Vulnerabilities > CVE-2013-1819 - Improper Input Validation vulnerability in Linux Kernel

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1970-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(70191);
  script_version("1.10");
  script_cvs_date("Date: 2019/09/19 12:54:29");

  script_cve_id("CVE-2013-1819", "CVE-2013-2237", "CVE-2013-4254");
  script_xref(name:"USN", value:"1970-1");

  script_name(english:"Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-1970-1)");
  script_summary(english:"Checks dpkg output for updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Ubuntu host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Vince Weaver discovered a flaw in the perf subsystem of the Linux
kernel on ARM platforms. A local user could exploit this flaw to gain
privileges or cause a denial of service (system crash).
(CVE-2013-4254)

A failure to validate block numbers was discovered in the Linux
kernel's implementation of the XFS filesystem. A local user can cause
a denial of service (system crash) if they can mount, or cause to be
mounted a corrupted or special crafted XFS filesystem. (CVE-2013-1819)

An information leak was discovered in the Linux kernel's IPSec
key_socket when using the notify_policy interface. A local user could
exploit this flaw to examine potentially sensitive information in
kernel memory. (CVE-2013-2237).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1970-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected linux-image-3.5-generic package."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/09/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/28");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2013-1819", "CVE-2013-2237", "CVE-2013-4254");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1970-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.5.0-41-generic", pkgver:"3.5.0-41.64~precise1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.5-generic");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2013:0829. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(76660);
  script_version("1.16");
  script_cvs_date("Date: 2019/10/24 15:35:37");

  script_cve_id("CVE-2013-0913", "CVE-2013-0914", "CVE-2013-1767", "CVE-2013-1774", "CVE-2013-1792", "CVE-2013-1819", "CVE-2013-1848", "CVE-2013-1860", "CVE-2013-1929", "CVE-2013-1979", "CVE-2013-2094", "CVE-2013-2546", "CVE-2013-2547", "CVE-2013-2548", "CVE-2013-2634", "CVE-2013-2635", "CVE-2013-3076", "CVE-2013-3222", "CVE-2013-3224", "CVE-2013-3225", "CVE-2013-3231");
  script_bugtraq_id(58177, 58202, 58301, 58368, 58382, 58426, 58427, 58510, 58597, 58600, 58908, 59377, 59383, 59385, 59390, 59398, 59538, 59846);
  script_xref(name:"RHSA", value:"2013:0829");

  script_name(english:"RHEL 6 : MRG (RHSA-2013:0829)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated kernel-rt packages that fix several security issues and
multiple bugs are now available for Red Hat Enterprise MRG 2.3.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Security fixes :

* It was found that the kernel-rt update RHBA-2012:0044 introduced an
integer conversion issue in the Linux kernel's Performance Events
implementation. This led to a user-supplied index into the
perf_swevent_enabled array not being validated properly, resulting in
out-of-bounds kernel memory access. A local, unprivileged user could
use this flaw to escalate their privileges. (CVE-2013-2094, Important)

A public exploit for CVE-2013-2094 that affects Red Hat Enterprise MRG
2 is available. Refer to Red Hat Knowledge Solution 373743, linked to
in the References, for further information and mitigation instructions
for users who are unable to immediately apply this update.

* An integer overflow flaw, leading to a heap-based buffer overflow,
was found in the way the Intel i915 driver in the Linux kernel handled
the allocation of the buffer used for relocation copies. A local user
with console access could use this flaw to cause a denial of service
or escalate their privileges. (CVE-2013-0913, Important)

* It was found that the Linux kernel used effective user and group IDs
instead of real ones when passing messages with SCM_CREDENTIALS
ancillary data. A local, unprivileged user could leverage this flaw
with a set user ID (setuid) application, allowing them to escalate
their privileges. (CVE-2013-1979, Important)

* A race condition in install_user_keyrings(), leading to a NULL
pointer dereference, was found in the key management facility. A
local, unprivileged user could use this flaw to cause a denial of
service. (CVE-2013-1792, Moderate)

* A NULL pointer dereference flaw was found in the Linux kernel's XFS
file system implementation. A local user who is able to mount an XFS
file system could use this flaw to cause a denial of service.
(CVE-2013-1819, Moderate)

* An information leak was found in the Linux kernel's POSIX signals
implementation. A local, unprivileged user could use this flaw to
bypass the Address Space Layout Randomization (ASLR) security feature.
(CVE-2013-0914, Low)

* A use-after-free flaw was found in the tmpfs implementation. A local
user able to mount and unmount a tmpfs file system could use this flaw
to cause a denial of service or, potentially, escalate their
privileges. (CVE-2013-1767, Low)

* A NULL pointer dereference flaw was found in the Linux kernel's USB
Inside Out Edgeport Serial Driver implementation. A local user with
physical access to a system and with access to a USB device's tty file
could use this flaw to cause a denial of service. (CVE-2013-1774, Low)

* A format string flaw was found in the ext3_msg() function in the
Linux kernel's ext3 file system implementation. A local user who is
able to mount an ext3 file system could use this flaw to cause a
denial of service or, potentially, escalate their privileges.
(CVE-2013-1848, Low)

* A heap-based buffer overflow flaw was found in the Linux kernel's
cdc-wdm driver, used for USB CDC WCM device management. An attacker
with physical access to a system could use this flaw to cause a denial
of service or, potentially, escalate their privileges. (CVE-2013-1860,
Low)

* A heap-based buffer overflow in the way the tg3 Ethernet driver
parsed the vital product data (VPD) of devices could allow an attacker
with physical access to a system to cause a denial of service or,
potentially, escalate their privileges. (CVE-2013-1929, Low)

* Information leaks in the Linux kernel's cryptographic API could
allow a local user who has the CAP_NET_ADMIN capability to leak kernel
stack memory to user-space. (CVE-2013-2546, CVE-2013-2547,
CVE-2013-2548, Low)

* Information leaks in the Linux kernel could allow a local,
unprivileged user to leak kernel stack memory to user-space.
(CVE-2013-2634, CVE-2013-2635, CVE-2013-3076, CVE-2013-3222,
CVE-2013-3224, CVE-2013-3225, CVE-2013-3231, Low)

Red Hat would like to thank Andy Lutomirski for reporting
CVE-2013-1979. CVE-2013-1792 was discovered by Mateusz Guzik of Red
Hat EMEA GSS SEG Team."
  );
  # https://access.redhat.com/site/solutions/373743
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/solutions/373743"
  );
  # https://rhn.redhat.com/errata/RHBA-2012-0044.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHBA-2012:0044"
  );
  # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_MRG/2
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?687515f3"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2013:0829"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-1792"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-1767"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-0913"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-1774"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-2094"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-1929"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-3231"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-2635"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-1860"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-3225"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-3224"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-2634"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-3076"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-2548"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-1819"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-3222"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-0914"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-1848"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-2546"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-2547"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-1979"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mrg-rt-release");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/05/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/22");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
include("ksplice.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2013-0913", "CVE-2013-0914", "CVE-2013-1767", "CVE-2013-1774", "CVE-2013-1792", "CVE-2013-1819", "CVE-2013-1848", "CVE-2013-1860", "CVE-2013-1929", "CVE-2013-1979", "CVE-2013-2094", "CVE-2013-2546", "CVE-2013-2547", "CVE-2013-2548", "CVE-2013-2634", "CVE-2013-2635", "CVE-2013-3076", "CVE-2013-3222", "CVE-2013-3224", "CVE-2013-3225", "CVE-2013-3231");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2013:0829");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2013:0829";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;

  if (! (rpm_exists(release:"RHEL6", rpm:"mrg-release"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "MRG");

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-3.6.11.2-rt33.39.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-3.6.11.2-rt33.39.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-debuginfo-3.6.11.2-rt33.39.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-devel-3.6.11.2-rt33.39.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debuginfo-3.6.11.2-rt33.39.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debuginfo-common-x86_64-3.6.11.2-rt33.39.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-devel-3.6.11.2-rt33.39.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"kernel-rt-doc-3.6.11.2-rt33.39.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"kernel-rt-firmware-3.6.11.2-rt33.39.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-3.6.11.2-rt33.39.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-debuginfo-3.6.11.2-rt33.39.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-devel-3.6.11.2-rt33.39.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-3.6.11.2-rt33.39.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-debuginfo-3.6.11.2-rt33.39.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-devel-3.6.11.2-rt33.39.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"mrg-rt-release-3.6.11.2-rt33.39.el6")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc");
  }
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(70040);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2013-1059", "CVE-2013-1819", "CVE-2013-1929", "CVE-2013-2148", "CVE-2013-2164", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2237", "CVE-2013-2851", "CVE-2013-2852", "CVE-2013-3301", "CVE-2013-4162", "CVE-2013-4163");

  script_name(english:"SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 8269 / 8270 / 8283)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to
version 3.0.93 and to fix various bugs and security issues.

