - dasd: process all requests in the device tasklet. (bnc#763267) - rt2x00:Add RT539b chipset support. (bnc#760237) - kabi/severities: Ignore changes in drivers/net/wireless/rt2x00, these are just exports used among the rt2x00 modules. - rt2800: radio 3xxx: reprogram only lower bits of RF_R3. (bnc#759805) - rt2800: radio 3xxx: program RF_R1 during channel switch. (bnc#759805) - rt2800: radio 3xxxx: channel switch RX/TX calibration fixes. (bnc#759805) - rt2x00: Avoid unnecessary uncached. (bnc#759805) - rt2x00: Introduce sta_add/remove callbacks. (bnc#759805) - rt2x00: Add WCID to crypto struct. (bnc#759805) - rt2x00: Add WCID to HT TX descriptor. (bnc#759805) - rt2x00: Move bssidx calculation into its own function. (bnc#759805) - rt2x00: Make use of sta_add/remove callbacks in rt2800. (bnc#759805) - rt2x00: Forbid aggregation for STAs not programmed into the hw. (bnc#759805) - rt2x00: handle spurious pci interrupts. (bnc#759805) - rt2800: disable DMA after firmware load. - rt2800: radio 3xxx: add channel switch calibration routines. (bnc#759805) - rpm/kernel-binary.spec.in: Obsolete ath3k, as it is now in the tree. - floppy: remove floppy-specific O_EXCL handling. (bnc#757315) - floppy: convert to delayed work and single-thread wq. (bnc#761245) last seen 2020-06-05 modified 2013-01-25 plugin id 64175 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64175 title SuSE 11.2 Security Update : Linux kernel (SAT Patch Number 6463) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(64175); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2011-4131", "CVE-2012-2119", "CVE-2012-2136", "CVE-2012-2373", "CVE-2012-2375", "CVE-2012-2390"); script_name(english:"SuSE 11.2 Security Update : Linux kernel (SAT Patch Number 6463)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.34, fixing a lot of bugs and security issues. The update from Linux kernel 3.0.31 to 3.0.34 also fixes various bugs not listed here. The following security issues have been fixed : - Local attackers could trigger an overflow in sock_alloc_send_pksb(), potentially crashing the machine or escalate privileges. (CVE-2012-2136) - A memory leak in transparent hugepages on mmap failure could be used by local attacker to run the machine out of memory (local denial of service). (CVE-2012-2390) - A malicious guest driver could overflow the host stack by passing a long descriptor, so potentially crashing the host system or escalating privileges on the host. (CVE-2012-2119) - Malicious NFS server could crash the clients when more than 2 GETATTR bitmap words are returned in response to the FATTR4_ACL attribute requests, only incompletely fixed by CVE-2011-4131. (CVE-2012-2375) The following non-security bugs have been fixed : Hyper-V : - storvsc: Properly handle errors from the host. (bnc#747404) - HID: hid-hyperv: Do not use hid_parse_report() directly. - HID: hyperv: Set the hid drvdata correctly. - drivers/hv: Get rid of an unnecessary check in vmbus_prep_negotiate_resp(). - drivers/hv: util: Properly handle version negotiations. - hv: fix return type of hv_post_message(). - net/hyperv: Add flow control based on hi/low watermark. - usb/net: rndis: break out <1/rndis.h> defines. only net/hyperv part - usb/net: rndis: remove ambiguous status codes. only net/hyperv part - usb/net: rndis: merge command codes. only net/hyperv part - net/hyperv: Adding cancellation to ensure rndis filter is closed. - update hv drivers to 3.4-rc1, requires new hv_kvp_daemon : - drivers: hv: kvp: Add/cleanup connector defines. - drivers: hv: kvp: Move the contents of hv_kvp.h to hyperv.h. - net/hyperv: Convert camel cased variables in rndis_filter.c to lower cases. - net/hyperv: Correct the assignment in netvsc_recv_callback(). - net/hyperv: Remove the unnecessary memset in rndis_filter_send(). - drivers: hv: Cleanup the kvp related state in hyperv.h. - tools: hv: Use hyperv.h to get the KVP definitions. - drivers: hv: kvp: Cleanup the kernel/user protocol. - drivers: hv: Increase the number of VCPUs supported in the guest. - net/hyperv: Fix data corruption in rndis_filter_receive(). - net/hyperv: Add support for vlan trunking from guests. - Drivers: hv: Add new message types to enhance KVP. - Drivers: hv: Support the newly introduced KVP messages in the driver. - Tools: hv: Fully support the new KVP verbs in the user level daemon. - Tools: hv: Support enumeration from all the pools. - net/hyperv: Fix the code handling tx busy. - patches.suse/suse-hv-pata_piix-ignore-disks.patch replace our version of this patch with upstream variant: ata_piix: defer disks to the Hyper-V drivers by default libata: add a host flag to ignore detected ATA devices. Btrfs : - btrfs: more module message prefixes. - vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them - btrfs: flush all the dirty pages if