The following features have been added :

  - NFS: Now supports a 'nosharetransport' option
    (bnc#807502, bnc#828192, FATE#315593).

  - ALSA: virtuoso: Xonar DSX support was added
    (FATE#316016). The following security issues have been
    fixed :

  - The fill_event_metadata function in
    fs/notify/fanotify/fanotify_user.c in the Linux kernel
    did not initialize a certain structure member, which
    allowed local users to obtain sensitive information from
    kernel memory via a read operation on the fanotify
    descriptor. (CVE-2013-2148)

  - The key_notify_policy_flush function in net/key/af_key.c
    in the Linux kernel did not initialize a certain
    structure member, which allowed local users to obtain
    sensitive information from kernel heap memory by reading
    a broadcast message from the notify_policy interface of
    an IPSec key_socket. (CVE-2013-2237)

  - The ip6_sk_dst_check function in net/ipv6/ip6_output.c
    in the Linux kernel allowed local users to cause a
    denial of service (system crash) by using an AF_INET6
    socket for a connection to an IPv4 interface.
    (CVE-2013-2232)

  - The (1) key_notify_sa_flush and (2)
    key_notify_policy_flush functions in net/key/af_key.c in
    the Linux kernel did not initialize certain structure
    members, which allowed local users to obtain sensitive
    information from kernel heap memory by reading a
    broadcast message from the notify interface of an IPSec
    key_socket. CVE-2013-4162: The
    udp_v6_push_pending_frames function in net/ipv6/udp.c in
    the IPv6 implementation in the Linux kernel made an
    incorrect function call for pending data, which allowed
    local users to cause a denial of service (BUG and system
    crash) via a crafted application that uses the UDP_CORK
    option in a setsockopt system call. (CVE-2013-2234)

  - net/ceph/auth_none.c in the Linux kernel allowed remote
    attackers to cause a denial of service (NULL pointer
    dereference and system crash) or possibly have
    unspecified other impact via an auth_reply message that
    triggers an attempted build_request operation.
    (CVE-2013-1059)

  - The mmc_ioctl_cdrom_read_data function in
    drivers/cdrom/cdrom.c in the Linux kernel allowed local
    users to obtain sensitive information from kernel memory
    via a read operation on a malfunctioning CD-ROM drive.
    (CVE-2013-2164)

  - Format string vulnerability in the register_disk
    function in block/genhd.c in the Linux kernel allowed
    local users to gain privileges by leveraging root access
    and writing format string specifiers to
    /sys/module/md_mod/parameters/new_array in order to
    create a crafted /dev/md device name. (CVE-2013-2851)

  - The ip6_append_data_mtu function in
    net/ipv6/ip6_output.c in the IPv6 implementation in the
    Linux kernel did not properly maintain information about
    whether the IPV6_MTU setsockopt option had been
    specified, which allowed local users to cause a denial
    of service (BUG and system crash) via a crafted
    application that uses the UDP_CORK option in a
    setsockopt system call. (CVE-2013-4163)

  - Heap-based buffer overflow in the tg3_read_vpd function
    in drivers/net/ethernet/broadcom/tg3.c in the Linux
    kernel allowed physically proximate attackers to cause a
    denial of service (system crash) or possibly execute
    arbitrary code via crafted firmware that specifies a
    long string in the Vital Product Data (VPD) data
    structure. (CVE-2013-1929)

  - The _xfs_buf_find function in fs/xfs/xfs_buf.c in the
    Linux kernel did not validate block numbers, which
    allowed local users to cause a denial of service (NULL
    pointer dereference and system crash) or possibly have
    unspecified other impact by leveraging the ability to
    mount an XFS filesystem containing a metadata inode with
    an invalid extent map. (CVE-2013-1819)

Also the following non-security bugs have been fixed :

  - ACPI / APEI: Force fatal AER severity when component has
    been reset. (bnc#828886 / bnc#824568)

  - PCI/AER: Move AER severity defines to aer.h. (bnc#828886
    / bnc#824568)

  - PCI/AER: Set dev->__aer_firmware_first only for matching
    devices. (bnc#828886 / bnc#824568)

  - PCI/AER: Factor out HEST device type matching.
    (bnc#828886 / bnc#824568)

  - PCI/AER: Do not parse HEST table for non-PCIe devices.
    (bnc#828886 / bnc#824568)

  - PCI/AER: Reset link for devices below Root Port or
    Downstream Port. (bnc#828886 / bnc#824568)

  - zfcp: fix lock imbalance by reworking request queue
    locking (bnc#835175, LTC#96825).

  - qeth: Fix crash on initial MTU size change (bnc#835175,
    LTC#96809).

  - qeth: change default standard blkt settings for OSA
    Express (bnc#835175, LTC#96808).

  - x86: Add workaround to NMI iret woes. (bnc#831949)

  - x86: Do not schedule while still in NMI context.
    (bnc#831949)

  - drm/i915: no longer call drm_helper_resume_force_mode.
    (bnc#831424,bnc#800875)

  - bnx2x: protect different statistics flows. (bnc#814336)

  - bnx2x: Avoid sending multiple statistics queries.
    (bnc#814336)

  - bnx2x: protect different statistics flows. (bnc#814336)

  - ALSA: hda - Fix unbalanced runtime pm refount.
    (bnc#834742)

  - xhci: directly calling _PS3 on suspend. (bnc#833148)

  - futex: Take hugepages into account when generating
    futex_key.

  - e1000e: workaround DMA unit hang on I218. (bnc#834647)

  - e1000e: unexpected 'Reset adapter' message when cable
    pulled. (bnc#834647)

  - e1000e: 82577: workaround for link drop issue.
    (bnc#834647)

  - e1000e: helper functions for accessing EMI registers.
    (bnc#834647)

  - e1000e: workaround DMA unit hang on I218. (bnc#834647)

  - e1000e: unexpected 'Reset adapter' message when cable
    pulled. (bnc#834647)

  - e1000e: 82577: workaround for link drop issue.
    (bnc#834647)

  - e1000e: helper functions for accessing EMI registers.
    (bnc#834647)

  - Drivers: hv: util: Fix a bug in version negotiation code
    for util services. (bnc#828714)

  - printk: Add NMI ringbuffer. (bnc#831949)

  - printk: extract ringbuffer handling from vprintk.
    (bnc#831949)

  - printk: NMI safe printk. (bnc#831949)

  - printk: Make NMI ringbuffer size independent on
    log_buf_len. (bnc#831949)

  - printk: Do not call console_unlock from nmi context.
    (bnc#831949)

  - printk: Do not use printk_cpu from finish_printk.
    (bnc#831949)

  - zfcp: fix schedule-inside-lock in scsi_device list loops
    (bnc#833073, LTC#94937).

  - uvc: increase number of buffers. (bnc#822164,
    bnc#805804)

  - drm/i915: Adding more reserved PCI IDs for Haswell.
    (bnc#834116)

  - Refresh patches.xen/xen-netback-generalize. (bnc#827378)

  - Update Xen patches to 3.0.87.

  - mlx4_en: Adding 40gb speed report for ethtool.
    (bnc#831410)

  - drm/i915: Retry DP aux_ch communications with a
    different clock after failure. (bnc#831422)

  - drm/i915: split aux_clock_divider logic in a separated
    function for reuse. (bnc#831422)

  - drm/i915: dp: increase probe retries. (bnc#831422)

  - drm/i915: Only clear write-domains after a successful
    wait-seqno. (bnc#831422)

  - drm/i915: Fix write-read race with multiple rings.
    (bnc#831422)

  - drm/i915: Retry DP aux_ch communications with a
    different clock after failure. (bnc#831422)

  - drm/i915: split aux_clock_divider logic in a separated
    function for reuse. (bnc#831422)

  - drm/i915: dp: increase probe retries. (bnc#831422)

  - drm/i915: Only clear write-domains after a successful
    wait-seqno. (bnc#831422)

  - drm/i915: Fix write-read race with multiple rings.
    (bnc#831422)

  - xhci: Add xhci_disable_ports boot option. (bnc#822164)

  - xhci: set device to D3Cold on shutdown. (bnc#833097)

  - reiserfs: Fixed double unlock in reiserfs_setattr
    failure path.

  - reiserfs: locking, release lock around quota operations.
    (bnc#815320)

  - reiserfs: locking, push write lock out of xattr code.
    (bnc#815320)

  - reiserfs: locking, handle nested locks properly.
    (bnc#815320)

  - reiserfs: do not lock journal_init(). (bnc#815320)

  - reiserfs: delay reiserfs lock until journal
    initialization. (bnc#815320)

  - NFS: support 'nosharetransport' option (bnc#807502,
    bnc#828192, FATE#315593).

  - HID: hyperv: convert alloc+memcpy to memdup.

  - Drivers: hv: vmbus: Implement multi-channel support
    (fate#316098).

  - Drivers: hv: Add the GUID fot synthetic fibre channel
    device (fate#316098).

  - tools: hv: Check return value of setsockopt call.

  - tools: hv: Check return value of poll call.

  - tools: hv: Check return value of strchr call.

  - tools: hv: Fix file descriptor leaks.

  - tools: hv: Improve error logging in KVP daemon.

  - drivers: hv: switch to use mb() instead of smp_mb().

  - drivers: hv: check interrupt mask before read_index.

  - drivers: hv: allocate synic structures before
    hv_synic_init().

  - storvsc: Increase the value of scsi timeout for storvsc
    devices (fate#316098).

  - storvsc: Update the storage protocol to win8 level
    (fate#316098).

  - storvsc: Implement multi-channel support (fate#316098).

  - storvsc: Support FC devices (fate#316098).

  - storvsc: Increase the value of STORVSC_MAX_IO_REQUESTS
    (fate#316098).

  - hyperv: Fix the NETIF_F_SG flag setting in netvsc.

  - Drivers: hv: vmbus: incorrect device name is printed
    when child device is unregistered.

  - Tools: hv: KVP: Fix a bug in IPV6 subnet enumeration.
    (bnc#828714)

  - ipv6: ip6_append_data_mtu did not care about pmtudisc
    and frag_size. (bnc#831055, CVE-2013-4163)

  - ipv6: ip6_append_data_mtu did not care about pmtudisc
    and frag_size. (bnc#831055, CVE-2013-4163)

  - dm mpath: add retain_attached_hw_handler feature.
    (bnc#760407)

  - scsi_dh: add scsi_dh_attached_handler_name. (bnc#760407)

  - af_key: fix info leaks in notify messages. (bnc#827749 /
    CVE-2013-2234)

  - af_key: initialize satype in key_notify_policy_flush().
    (bnc#828119 / CVE-2013-2237)

  - ipv6: call udp_push_pending_frames when uncorking a
    socket with. (bnc#831058, CVE-2013-4162)

  - tg3: fix length overflow in VPD firmware parsing.
    (bnc#813733 / CVE-2013-1929)

  - xfs: fix _xfs_buf_find oops on blocks beyond the
    filesystem end. (CVE-2013-1819 / bnc#807471)

  - ipv6: ip6_sk_dst_check() must not assume ipv6 dst.
    (bnc#827750, CVE-2013-2232)

  - dasd: fix hanging devices after path events (bnc#831623,
    LTC#96336).

  - kernel: z90crypt module load crash (bnc#831623,
    LTC#96214).

  - ata: Fix DVD not detected at some platform with
    Wellsburg PCH. (bnc#822225)

  - drm/i915: edp: add standard modes. (bnc#832318)

  - Do not switch camera on yet more HP machines.
    (bnc#822164)

  - Do not switch camera on HP EB 820 G1. (bnc#822164)

  - xhci: Avoid NULL pointer deref when host dies.
    (bnc#827271)

  - bonding: disallow change of MAC if fail_over_mac
    enabled. (bnc#827376)

  - bonding: propagate unicast lists down to slaves.
    (bnc#773255 / bnc#827372)

  - net/bonding: emit address change event also in
    bond_release. (bnc#773255 / bnc#827372)

  - bonding: emit event when bonding changes MAC.
    (bnc#773255 / bnc#827372)

  - usb: host: xhci: Enable XHCI_SPURIOUS_SUCCESS for all
    controllers with xhci 1.0. (bnc#797909)

  - xhci: fix NULL pointer dereference on
    ring_doorbell_for_active_rings. (bnc#827271)

  - updated reference for security issue fixed inside.
    (CVE-2013-3301 / bnc#815256)

  - qla2xxx: Clear the MBX_INTR_WAIT flag when the mailbox
    time-out happens. (bnc#830478)

  - drm/i915: initialize gt_lock early with other spin
    locks. (bnc#801341)

  - drm/i915: fix up gt init sequence fallout. (bnc#801341)

  - drm/i915: initialize gt_lock early with other spin
    locks. (bnc#801341)

  - drm/i915: fix up gt init sequence fallout. (bnc#801341)

  - timer_list: Correct the iterator for timer_list.
    (bnc#818047)

  - firmware: do not spew errors in normal boot (bnc#831438,
    fate#314574).

  - ALSA: virtuoso: Xonar DSX support (FATE#316016).

  - SUNRPC: Ensure we release the socket write lock if the
    rpc_task exits early. (bnc#830901)

  - ext4: Re-add config option Building ext4 as the
    ext4-writeable KMP uses CONFIG_EXT4_FS_RW=y to denote
    that read-write module should be enabled. This update
    just defaults allow_rw to true if it is set.

  - e1000: fix vlan processing regression. (bnc#830766)

  - ext4: force read-only unless rw=1 module option is used
    (fate#314864).

  - dm mpath: fix ioctl deadlock when no paths. (bnc#808940)

  - HID: fix unused rsize usage. (bnc#783475)

  - add reference for b43 format string flaw. (bnc#822579 /
    CVE-2013-2852)

  - HID: fix data access in implement(). (bnc#783475)

  - xfs: fix deadlock in xfs_rtfree_extent with kernel v3.x.
    (bnc#829622)

  - kernel: sclp console hangs (bnc#830346, LTC#95711).

  - Refresh
    patches.fixes/rtc-add-an-alarm-disable-quirk.patch.

  - Delete
    patches.drm/1209-nvc0-fb-shut-up-pmfb-interrupt-after-th
    e-first-occurrence. It was removed from series.conf in
    063ed686e5a3cda01a7ddbc49db1499da917fef5 but the file
    was not deleted.

  - Drivers: hv: balloon: Do not post pressure status if
    interrupted. (bnc#829539)

  - Drivers: hv: balloon: Fix a bug in the hot-add code.
    (bnc#829539)

  - drm/i915: Fix incoherence with fence updates on
    Sandybridge+. (bnc#809463)

  - drm/i915: merge {i965, sandybridge}_write_fence_reg().
    (bnc#809463)

  - drm/i915: Fix incoherence with fence updates on
    Sandybridge+. (bnc#809463)

  - drm/i915: merge {i965, sandybridge}_write_fence_reg().
    (bnc#809463)

  - Refresh
    patches.fixes/rtc-add-an-alarm-disable-quirk.patch.