try_to_writeback_inodes_sb_nr() fails - vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them - btrfs: fix locking in btrfs_destroy_delayed_refs - btrfs: wake up transaction waiters when aborting a transaction - btrfs: abort the transaction if the commit fails - btrfs: fix btrfs_destroy_marked_extents - btrfs: unlock everything properly in the error case for nocow - btrfs: fix return code in drop_objectid_items - btrfs: check to see if the inode is in the log before fsyncing - btrfs: pass locked_page into extent_clear_unlock_delalloc if theres an error - btrfs: check the return code of btrfs_save_ino_cache - btrfs: do not update atime for RO snapshots (FATE#306586). - btrfs: convert the inode bit field to use the actual bit operations - btrfs: fix deadlock when the process of delayed refs fails - btrfs: stop defrag the files automatically when doin readonly remount or umount - btrfs: avoid memory leak of extent state in error handling routine - btrfs: make sure that we have made everything in pinned tree clean - btrfs: destroy the items of the delayed inodes in error handling routine - btrfs: ulist realloc bugfix - btrfs: bugfix in btrfs_find_parent_nodes - btrfs: bugfix: ignore the wrong key for indirect tree block backrefs - btrfs: avoid buffer overrun in btrfs_printk - btrfs: fall back to non-inline if we do not have enough space - btrfs: NUL-terminate path buffer in DEV_INFO ioctl result - btrfs: avoid buffer overrun in mount option handling - btrfs: do not do balance in readonly mode - btrfs: fix the same inode id problem when doing auto defragment - btrfs: fix wrong error returned by adding a device - btrfs: use fastpath in extent state ops as much as possible Misc : - tcp: drop SYN+FIN messages. (bnc#765102) - mm: avoid swapping out with swappiness==0 (swappiness). - thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE. (bnc#762991) - paravirt: Split paravirt MMU ops (bnc#556135, bnc#754690, FATE#306453). - paravirt: Only export pv_mmu_ops symbol if PARAVIRT_MMU - parvirt: Stub support KABI for KVM_MMU (bnc#556135, bnc#754690, FATE#306453). - tmpfs: implement NUMA node interleaving. (bnc#764209) - synaptics-hp-clickpad: Fix the detection of LED on the recent HP laptops. (bnc#765524) - supported.conf: mark xt_AUDIT as supported. (bnc#765253) - mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition. (bnc#762991 / CVE-2012-2373) - xhci: Do not free endpoints in xhci_mem_cleanup(). (bnc#763307) - xhci: Fix invalid loop check in xhci_free_tt_info(). (bnc#763307) - drm: Skip too big EDID extensions. (bnc#764900) - drm/i915: Add HP EliteBook to LVDS-temporary-disable list. (bnc#763717) - hwmon: (fam15h_power) Increase output resolution. (bnc#759336) - hwmon: (k10temp) Add support for AMD Trinity CPUs. (bnc#759336) - rpm/kernel-binary.spec.in: Own the right -kdump initrd. (bnc#764500) - memcg: prevent from OOM with too many dirty pages. - dasd: re-prioritize partition detection message (bnc#764091,LTC#81617). - kernel: pfault task state race (bnc#764091,LTC#81724). - kernel: clear page table for sw large page emulation (bnc#764091,LTC#81933). - USB: fix bug of device descriptor got from superspeed device. (bnc#761087) - xfrm: take net hdr len into account for esp payload size calculation. (bnc#759545) - st: clean up dev cleanup in st_probe. (bnc#760806) - st: clean up device file creation and removal. (bnc#760806) - st: get rid of scsi_tapes array. (bnc#760806) - st: raise device limit. (bnc#760806) - st: Use static class attributes. (bnc#760806) - mm: Optimize put_mems_allowed() usage (VM performance). - cifs: fix oops while traversing open file list (try #4). (bnc#756050) - scsi: Fix dm-multipath starvation when scsi host is busy. (bnc#763485) - dasd: process all requests in the device tasklet. (bnc#763267) - rt2x00:Add RT539b chipset support. (bnc#760237) - kabi/severities: Ignore changes in drivers/net/wireless/rt2x00, these are just exports used among the rt2x00 modules. - rt2800: radio 3xxx: reprogram only lower bits of RF_R3. (bnc#759805) - rt2800: radio 3xxx: program RF_R1 during channel switch. (bnc#759805) - rt2800: radio 3xxxx: channel switch RX/TX calibration fixes. (bnc#759805) - rt2x00: Avoid unnecessary uncached. (bnc#759805) - rt2x00: Introduce sta_add/remove callbacks. (bnc#759805) - rt2x00: Add WCID to crypto struct. (bnc#759805) - rt2x00: Add WCID to HT TX descriptor. (bnc#759805) - rt2x00: Move bssidx calculation into its own function. (bnc#759805) - rt2x00: Make use of sta_add/remove callbacks in rt2800. (bnc#759805) - rt2x00: Forbid aggregation for STAs not programmed into the hw. (bnc#759805) - rt2x00: handle spurious pci interrupts. (bnc#759805) - rt2800: disable DMA after firmware load. - rt2800: radio 3xxx: add channel switch calibration routines. (bnc#759805) - rpm/kernel-binary.spec.in: Obsolete ath3k, as it is now in the tree. - floppy: remove floppy-specific O_EXCL handling. (bnc#757315) - floppy: convert to delayed work and single-thread wq. (bnc#761245)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=556135" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=735909" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=743579" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=744404" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=747404" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=754690" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=756050" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=757315" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=758243" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=759336" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=759545" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=759805" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=760237" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=760806" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=761087" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=761245" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=762991" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=762992" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=763267" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=763307" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=763485" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=763717" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=764091" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=764150" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=764209" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=764500" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=764900" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=765102" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=765253" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=765320" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=765524" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-4131.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2119.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2136.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2373.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2375.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-2390.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 6463."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-syms"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2012/06/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2"); flag = 0; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-base-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-devel-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-extra-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-source-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-syms-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-base-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-devel-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-extra-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-base-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-devel-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-extra-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-default-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-default-base-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-default-devel-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-base-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-devel-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-source-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-syms-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-trace-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-trace-base-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-trace-devel-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-base-3.0.34-0.7.9")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-devel-3.0.34-0.7.9")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2012-6406.NASL description Fixes CVEs : CVE-2012-2123 CVE-2012-2121 CVE-2012-2119 Also fixes a boot regression on some Dell machines Linux 3.3.2 There was a regression at the DVB core, affecting applications that require the DVB status before having a lock. In order to allow a broader test (including my environment). All new patches from the upstream media tree up to Apr, 10 got backported plus the fix patches, in order to have, among other things, the az6007 and af9035 drivers backported. Various bugfixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-04-26 plugin id 58881 published 2012-04-26 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58881 title Fedora 15 : kernel-2.6.43.2-6.fc15 (2012-6406) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-6406. # include("compat.inc"); if (description) { script_id(58881); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-2119", "CVE-2012-2121", "CVE-2012-2123"); script_xref(name:"FEDORA", value:"2012-6406"); script_name(english:"Fedora 15 : kernel-2.6.43.2-6.fc15 (2012-6406)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fixes CVEs : CVE-2012-2123 CVE-2012-2121 CVE-2012-2119 Also fixes a boot regression on some Dell machines Linux 3.3.2 There was a regression at the DVB core, affecting applications that require the DVB status before having a lock. In order to allow a broader test (including my environment). All new patches from the upstream media tree up to Apr, 10 got backported plus the fix patches, in order to have, among other things, the az6007 and af9035 drivers backported. Various bugfixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=806722" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=814149" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=814278" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/079111.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?be6eb799" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:15"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^15([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 15.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC15", reference:"kernel-2.6.43.2-6.fc15")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel"); }NASL family Scientific Linux Local Security Checks NASL id SL_20120618_KERNEL_ON_SL6_X.NASL description The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) - A buffer overflow flaw was found in the macvtap device driver, used for creating a bridged network between the guest and the host in KVM (Kernel-based Virtual Machine) environments. A privileged guest user in a KVM guest could use this flaw to crash the host. Note: This issue only affected hosts that have the vhost_net module loaded with the experimental_zcopytx module option enabled (it is not enabled by default), and that also have macvtap configured for at least one guest. (CVE-2012-2119, Important) - When a set user ID (setuid) application is executed, certain personality flags for controlling the application last seen 2020-03-18 modified 2012-08-01 plugin id 61331 published 2012-08-01 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61331 title Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20120618) NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-756.NASL description The openSUSE 11.4 kernel was updated to fix various bugs and security issues. This is the final update of the 2.6.37 kernel of openSUSE 11.4. last seen 2020-06-05 modified 2014-06-13 plugin id 74801 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74801 title openSUSE Security Update : kernel (openSUSE-SU-2012:1439-1) NASL family Fedora Local Security Checks NASL id FEDORA_2012-6386.NASL description Fixes CVEs : CVE-2012-2123 CVE-2012-2121 CVE-2012-2119 Also fixes a boot regression on some Dell machines. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-04-25 plugin id 58862 published 2012-04-25 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58862 title Fedora 16 : kernel-3.3.2-6.fc16 (2012-6386) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-0743.NASL description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) * A buffer overflow flaw was found in the macvtap device driver, used for creating a bridged network between the guest and the host in KVM (Kernel-based Virtual Machine) environments. A privileged guest user in a KVM guest could use this flaw to crash the host. Note: This issue only affected hosts that have the vhost_net module loaded with the experimental_zcopytx module option enabled (it is not enabled by default), and that also have macvtap configured for at least one guest. (CVE-2012-2119, Important) * When a set user ID (setuid) application is executed, certain personality flags for controlling the application last seen 2020-06-01 modified 2020-06-02 plugin id 59609 published 2012-06-21 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59609 title CentOS 6 : kernel (CESA-2012:0743) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-0743.NASL description From Red Hat Security Advisory 2012:0743 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) * A buffer overflow flaw was found in the macvtap device driver, used for creating a bridged network between the guest and the host in KVM (Kernel-based Virtual Machine) environments. A privileged guest user in a KVM guest could use this flaw to crash the host. Note: This issue only affected hosts that have the vhost_net module loaded with the experimental_zcopytx module option enabled (it is not enabled by default), and that also have macvtap configured for at least one guest. (CVE-2012-2119, Important) * When a set user ID (setuid) application is executed, certain personality flags for controlling the application last seen 2020-06-01 modified 2020-06-02 plugin id 68544 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68544 title Oracle Linux 6 : kernel (ELSA-2012-0743) NASL family Fedora Local Security Checks NASL id FEDORA_2012-6344.NASL description Fixes CVEs : CVE-2012-2119 CVE-2012-2123 CVE-2012-2121 Also fixes some fail to boot issues on various Dell machines. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-04-24 plugin id 58836 published 2012-04-24 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58836 title Fedora 17 : kernel-3.3.2-8.fc17 (2012-6344) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1514-1.NASL description A flaw was discovered in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 61506 published 2012-08-13 reporter Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61506 title USN-1514-1 : linux-ti-omap4 vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0743.NASL description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) * A buffer overflow flaw was found in the macvtap device driver, used for creating a bridged network between the guest and the host in KVM (Kernel-based Virtual Machine) environments. A privileged guest user in a KVM guest could use this flaw to crash the host. Note: This issue only affected hosts that have the vhost_net module loaded with the experimental_zcopytx module option enabled (it is not enabled by default), and that also have macvtap configured for at least one guest. (CVE-2012-2119, Important) * When a set user ID (setuid) application is executed, certain personality flags for controlling the application last seen 2020-06-01 modified 2020-06-02 plugin id 59562 published 2012-06-19 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59562 title RHEL 6 : kernel (RHSA-2012:0743) NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-357.NASL description This kernel update of the openSUSE 12.1 kernel brings various bug and security fixes. Following issues were fixed : - tcp: drop SYN+FIN messages (bnc#765102, CVE-2012-2663). - net: sock: validate data_len before allocating skb in sock_alloc_send_pskb() (bnc#765320, CVE-2012-2136). - thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE (bnc#762991). - be2net: non-member vlan pkts not received in promiscous mode (bnc#732006 CVE-2011-3347). - fcaps: clear the same personality flags as suid when fcaps are used (bnc#758260 CVE-2012-2123). - macvtap: zerocopy: validate vectors before building skb (bnc#758243 CVE-2012-2119). - macvtap: zerocopy: set SKBTX_DEV_ZEROCOPY only when skb is built successfully (bnc#758243 CVE-2012-2119). - macvtap: zerocopy: put page when fail to get all requested user pages (bnc#758243 CVE-2012-2119). - macvtap: zerocopy: fix offset calculation when building skb (bnc#758243 CVE-2012-2119). - Avoid reading past buffer when calling GETACL (bnc#762992). - Avoid beyond bounds copy while caching ACL (bnc#762992). - Fix length of buffer copied in __nfs4_get_acl_uncached (bnc#762992). - hfsplus: Fix potential buffer overflows (bnc#760902 CVE-2009-4020). - usb/net: rndis: merge command codes. only net/hyperv part - usb/net: rndis: remove ambiguous status codes. only net/hyperv part - usb/net: rndis: break out <linux/rndis.h> defines. only net/hyperv part - net/hyperv: Add flow control based on hi/low watermark. - hv: fix return type of hv_post_message(). - Drivers: hv: util: Properly handle version negotiations. - Drivers: hv: Get rid of an unnecessary check in vmbus_prep_negotiate_resp(). - HID: hyperv: Set the hid drvdata correctly. - HID: hid-hyperv: Do not use hid_parse_report() directly. - [SCSI] storvsc: Properly handle errors from the host (bnc#747404). - Delete patches.suse/suse-hv-storvsc-ignore-ata_16.patch. - patches.suse/suse-hv-pata_piix-ignore-disks.patch replace our version of this patch with upstream variant: ata_piix: defer disks to the Hyper-V drivers by default libata: add a host flag to ignore detected ATA devices. - mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition (bnc#762991 CVE-2012-2373). - xfrm: take net hdr len into account for esp payload size calculation (bnc#759545). - net/hyperv: Adding cancellation to ensure rndis filter is closed. - xfs: Fix oops on IO error during xlog_recover_process_iunlinks() (bnc#761681). - thp: reduce khugepaged freezing latency (bnc#760860). - igb: fix rtnl race in PM resume path (bnc#748859). - ixgbe: add missing rtnl_lock in PM resume path (bnc#748859). - cdc_ether: Ignore bogus union descriptor for RNDIS devices (bnc#735362). Taking the fix from net-next - Fix kABI breakage due to including proc_fs.h in kernel/fork.c modversion changed because of