  - r8169: allow multicast packets on sub-8168f chipset.
    (bnc#805371)

  - r8169: support new chips of RTL8111F. (bnc#805371)

  - r8169: define the early size for 8111evl. (bnc#805371)

  - r8169: fix the reset setting for 8111evl. (bnc#805371)

  - r8169: add MODULE_FIRMWARE for the firmware of 8111evl.
    (bnc#805371)

  - r8169: fix sticky accepts packet bits in RxConfig.
    (bnc#805371)

  - r8169: adjust the RxConfig settings. (bnc#805371)

  - r8169: support RTL8111E-VL. (bnc#805371)

  - r8169: add ERI functions. (bnc#805371)

  - r8169: modify the flow of the hw reset. (bnc#805371)

  - r8169: adjust some registers. (bnc#805371)

  - r8169: check firmware content sooner. (bnc#805371)

  - r8169: support new firmware format. (bnc#805371)

  - r8169: explicit firmware format check. (bnc#805371)

  - r8169: move the firmware down into the device private
    data. (bnc#805371)

  - r8169: allow multicast packets on sub-8168f chipset.
    (bnc#805371)

  - r8169: support new chips of RTL8111F. (bnc#805371)

  - r8169: define the early size for 8111evl. (bnc#805371)

  - r8169: fix the reset setting for 8111evl. (bnc#805371)

  - r8169: add MODULE_FIRMWARE for the firmware of 8111evl.
    (bnc#805371)

  - r8169: fix sticky accepts packet bits in RxConfig.
    (bnc#805371)

  - r8169: adjust the RxConfig settings. (bnc#805371)

  - r8169: support RTL8111E-VL. (bnc#805371)

  - r8169: add ERI functions. (bnc#805371)

  - r8169: modify the flow of the hw reset. (bnc#805371)

  - r8169: adjust some registers. (bnc#805371)

  - r8169: check firmware content sooner. (bnc#805371)

  - r8169: support new firmware format. (bnc#805371)

  - r8169: explicit firmware format check. (bnc#805371)

  - r8169: move the firmware down into the device private
    data. (bnc#805371)

  -
    patches.fixes/mm-link_mem_sections-touch-nmi-watchdog.pa
    tch: mm: link_mem_sections make sure nmi watchdog does
    not trigger while linking memory sections. (bnc#820434)

  - drm/i915: fix long-standing SNB regression in power
    consumption after resume v2. (bnc#801341)

  - RTC: Add an alarm disable quirk. (bnc#805740)

  - drm/i915: Fix bogus hotplug warnings at resume.
    (bnc#828087)

  - drm/i915: Serialize all register access.
    (bnc#809463,bnc#812274,bnc#822878,bnc#828914)

  - drm/i915: Resurrect ring kicking for semaphores,
    selectively. (bnc#828087)

  - drm/i915: Fix bogus hotplug warnings at resume.
    (bnc#828087)

  - drm/i915: Serialize all register access.
    (bnc#809463,bnc#812274,bnc#822878,bnc#828914)

  - drm/i915: Resurrect ring kicking for semaphores,
    selectively. (bnc#828087)

  - drm/i915: use lower aux clock divider on non-ULT HSW.
    (bnc#800875)

  - drm/i915: preserve the PBC bits of TRANS_CHICKEN2.
    (bnc#828087)

  - drm/i915: set CPT FDI RX polarity bits based on VBT.
    (bnc#828087)

  - drm/i915: hsw: fix link training for eDP on port-A.
    (bnc#800875)

  - drm/i915: use lower aux clock divider on non-ULT HSW.
    (bnc#800875)

  - drm/i915: preserve the PBC bits of TRANS_CHICKEN2.
    (bnc#828087)

  - drm/i915: set CPT FDI RX polarity bits based on VBT.
    (bnc#828087)

  - drm/i915: hsw: fix link training for eDP on port-A.
    (bnc#800875)

  - patches.arch/s390-66-02-smp-ipi.patch: kernel: lost IPIs
    on CPU hotplug (bnc#825048, LTC#94784).

  -
    patches.fixes/iwlwifi-use-correct-supported-firmware-for
    -6035-and-.patch: iwlwifi: use correct supported
    firmware for 6035 and 6000g2. (bnc#825887)

  -
    patches.fixes/watchdog-update-watchdog_thresh-atomically
    .patch: watchdog: Update watchdog_thresh atomically.
    (bnc#829357)

  -
    patches.fixes/watchdog-update-watchdog_tresh-properly.pa
    tch: watchdog: update watchdog_tresh properly.
    (bnc#829357)

  -
    patches.fixes/watchdog-make-disable-enable-hotplug-and-p
    reempt-save.patch:
    watchdog-make-disable-enable-hotplug-and-preempt-save.pa
    tch. (bnc#829357)

  - kabi/severities: Ignore changes in drivers/hv

  -
    patches.drivers/lpfc-return-correct-error-code-on-bsg_ti
    meout.patch: lpfc: Return correct error code on
    bsg_timeout. (bnc#816043)

  -
    patches.fixes/dm-drop-table-reference-on-ioctl-retry.pat
    ch: dm-multipath: Drop table when retrying ioctl.
    (bnc#808940)

  - scsi: Do not retry invalid function error. (bnc#809122)

  -
    patches.suse/scsi-do-not-retry-invalid-function-error.pa
    tch: scsi: Do not retry invalid function error.
    (bnc#809122)

  - scsi: Always retry internal target error. (bnc#745640,
    bnc#825227)

  -
    patches.suse/scsi-always-retry-internal-target-error.pat
    ch: scsi: Always retry internal target error.
    (bnc#745640, bnc#825227)

  -
    patches.drivers/drm-edid-Don-t-print-messages-regarding-
    stereo-or-csync-by-default.patch: Refresh: add upstream
    commit ID.

  - patches.suse/acpiphp-match-to-Bochs-dmi-data.patch:
    Refresh. . (bnc#824915)

  - Refresh
    patches.suse/acpiphp-match-to-Bochs-dmi-data.patch.
    (bnc#824915)

  - Update kabi files.

  - ACPI:remove panic in case hardware has changed after S4.
    (bnc#829001)

  - ibmvfc: Driver version 1.0.1. (bnc#825142)

  - ibmvfc: Fix for offlining devices during error recovery.
    (bnc#825142)

  - ibmvfc: Properly set cancel flags when cancelling abort.
    (bnc#825142)

  - ibmvfc: Send cancel when link is down. (bnc#825142)

  - ibmvfc: Support FAST_IO_FAIL in EH handlers.
    (bnc#825142)

  - ibmvfc: Suppress ABTS if target gone. (bnc#825142)

  - fs/dcache.c: add cond_resched() to
    shrink_dcache_parent(). (bnc#829082)

  - drivers/cdrom/cdrom.c: use kzalloc() for failing
    hardware. (bnc#824295, CVE-2013-2164)

  - kmsg_dump: do not run on non-error paths by default.
    (bnc#820172)

  - supported.conf: mark tcm_qla2xxx as supported

  - mm: honor min_free_kbytes set by user. (bnc#826960)

  - Drivers: hv: util: Fix a bug in version negotiation code
    for util services. (bnc#828714)

  - hyperv: Fix a kernel warning from
    netvsc_linkstatus_callback(). (bnc#828574)

  - RT: Fix up hardening patch to not gripe when avg >
    available, which lockless access makes possible and
    happens in -rt kernels running a cpubound ltp realtime
    testcase. Just keep the output sane in that case.

  - kabi/severities: Add exception for aer_recover_queue()
    There should not be any user besides ghes.ko.

  - Fix rpm changelog

  - PCI / PM: restore the original behavior of
    pci_set_power_state(). (bnc#827930)

  - fanotify: info leak in copy_event_to_user().
    (CVE-2013-2148 / bnc#823517)

  - usb: xhci: check usb2 port capabilities before adding hw
    link PM support. (bnc#828265)

  - aerdrv: Move cper_print_aer() call out of interrupt
    context. (bnc#822052, bnc#824568)

  - PCI/AER: pci_get_domain_bus_and_slot() call missing
    required pci_dev_put(). (bnc#822052, bnc#824568)

  -
    patches.fixes/block-do-not-pass-disk-names-as-format-str
    ings.patch: block: do not pass disk names as format
    strings. (bnc#822575 / CVE-2013-2851)

  - powerpc: POWER8 cputable entries. (bnc#824256)

  - libceph: Fix NULL pointer dereference in auth client
    code. (CVE-2013-1059, bnc#826350)

  - md/raid10: Fix two bug affecting RAID10 reshape.

  - Allow NFSv4 to run execute-only files. (bnc#765523)

  - fs/ocfs2/namei.c: remove unnecessary ERROR when removing
    non-empty directory. (bnc#819363)

  - block: Reserve only one queue tag for sync IO if only 3
    tags are available. (bnc#806396)

  - btrfs: merge contiguous regions when loading free space
    cache

  - btrfs: fix how we deal with the orphan block rsv.

  - btrfs: fix wrong check during log recovery.

  - btrfs: change how we indicate we are adding csums."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=745640"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=760407"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=765523"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=773006"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=773255"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=783475"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=789010"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=797909"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=800875"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=801341"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=805371"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=805740"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=805804"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=806396"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=807471"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=807502"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=808940"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=809122"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=809463"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=812274"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=813733"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=814336"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=815256"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=815320"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=816043"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=818047"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=819363"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=820172"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=820434"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=822052"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=822164"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=822225"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=822575"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=822579"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=822878"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=823517"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=824256"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=824295"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=824568"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=824915"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=825048"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=825142"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=825227"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=825887"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=826350"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=826960"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=827271"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=827372"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=827376"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=827378"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=827749"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=827750"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=827930"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=828087"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=828119"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=828192"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=828265"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=828574"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=828714"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=828886"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=828914"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=829001"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=829082"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=829357"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=829539"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=829622"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=830346"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=830478"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=830766"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=830822"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=830901"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=831055"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=831058"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=831410"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=831422"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=831424"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=831438"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=831623"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=831949"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=832318"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=833073"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=833097"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=833148"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=834116"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=834647"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=834742"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=835175"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1059.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1819.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1929.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2148.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2164.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2232.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2234.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2237.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2851.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2852.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3301.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4162.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4163.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Apply SAT patch number 8269 / 8270 / 8283 as appropriate."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-man");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/08/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/21");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");


flag = 0;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-base-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-devel-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-extra-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-base-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-devel-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-extra-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-source-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-syms-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-trace-devel-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-base-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-devel-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-extra-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"xen-kmp-default-4.2.2_06_3.0.93_0.8-0.7.17")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"xen-kmp-pae-4.2.2_06_3.0.93_0.8-0.7.17")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-default-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-default-base-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-default-devel-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-default-extra-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-source-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-syms-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-trace-devel-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-xen-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-xen-base-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-xen-devel-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-xen-extra-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"xen-kmp-default-4.2.2_06_3.0.93_0.8-0.7.17")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"kernel-default-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"kernel-default-base-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"kernel-default-devel-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"kernel-source-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"kernel-syms-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"kernel-trace-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"kernel-trace-base-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"kernel-trace-devel-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-ec2-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-ec2-base-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-ec2-devel-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-pae-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-pae-base-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-pae-devel-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-xen-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-xen-base-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-xen-devel-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"xen-kmp-default-4.2.2_06_3.0.93_0.8-0.7.17")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"xen-kmp-pae-4.2.2_06_3.0.93_0.8-0.7.17")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-default-man-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-ec2-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-ec2-base-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-ec2-devel-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-xen-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-xen-base-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-xen-devel-3.0.93-0.8.2")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"xen-kmp-default-4.2.2_06_3.0.93_0.8-0.7.17")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2013-3909.
#

include("compat.inc");

if (description)
{
  script_id(65650);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_cve_id("CVE-2013-0913", "CVE-2013-0914", "CVE-2013-1767", "CVE-2013-1792", "CVE-2013-1819", "CVE-2013-1828", "CVE-2013-1860");
  script_bugtraq_id(58177, 58301, 58368, 58389, 58426, 58427, 58510);
  script_xref(name:"FEDORA", value:"2013-3909");

  script_name(english:"Fedora 17 : kernel-3.8.3-103.fc17 (2013-3909)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Update to Linux v3.8.3. Wide variety of fixes across the tree.
Contains reverts from upstream 3.8.3 to fix Intel GM45 graphics.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=915592"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=916646"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=918009"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=918512"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=919315"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=920471"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=920499"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=921970"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-March/100805.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?a138451e"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel package."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/03/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/22");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC17", reference:"kernel-3.8.3-103.fc17")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2013-813.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(75184);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2013-0231", "CVE-2013-1774", "CVE-2013-1819", "CVE-2013-2148", "CVE-2013-2164", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2237", "CVE-2013-2850", "CVE-2013-2851", "CVE-2013-4162", "CVE-2013-4163");
  script_bugtraq_id(57740, 58202, 58301, 60243, 60341, 60375, 60409, 60874, 60893, 60953, 61411, 61412);

  script_name(english:"openSUSE Security Update : kernel (openSUSE-SU-2013:1619-1)");
  script_summary(english:"Check for the openSUSE-2013-813 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The Linux kernel was updated to 3.4.63, fixing various bugs and
security issues.

  - Linux 3.4.59 (CVE-2013-2237 bnc#828119).

  - Linux 3.4.57 (CVE-2013-2148 bnc#823517).

  - Linux 3.4.55 (CVE-2013-2232 CVE-2013-2234 CVE-2013-4162
    CVE-2013-4163 bnc#827749 bnc#827750 bnc#831055
    bnc#831058).

  - Drivers: hv: util: Fix a bug in util version negotiation
    code (bnc#838346).

  - vmxnet3: prevent div-by-zero panic when ring resizing
    uninitialized dev (bnc#833321).

  - bnx2x: protect different statistics flows (bnc#814336).

  - bnx2x: Avoid sending multiple statistics queries
    (bnc#814336).

  - Drivers: hv: util: Fix a bug in version negotiation code
    for util services (bnc#828714).

  - Update Xen patches to 3.4.53.

  - netfront: fix kABI after 'reduce gso_max_size to account
    for max TCP header'.

  - netback: don't disconnect frontend when seeing oversize
    packet (bnc#823342).

  - netfront: reduce gso_max_size to account for max TCP
    header.

  - backends: Check for insane amounts of requests on the
    ring.

  - reiserfs: Fixed double unlock in reiserfs_setattr
    failure path.

  - reiserfs: locking, release lock around quota operations
    (bnc#815320).

  - reiserfs: locking, handle nested locks properly
    (bnc#815320).

  - reiserfs: locking, push write lock out of xattr code
    (bnc#815320).

  - ipv6: ip6_append_data_mtu did not care about pmtudisc
    and frag_size (bnc#831055, CVE-2013-4163).

  - af_key: fix info leaks in notify messages (bnc#827749
    CVE-2013-2234).

  - af_key: initialize satype in key_notify_policy_flush()
    (bnc#828119 CVE-2013-2237).

  - ipv6: call udp_push_pending_frames when uncorking a
    socket with (bnc#831058, CVE-2013-4162).

  - ipv6: ip6_sk_dst_check() must not assume ipv6 dst.

  - xfs: fix _xfs_buf_find oops on blocks beyond the
    filesystem end (CVE-2013-1819 bnc#807471).

  - brcmsmac: don't start device when RfKill is engaged
    (bnc#787649).

  - CIFS: Protect i_nlink from being negative (bnc#785542
    bnc#789598).

  - cifs: don't compare uniqueids in cifs_prime_dcache
    unless server inode numbers are in use (bnc#794988).

  - xfs: xfs: fallback to vmalloc for large buffers in
    xfs_compat_attrlist_by_handle (bnc#818053 bnc#807153).

  - xfs: fallback to vmalloc for large buffers in
    xfs_attrlist_by_handle (bnc#818053 bnc#807153).

  - Linux 3.4.53 (CVE-2013-2164 CVE-2013-2851 bnc#822575
    bnc#824295).

  - drivers/cdrom/cdrom.c: use kzalloc() for failing
    hardware (bnc#824295, CVE-2013-2164).

  - fanotify: info leak in copy_event_to_user()
    (CVE-2013-2148 bnc#823517).

  - block: do not pass disk names as format strings
    (bnc#822575 CVE-2013-2851).

  - ext4: avoid hang when mounting non-journal filesystems
    with orphan list (bnc#817377).

  - Linux 3.4.49 (CVE-2013-0231 XSA-43 bnc#801178).

  - Linux 3.4.48 (CVE-2013-1774 CVE-2013-2850 bnc#806976
    bnc#821560).