changes in struct proc_dir_entry (became defined) Refresh patches.fixes/procfs-namespace-pid_ns-fix-leakage-on-for k-failure. - Disabled MMC_TEST (bnc#760077). - Input: ALPS - add semi-MT support for v3 protocol (bnc#716996). - Input: ALPS - add support for protocol versions 3 and 4 (bnc#716996). - Input: ALPS - remove assumptions about packet size (bnc#716996). - Input: ALPS - add protocol version field in alps_model_info (bnc#716996). - Input: ALPS - move protocol information to Documentation (bnc#716996). - sysctl/defaults: kernel.hung_task_timeout -> kernel.hung_task_timeout_secs (bnc#700174) - btrfs: partial revert of truncation improvements (FATE#306586 bnc#748463 bnc#760279). - libata: skip old error history when counting probe trials. - procfs, namespace, pid_ns: fix leakage upon fork() failure (bnc#757783). - cdc-wdm: fix race leading leading to memory corruption (bnc#759554). This patch fixes a race whereby a pointer to a buffer would be overwritten while the buffer was in use leading to a double free and a memory leak. This causes crashes. This bug was introduced in 2.6.34 - netfront: delay gARP until backend switches to Connected. - xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX. - xenbus: check availability of XS_RESET_WATCHES command. - xenbus_dev: add missing error checks to watch handling. - drivers/xen/: use strlcpy() instead of strncpy(). - blkfront: properly fail packet requests (bnc#745929). - Linux 3.1.10. - Update Xen config files. - Refresh other Xen patches. - tlan: add cast needed for proper 64 bit operation (bnc#756840). - dl2k: Tighten ioctl permissions (bnc#758813). - mqueue: fix a vfsmount longterm reference leak (bnc#757783). - cciss: Add IRQF_SHARED back in for the non-MSI(X) interrupt handler (bnc#757789). - procfs: fix a vfsmount longterm reference leak (bnc#757783). - uwb: fix error handling (bnc#731720). This fixes a kernel error on unplugging an uwb dongle - uwb: fix use of del_timer_sync() in interrupt (bnc#731720). This fixes a kernel warning on plugging in an uwb dongle - acer-wmi: Detect communication hot key number. - acer-wmi: replaced the hard coded bitmap by the communication devices bitmap from SMBIOS. - acer-wmi: add ACER_WMID_v2 interface flag to represent new notebooks. - acer-wmi: No wifi rfkill on Sony machines. - acer-wmi: No wifi rfkill on Lenovo machines. - [media] cx22702: Fix signal strength. - fs: cachefiles: Add support for large files in filesystem caching (bnc#747038). - Drivers: scsi: storvsc: Account for in-transit packets in the RESET path. - CPU hotplug, cpusets, suspend: Don last seen 2020-06-05 modified 2014-06-13 plugin id 74661 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74661 title openSUSE Security Update : Kernel (openSUSE-SU-2012:0812-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-342.NASL description This kernel update of the openSUSE 12.1 kernel fixes lots of bugs and security issues. Following issues were fixed : - tcp: drop SYN+FIN messages (bnc#765102). - net: sock: validate data_len before allocating skb in sock_alloc_send_pskb() (bnc#765320, CVE-2012-2136). - fcaps: clear the same personality flags as suid when fcaps are used (bnc#758260 CVE-2012-2123). - macvtap: zerocopy: validate vectors before building skb (bnc#758243 CVE-2012-2119). - hfsplus: Fix potential buffer overflows (bnc#760902 CVE-2009-4020). - xfrm: take net hdr len into account for esp payload size calculation (bnc#759545). - ext4: fix undefined behavior in ext4_fill_flex_info() (bnc#757278). - igb: fix rtnl race in PM resume path (bnc#748859). - ixgbe: add missing rtnl_lock in PM resume path (bnc#748859). - b43: allocate receive buffers big enough for max frame len + offset (bnc#717749). - xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX. - xenbus_dev: add missing error checks to watch handling. - hwmon: (coretemp-xen) Fix TjMax detection for older CPUs. - hwmon: (coretemp-xen) Relax target temperature range check. - Refresh other Xen patches. - tlan: add cast needed for proper 64 bit operation (bnc#756840). - dl2k: Tighten ioctl permissions (bnc#758813). - [media] cx22702: Fix signal strength. - fs: cachefiles: Add support for large files in filesystem caching (bnc#747038). - bridge: correct IPv6 checksum after pull (bnc#738644). - bridge: fix a possible use after free (bnc#738644). - bridge: Pseudo-header required for the checksum of ICMPv6 (bnc#738644). - bridge: mcast snooping, fix length check of snooped MLDv1/2 (bnc#738644). - PCI/ACPI: Report ASPM support to BIOS if not disabled from command line (bnc#714455). - ipc/sem.c: fix race with concurrent semtimedop() timeouts and IPC_RMID (bnc#756203). - drm/i915/crt: Remove 0xa0 probe for VGA. - tty_audit: fix tty_audit_add_data live lock on audit disabled (bnc#721366). - drm/i915: suspend fbdev device around