  - Always include the git commit in KOTD builds This allows
    us not to set it explicitly in builds submitted to the
    official distribution (bnc#821612, bnc#824171).

  - Bluetooth: Really fix registering hci with duplicate
    name (bnc#783858).

  - Bluetooth: Fix registering hci with duplicate name
    (bnc#783858)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=783858"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=785542"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=787649"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=789598"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=794988"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=801178"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=806976"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=807153"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=807471"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=814336"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=815320"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=817377"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=818053"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=821560"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=821612"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=822575"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=823342"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=823517"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=824171"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=824295"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=827749"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=827750"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=828119"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=828714"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=831055"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=831058"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=833321"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=835414"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=838346"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2013-10/msg00063.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-extra-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/10/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.2", reference:"kernel-default-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"kernel-default-base-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"kernel-default-base-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"kernel-default-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"kernel-default-debugsource-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"kernel-default-devel-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"kernel-default-devel-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"kernel-devel-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"kernel-source-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"kernel-source-vanilla-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"kernel-syms-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-debug-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-debug-base-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-debug-base-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-debug-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-debug-debugsource-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-debug-devel-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-debug-devel-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-desktop-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-desktop-base-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-desktop-base-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-desktop-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-desktop-debugsource-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-desktop-devel-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-desktop-devel-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-ec2-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-ec2-base-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-ec2-base-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-ec2-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-ec2-debugsource-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-ec2-devel-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-ec2-devel-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-ec2-extra-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-ec2-extra-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-pae-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-pae-base-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-pae-base-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-pae-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-pae-debugsource-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-pae-devel-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-pae-devel-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-trace-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-trace-base-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-trace-base-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-trace-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-trace-debugsource-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-trace-devel-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-trace-devel-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-vanilla-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-vanilla-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-vanilla-debugsource-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-vanilla-devel-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-vanilla-devel-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-xen-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-xen-base-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-xen-base-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-xen-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-xen-debugsource-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-xen-devel-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"i686", reference:"kernel-xen-devel-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-debug-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-debug-base-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-debug-base-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-debug-debugsource-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-debug-devel-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-debug-devel-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-desktop-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-desktop-base-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-desktop-base-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-desktop-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-desktop-debugsource-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-desktop-devel-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-desktop-devel-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-ec2-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-ec2-base-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-ec2-base-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-ec2-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-ec2-debugsource-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-ec2-devel-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-ec2-devel-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-ec2-extra-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-ec2-extra-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-pae-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-pae-base-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-pae-base-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-pae-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-pae-debugsource-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-pae-devel-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-pae-devel-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-trace-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-trace-base-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-trace-base-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-trace-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-trace-debugsource-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-trace-devel-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-trace-devel-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-vanilla-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-vanilla-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-vanilla-debugsource-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-vanilla-devel-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-vanilla-devel-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-xen-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-xen-base-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-xen-debugsource-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-xen-devel-3.4.63-2.44.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"kernel-xen-devel-debuginfo-3.4.63-2.44.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(70039);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2013-1059", "CVE-2013-1774", "CVE-2013-1819", "CVE-2013-1929", "CVE-2013-2148", "CVE-2013-2164", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2237", "CVE-2013-2851", "CVE-2013-4162", "CVE-2013-4163");

  script_name(english:"SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 8263 / 8265 / 8273)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SUSE Linux Enterprise 11 Service Pack 2 kernel has been updated to
version 3.0.93 and includes various bug and security fixes.

The following security bugs have been fixed :

  - The fill_event_metadata function in
    fs/notify/fanotify/fanotify_user.c in the Linux kernel
    did not initialize a certain structure member, which
    allowed local users to obtain sensitive information from
    kernel memory via a read operation on the fanotify
    descriptor. (CVE-2013-2148)

  - The key_notify_policy_flush function in net/key/af_key.c
    in the Linux kernel did not initialize a certain
    structure member, which allowed local users to obtain
    sensitive information from kernel heap memory by reading
    a broadcast message from the notify_policy interface of
    an IPSec key_socket. (CVE-2013-2237)

  - The ip6_sk_dst_check function in net/ipv6/ip6_output.c
    in the Linux kernel allowed local users to cause a
    denial of service (system crash) by using an AF_INET6
    socket for a connection to an IPv4 interface.
    (CVE-2013-2232)

  - The (1) key_notify_sa_flush and (2)
    key_notify_policy_flush functions in net/key/af_key.c in
    the Linux kernel did not initialize certain structure
    members, which allowed local users to obtain sensitive
    information from kernel heap memory by reading a
    broadcast message from the notify interface of an IPSec
    key_socket. (CVE-2013-2234)

  - The udp_v6_push_pending_frames function in
    net/ipv6/udp.c in the IPv6 implementation in the Linux
    kernel made an incorrect function call for pending data,
    which allowed local users to cause a denial of service
    (BUG and system crash) via a crafted application that
    uses the UDP_CORK option in a setsockopt system call.
    (CVE-2013-4162)

  - net/ceph/auth_none.c in the Linux kernel allowed remote
    attackers to cause a denial of service (NULL pointer
    dereference and system crash) or possibly have
    unspecified other impact via an auth_reply message that
    triggers an attempted build_request operation.
    (CVE-2013-1059)

  - The mmc_ioctl_cdrom_read_data function in
    drivers/cdrom/cdrom.c in the Linux kernel allowed local
    users to obtain sensitive information from kernel memory
    via a read operation on a malfunctioning CD-ROM drive.
    (CVE-2013-2164)

  - Format string vulnerability in the register_disk
    function in block/genhd.c in the Linux kernel allowed
    local users to gain privileges by leveraging root access
    and writing format string specifiers to
    /sys/module/md_mod/parameters/new_array in order to
    create a crafted /dev/md device name. (CVE-2013-2851)

  - The ip6_append_data_mtu function in
    net/ipv6/ip6_output.c in the IPv6 implementation in the
    Linux kernel did not properly maintain information about
    whether the IPV6_MTU setsockopt option had been
    specified, which allowed local users to cause a denial
    of service (BUG and system crash) via a crafted
    application that uses the UDP_CORK option in a
    setsockopt system call. (CVE-2013-4163)

  - Heap-based buffer overflow in the tg3_read_vpd function
    in drivers/net/ethernet/broadcom/tg3.c in the Linux
    kernel allowed physically proximate attackers to cause a
    denial of service (system crash) or possibly execute
    arbitrary code via crafted firmware that specifies a
    long string in the Vital Product Data (VPD) data
    structure. (CVE-2013-1929)

  - The _xfs_buf_find function in fs/xfs/xfs_buf.c in the
    Linux kernel did not validate block numbers, which
    allowed local users to cause a denial of service (NULL
    pointer dereference and system crash) or possibly have
    unspecified other impact by leveraging the ability to
    mount an XFS filesystem containing a metadata inode with
    an invalid extent map. (CVE-2013-1819)

  - The chase_port function in drivers/usb/serial/io_ti.c in
    the Linux kernel allowed local users to cause a denial
    of service (NULL pointer dereference and system crash)
    via an attempted /dev/ttyUSB read or write operation on
    a disconnected Edgeport USB serial converter.
    (CVE-2013-1774)

Also the following bugs have been fixed :

BTRFS :

  - btrfs: merge contiguous regions when loading free space
    cache

  - btrfs: fix how we deal with the orphan block rsv

  - btrfs: fix wrong check during log recovery

  - btrfs: change how we indicate we are adding csums

  - btrfs: flush delayed inodes if we are short on space.
    (bnc#801427)

  - btrfs: rework shrink_delalloc. (bnc#801427)

  - btrfs: fix our overcommit math. (bnc#801427)

  - btrfs: delay block group item insertion. (bnc#801427)

  - btrfs: remove bytes argument from do_chunk_alloc.
    (bnc#801427)

  - btrfs: run delayed refs first when out of space.
    (bnc#801427)

  - btrfs: do not commit instead of overcommitting.
    (bnc#801427)

  - btrfs: do not take inode delalloc mutex if we are a free
    space inode. (bnc#801427)

  - btrfs: fix chunk allocation error handling. (bnc#801427)