suspend/hibernate (bnc#732908). - dlm: Do not allocate a fd for peeloff (bnc#729247). - sctp: Export sctp_do_peeloff (bnc#729247). - i2c-algo-bit: Fix spurious SCL timeouts under heavy load. - patches.fixes/epoll-dont-limit-non-nested.patch: Don last seen 2020-06-05 modified 2014-06-13 plugin id 74658 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74658 title openSUSE Security Update : Kernel (openSUSE-SU-2012:0799-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1529-1.NASL description A flaw was discovered in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 61507 published 2012-08-13 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61507 title Ubuntu 12.04 LTS : linux vulnerabilities (USN-1529-1) NASL family SuSE Local Security Checks NASL id SUSE_11_KERNEL-120621.NASL description The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.34, fixing a lot of bugs and security issues. The update from Linux kernel 3.0.31 to 3.0.34 also fixes various bugs not listed here. The following security issues have been fixed : - Local attackers could trigger an overflow in sock_alloc_send_pksb(), potentially crashing the machine or escalate privileges. (CVE-2012-2136) - A memory leak in transparent hugepages on mmap failure could be used by local attacker to run the machine out of memory (local denial of service). (CVE-2012-2390) - A malicious guest driver could overflow the host stack by passing a long descriptor, so potentially crashing the host system or escalating privileges on the host. (CVE-2012-2119) - Malicious NFS server could crash the clients when more than 2 GETATTR bitmap words are returned in response to the FATTR4_ACL attribute requests, only incompletely fixed by CVE-2011-4131. (CVE-2012-2375) The following non-security bugs have been fixed : Hyper-V : - storvsc: Properly handle errors from the host. (bnc#747404) - HID: hid-hyperv: Do not use hid_parse_report() directly. - HID: hyperv: Set the hid drvdata correctly. - drivers/hv: Get rid of an unnecessary check in vmbus_prep_negotiate_resp(). - drivers/hv: util: Properly handle version negotiations. - hv: fix return type of hv_post_message(). - net/hyperv: Add flow control based on hi/low watermark. - usb/net: rndis: break out <1/rndis.h> defines. only net/hyperv part - usb/net: rndis: remove ambiguous status codes. only net/hyperv part - usb/net: rndis: merge command codes. only net/hyperv part - net/hyperv: Adding cancellation to ensure rndis filter is closed. - update hv drivers to 3.4-rc1, requires new hv_kvp_daemon : - drivers: hv: kvp: Add/cleanup connector defines. - drivers: hv: kvp: Move the contents of hv_kvp.h to hyperv.h. - net/hyperv: Convert camel cased variables in rndis_filter.c to lower cases. - net/hyperv: Correct the assignment in netvsc_recv_callback(). - net/hyperv: Remove the unnecessary memset in rndis_filter_send(). - drivers: hv: Cleanup the kvp related state in hyperv.h. - tools: hv: Use hyperv.h to get the KVP definitions. - drivers: hv: kvp: Cleanup the kernel/user protocol. - drivers: hv: Increase the number of VCPUs supported in the guest. - net/hyperv: Fix data corruption in rndis_filter_receive(). - net/hyperv: Add support for vlan trunking from guests. - Drivers: hv: Add new message types to enhance KVP. - Drivers: hv: Support the newly introduced KVP messages in the driver. - Tools: hv: Fully support the new KVP verbs in the user level daemon. - Tools: hv: Support enumeration from all the pools. - net/hyperv: Fix the code handling tx busy. - patches.suse/suse-hv-pata_piix-ignore-disks.patch replace our version of this patch with upstream variant: ata_piix: defer disks to the Hyper-V drivers by default libata: add a host flag to ignore detected ATA devices. Btrfs : - btrfs: more module message prefixes. - vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them - btrfs: flush all the dirty pages if try_to_writeback_inodes_sb_nr() fails - vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them - btrfs: fix locking in btrfs_destroy_delayed_refs - btrfs: wake up transaction waiters when aborting a transaction - btrfs: abort the transaction if the commit fails - btrfs: fix btrfs_destroy_marked_extents - btrfs: unlock everything properly in the error case for nocow - btrfs: fix return code in drop_objectid_items - btrfs: check to see if the inode is in the log before fsyncing - btrfs: pass locked_page into extent_clear_unlock_delalloc if theres an error - btrfs: check the return code of btrfs_save_ino_cache - btrfs: do not update atime for RO snapshots (FATE#306586). - btrfs: convert the inode bit field to use the actual bit operations - btrfs: fix deadlock when the process of delayed refs fails - btrfs: stop defrag the files automatically when doin readonly remount or umount - btrfs: avoid memory leak of extent state in error handling