  - btrfs: remove extent mapping if we fail to add chunk.
    (bnc#801427)

  - btrfs: do not overcommit if we do not have enough space
    for global rsv. (bnc#801427)

  - btrfs: rework the overcommit logic to be based on the
    total size. (bnc#801427)

  - btrfs: steal from global reserve if we are cleaning up
    orphans. (bnc#801427)

  - btrfs: clear chunk_alloc flag on retryable failure.
    (bnc#801427)

  - btrfs: use reserved space for creating a snapshot.
    (bnc#801427)

  - btrfs: cleanup to make the function
    btrfs_delalloc_reserve_metadata more logic. (bnc#801427)

  - btrfs: fix space leak when we fail to reserve metadata
    space. (bnc#801427)

  - btrfs: fix space accounting for unlink and rename.
    (bnc#801427)

  - btrfs: allocate new chunks if the space is not enough
    for global rsv. (bnc#801427)

  - btrfs: various abort cleanups. (bnc#812526 / bnc#801427)

  - btrfs: simplify unlink reservations (bnc#801427). 
OTHER :

  - x86: Add workaround to NMI iret woes. (bnc#831949)

  - x86: Do not schedule while still in NMI context.
    (bnc#831949)

  - bnx2x: Avoid sending multiple statistics queries.
    (bnc#814336)

  - bnx2x: protect different statistics flows. (bnc#814336)

  - futex: Take hugepages into account when generating
    futex_key.

  - drivers/hv: util: Fix a bug in version negotiation code
    for util services. (bnc#828714)

  - printk: Add NMI ringbuffer. (bnc#831949)

  - printk: extract ringbuffer handling from vprintk.
    (bnc#831949)

  - printk: NMI safe printk. (bnc#831949)

  - printk: Make NMI ringbuffer size independent on
    log_buf_len. (bnc#831949)

  - printk: Do not call console_unlock from nmi context.
    (bnc#831949)

  - printk: Do not use printk_cpu from finish_printk.
    (bnc#831949)

  - mlx4_en: Adding 40gb speed report for ethtool.
    (bnc#831410)

  - reiserfs: Fixed double unlock in reiserfs_setattr
    failure path.

  - reiserfs: delay reiserfs lock until journal
    initialization. (bnc#815320)

  - reiserfs: do not lock journal_init(). (bnc#815320)

  - reiserfs: locking, handle nested locks properly.
    (bnc#815320)

  - reiserfs: locking, push write lock out of xattr code.
    (bnc#815320)

  - reiserfs: locking, release lock around quota operations.
    (bnc#815320)

  - NFS: support 'nosharetransport' option (bnc#807502,
    bnc#828192, FATE#315593).

  - dm mpath: add retain_attached_hw_handler feature.
    (bnc#760407)

  - scsi_dh: add scsi_dh_attached_handler_name. (bnc#760407)

  - bonding: disallow change of MAC if fail_over_mac
    enabled. (bnc#827376)

  - bonding: propagate unicast lists down to slaves.
    (bnc#773255 / bnc#827372)

  - bonding: emit address change event also in bond_release.
    (bnc#773255 / bnc#827372)

  - bonding: emit event when bonding changes MAC.
    (bnc#773255 / bnc#827372)

  - SUNRPC: Ensure we release the socket write lock if the
    rpc_task exits early. (bnc#830901)

  - ext4: force read-only unless rw=1 module option is used
    (fate#314864).

  - HID: fix unused rsize usage. (bnc#783475)

  - HID: fix data access in implement(). (bnc#783475)

  - xfs: fix deadlock in xfs_rtfree_extent with kernel v3.x.
    (bnc#829622)

  - r8169: allow multicast packets on sub-8168f chipset.
    (bnc#805371)

  - r8169: support new chips of RTL8111F. (bnc#805371)

  - r8169: define the early size for 8111evl. (bnc#805371)

  - r8169: fix the reset setting for 8111evl. (bnc#805371)

  - r8169: add MODULE_FIRMWARE for the firmware of 8111evl.
    (bnc#805371)

  - r8169: fix sticky accepts packet bits in RxConfig.
    (bnc#805371)

  - r8169: adjust the RxConfig settings. (bnc#805371)

  - r8169: support RTL8111E-VL. (bnc#805371)

  - r8169: add ERI functions. (bnc#805371)

  - r8169: modify the flow of the hw reset. (bnc#805371)

  - r8169: adjust some registers. (bnc#805371)

  - r8169: check firmware content sooner. (bnc#805371)

  - r8169: support new firmware format. (bnc#805371)

  - r8169: explicit firmware format check. (bnc#805371)

  - r8169: move the firmware down into the device private
    data. (bnc#805371)

  - mm: link_mem_sections make sure nmi watchdog does not
    trigger while linking memory sections. (bnc#820434)

  - kernel: lost IPIs on CPU hotplug (bnc#825048,
    LTC#94784).

  - iwlwifi: use correct supported firmware for 6035 and
    6000g2. (bnc#825887)

  - watchdog: Update watchdog_thresh atomically.
    (bnc#829357)

  - watchdog: update watchdog_tresh properly. (bnc#829357)

  - watchdog:
    watchdog-make-disable-enable-hotplug-and-preempt-save.pa
    tch. (bnc#829357)

  - include/1/smp.h: define __smp_call_function_single for
    !CONFIG_SMP. (bnc#829357)

  - lpfc: Return correct error code on bsg_timeout.
    (bnc#816043)

  - dm-multipath: Drop table when retrying ioctl.
    (bnc#808940)

  - scsi: Do not retry invalid function error. (bnc#809122)

  - scsi: Always retry internal target error. (bnc#745640,
    bnc#825227)

  - ibmvfc: Driver version 1.0.1. (bnc#825142)

  - ibmvfc: Fix for offlining devices during error recovery.
    (bnc#825142)

  - ibmvfc: Properly set cancel flags when cancelling abort.
    (bnc#825142)

  - ibmvfc: Send cancel when link is down. (bnc#825142)

  - ibmvfc: Support FAST_IO_FAIL in EH handlers.
    (bnc#825142)

  - ibmvfc: Suppress ABTS if target gone. (bnc#825142)

  - fs/dcache.c: add cond_resched() to
    shrink_dcache_parent(). (bnc#829082)

  - kmsg_dump: do not run on non-error paths by default.
    (bnc#820172)

  - mm: honor min_free_kbytes set by user. (bnc#826960)

  - hyperv: Fix a kernel warning from
    netvsc_linkstatus_callback(). (bnc#828574)

  - RT: Fix up hardening patch to not gripe when avg >
    available, which lockless access makes possible and
    happens in -rt kernels running a cpubound ltp realtime
    testcase. Just keep the output sane in that case.

  - md/raid10: Fix two bug affecting RAID10 reshape (-).

  - Allow NFSv4 to run execute-only files. (bnc#765523)

  - fs/ocfs2/namei.c: remove unnecessary ERROR when removing
    non-empty directory. (bnc#819363)

  - block: Reserve only one queue tag for sync IO if only 3
    tags are available. (bnc#806396)

  - drm/i915: Add wait_for in init_ring_common. (bnc#813604)

  - drm/i915: Mark the ringbuffers as being in the GTT
    domain. (bnc#813604)

  - ext4: avoid hang when mounting non-journal filesystems
    with orphan list. (bnc#817377)

  - autofs4 - fix get_next_positive_subdir(). (bnc#819523)

  - ocfs2: Add bits_wanted while calculating credits in
    ocfs2_calc_extend_credits. (bnc#822077)

  - re-enable io tracing. (bnc#785901)

  - SUNRPC: Prevent an rpc_task wakeup race. (bnc#825591)

  - tg3: Prevent system hang during repeated EEH errors.
    (bnc#822066)

  - backends: Check for insane amounts of requests on the
    ring.

  - Update Xen patches to 3.0.82.