routine - btrfs: make sure that we have made everything in pinned tree clean - btrfs: destroy the items of the delayed inodes in error handling routine - btrfs: ulist realloc bugfix - btrfs: bugfix in btrfs_find_parent_nodes - btrfs: bugfix: ignore the wrong key for indirect tree block backrefs - btrfs: avoid buffer overrun in btrfs_printk - btrfs: fall back to non-inline if we do not have enough space - btrfs: NUL-terminate path buffer in DEV_INFO ioctl result - btrfs: avoid buffer overrun in mount option handling - btrfs: do not do balance in readonly mode - btrfs: fix the same inode id problem when doing auto defragment - btrfs: fix wrong error returned by adding a device - btrfs: use fastpath in extent state ops as much as possible Misc : - tcp: drop SYN+FIN messages. (bnc#765102) - mm: avoid swapping out with swappiness==0 (swappiness). - thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE. (bnc#762991) - paravirt: Split paravirt MMU ops (bnc#556135, bnc#754690, FATE#306453). - paravirt: Only export pv_mmu_ops symbol if PARAVIRT_MMU - parvirt: Stub support KABI for KVM_MMU (bnc#556135, bnc#754690, FATE#306453). - tmpfs: implement NUMA node interleaving. (bnc#764209) - synaptics-hp-clickpad: Fix the detection of LED on the recent HP laptops. (bnc#765524) - supported.conf: mark xt_AUDIT as supported. (bnc#765253) - mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition. (bnc#762991 / CVE-2012-2373) - xhci: Do not free endpoints in xhci_mem_cleanup(). (bnc#763307) - xhci: Fix invalid loop check in xhci_free_tt_info(). (bnc#763307) - drm: Skip too big EDID extensions. (bnc#764900) - drm/i915: Add HP EliteBook to LVDS-temporary-disable list. (bnc#763717) - hwmon: (fam15h_power) Increase output resolution. (bnc#759336) - hwmon: (k10temp) Add support for AMD Trinity CPUs. (bnc#759336) - rpm/kernel-binary.spec.in: Own the right -kdump initrd. (bnc#764500) - memcg: prevent from OOM with too many dirty pages. - dasd: re-prioritize partition detection message (bnc#764091,LTC#81617). - kernel: pfault task state race (bnc#764091,LTC#81724). - kernel: clear page table for sw large page emulation (bnc#764091,LTC#81933). - USB: fix bug of device descriptor got from superspeed device. (bnc#761087) - xfrm: take net hdr len into account for esp payload size calculation. (bnc#759545) - st: clean up dev cleanup in st_probe. (bnc#760806) - st: clean up device file creation and removal. (bnc#760806) - st: get rid of scsi_tapes array. (bnc#760806) - st: raise device limit. (bnc#760806) - st: Use static class attributes. (bnc#760806) - mm: Optimize put_mems_allowed() usage (VM performance). - cifs: fix oops while traversing open file list (try #4). (bnc#756050) - scsi: Fix dm-multipath starvation when scsi host is busy. (bnc#763485) - dasd: process all requests in the device tasklet. (bnc#763267) - rt2x00:Add RT539b chipset support. (bnc#760237) - kabi/severities: Ignore changes in drivers/net/wireless/rt2x00, these are just exports used among the rt2x00 modules. - rt2800: radio 3xxx: reprogram only lower bits of RF_R3. (bnc#759805) - rt2800: radio 3xxx: program RF_R1 during channel switch. (bnc#759805) - rt2800: radio 3xxxx: channel switch RX/TX calibration fixes. (bnc#759805) - rt2x00: Avoid unnecessary uncached. (bnc#759805) - rt2x00: Introduce sta_add/remove callbacks. (bnc#759805) - rt2x00: Add WCID to crypto struct. (bnc#759805) - rt2x00: Add WCID to HT TX descriptor. (bnc#759805) - rt2x00: Move bssidx calculation into its own function. (bnc#759805) - rt2x00: Make use of sta_add/remove callbacks in rt2800. (bnc#759805) - rt2x00: Forbid aggregation for STAs not programmed into the hw. (bnc#759805) - rt2x00: handle spurious pci interrupts. (bnc#759805) - rt2800: disable DMA after firmware load. - rt2800: radio 3xxx: add channel switch calibration routines. (bnc#759805) - rpm/kernel-binary.spec.in: Obsolete ath3k, as it is now in the tree. - floppy: remove floppy-specific O_EXCL handling. (bnc#757315) - floppy: convert to delayed work and single-thread wq. (bnc#761245) last seen 2020-06-05 modified 2013-01-25 plugin id 64176 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64176 title SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6453 / 6457)
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5
- http://www.openwall.com/lists/oss-security/2012/04/19/14
- http://ubuntu.com/usn/usn-1529-1
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=814278
- http://marc.info/?l=linux-netdev&m=133455718001608&w=2
- http://rhn.redhat.com/errata/RHSA-2012-0743.html
- https://github.com/torvalds/linux/commit/b92946e2919134ebe2a4083e4302236295ea2a73
- http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b92946e2919134ebe2a4083e4302236295ea2a73
- https://oss.oracle.com/git/?p=redpatch.git%3Ba=commit%3Bh=4aae94d1c7b32316911c86176c0ed4f8ed62da73