  - netiucv: Hold rtnl between name allocation and device
    registration. (bnc#824159)

  - drm/edid: Do not print messages regarding stereo or
    csync by default. (bnc#821235)

  - net/sunrpc: xpt_auth_cache should be ignored when
    expired. (bnc#803320)

  - sunrpc/cache: ensure items removed from cache do not
    have pending upcalls. (bnc#803320)

  - sunrpc/cache: remove races with queuing an upcall.
    (bnc#803320)

  - sunrpc/cache: use cache_fresh_unlocked consistently and
    correctly. (bnc#803320)

  - md/raid10 'enough' fixes. (bnc#773837)

  - Update config files: disable IP_PNP. (bnc#822825)

  - Disable efi pstore by default. (bnc#804482 / bnc#820172)

  - md: Fix problem with GET_BITMAP_FILE returning wrong
    status. (bnc#812974 / bnc#823497)

  - USB: xHCI: override bogus bulk wMaxPacketSize values.
    (bnc#823082)

  - ALSA: hda - Fix system panic when DMA > 40 bits for
    Nvidia audio controllers. (bnc#818465)

  - USB: UHCI: fix for suspend of virtual HP controller.
    (bnc#817035)

  - mm: mmu_notifier: re-fix freed page still mapped in
    secondary MMU. (bnc#821052)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=745640"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=760407"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=765523"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=773006"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=773255"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=773837"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=783475"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=785901"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=789010"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=801427"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=803320"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=804482"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=805371"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=806396"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=806976"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=807471"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=807502"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=808940"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=809122"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=812526"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=812974"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=813604"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=813733"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=814336"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=815320"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=816043"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=817035"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=817377"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=818465"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=819363"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=819523"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=820172"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=820434"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=821052"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=821235"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=822066"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=822077"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=822575"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=822825"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=823082"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=823342"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=823497"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=823517"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=824159"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=824295"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=824915"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=825048"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=825142"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=825227"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=825591"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=825657"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=825887"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=826350"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=826960"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=827372"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=827376"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=827378"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=827749"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=827750"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=828119"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=828192"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=828574"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=828714"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=829082"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=829357"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=829622"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=830901"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=831055"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=831058"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=831410"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=831949"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1059.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1774.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1819.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1929.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2148.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2164.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2232.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2234.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2237.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2851.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4162.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4163.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Apply SAT patch number 8263 / 8265 / 8273 as appropriate."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-man");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-trace");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/08/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/21");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2");


flag = 0;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-base-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-devel-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-extra-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-base-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-devel-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-extra-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-source-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-syms-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-base-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-devel-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-extra-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-base-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-devel-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-extra-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-kmp-default-4.1.5_02_3.0.93_0.5-0.5.39")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-kmp-pae-4.1.5_02_3.0.93_0.5-0.5.39")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-kmp-trace-4.1.5_02_3.0.93_0.5-0.5.39")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-base-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-devel-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-extra-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-source-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-syms-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-base-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-devel-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-extra-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-base-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-devel-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-extra-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-kmp-default-4.1.5_02_3.0.93_0.5-0.5.39")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-kmp-trace-4.1.5_02_3.0.93_0.5-0.5.39")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"kernel-default-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"kernel-default-base-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"kernel-default-devel-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"kernel-source-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"kernel-syms-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"kernel-trace-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"kernel-trace-base-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"kernel-trace-devel-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-ec2-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-ec2-base-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-ec2-devel-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-pae-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-pae-base-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-pae-devel-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-xen-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-xen-base-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-xen-devel-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-kmp-default-4.1.5_02_3.0.93_0.5-0.5.39")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-kmp-pae-4.1.5_02_3.0.93_0.5-0.5.39")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-kmp-trace-4.1.5_02_3.0.93_0.5-0.5.39")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"kernel-default-man-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-base-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-devel-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-base-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-devel-3.0.93-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-kmp-default-4.1.5_02_3.0.93_0.5-0.5.39")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-kmp-trace-4.1.5_02_3.0.93_0.5-0.5.39")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1972-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(70193);
  script_version("1.7");
  script_cvs_date("Date: 2019/09/19 12:54:29");

  script_cve_id("CVE-2013-1819", "CVE-2013-2237", "CVE-2013-4254");
  script_xref(name:"USN", value:"1972-1");

  script_name(english:"Ubuntu 12.10 : linux vulnerabilities (USN-1972-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Vince Weaver discovered a flaw in the perf subsystem of the Linux
kernel on ARM platforms. A local user could exploit this flaw to gain
privileges or cause a denial of service (system crash).
(CVE-2013-4254)

A failure to validate block numbers was discovered in the Linux
kernel's implementation of the XFS filesystem. A local user can cause
a denial of service (system crash) if they can mount, or cause to be
mounted a corrupted or special crafted XFS filesystem. (CVE-2013-1819)

An information leak was discovered in the Linux kernel's IPSec
key_socket when using the notify_policy interface. A local user could
exploit this flaw to examine potentially sensitive information in
kernel memory. (CVE-2013-2237).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1972-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected linux-image-3.5-generic and / or
linux-image-3.5-highbank packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-highbank");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/09/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/28");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(12\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2013-1819", "CVE-2013-2237", "CVE-2013-4254");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1972-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"12.10", pkgname:"linux-image-3.5.0-41-generic", pkgver:"3.5.0-41.64")) flag++;
if (ubuntu_check(osver:"12.10", pkgname:"linux-image-3.5.0-41-highbank", pkgver:"3.5.0-41.64")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.5-generic / linux-image-3.5-highbank");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1968-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(70190);
  script_version("1.9");
  script_cvs_date("Date: 2019/09/19 12:54:29");

  script_cve_id("CVE-2013-1819", "CVE-2013-4254");
  script_xref(name:"USN", value:"1968-1");

  script_name(english:"Ubuntu 12.04 LTS : linux vulnerabilities (USN-1968-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Vince Weaver discovered a flaw in the perf subsystem of the Linux
kernel on ARM platforms. A local user could exploit this flaw to gain
privileges or cause a denial of service (system crash).
(CVE-2013-4254)

A failure to validate block numbers was discovered in the Linux
kernel's implementation of the XFS filesystem. A local user can cause
a denial of service (system crash) if they can mount, or cause to be
mounted a corrupted or special crafted XFS filesystem. (CVE-2013-1819).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1968-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/09/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/28");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2013-1819", "CVE-2013-4254");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1968-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-54-generic", pkgver:"3.2.0-54.82")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-54-generic-pae", pkgver:"3.2.0-54.82")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-54-highbank", pkgver:"3.2.0-54.82")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-54-virtual", pkgver:"3.2.0-54.82")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.2-generic / linux-image-3.2-generic-pae / etc");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2013-1034.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(74878);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2013-0914", "CVE-2013-1059", "CVE-2013-1819", "CVE-2013-1929", "CVE-2013-1979", "CVE-2013-2141", "CVE-2013-2148", "CVE-2013-2164", "CVE-2013-2206", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2237", "CVE-2013-2546", "CVE-2013-2547", "CVE-2013-2548", "CVE-2013-2634", "CVE-2013-2635", "CVE-2013-2851", "CVE-2013-2852", "CVE-2013-3222", "CVE-2013-3223", "CVE-2013-3224", "CVE-2013-3226", "CVE-2013-3227", "CVE-2013-3228", "CVE-2013-3229", "CVE-2013-3230", "CVE-2013-3231", "CVE-2013-3232", "CVE-2013-3233", "CVE-2013-3234", "CVE-2013-3235", "CVE-2013-3301", "CVE-2013-4162");
  script_bugtraq_id(58301, 58382, 58426, 58597, 58908, 59055, 59377, 59380, 59381, 59382, 59383, 59387, 59388, 59389, 59390, 59393, 59394, 59396, 59397, 59538, 60254, 60341, 60375, 60409, 60410, 60715, 60874, 60893, 60922, 60953, 61411);

  script_name(english:"openSUSE Security Update : kernel (openSUSE-SU-2013:1971-1)");
  script_summary(english:"Check for the openSUSE-2013-1034 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The Linux Kernel was updated to fix various security issues and bugs.

  - sctp: Use correct sideffect command in duplicate cookie
    handling (bnc#826102, CVE-2013-2206).

  - Drivers: hv: util: Fix a bug in util version negotiation
    code (bnc#838346).

  - vmxnet3: prevent div-by-zero panic when ring resizing
    uninitialized dev (bnc#833321).

  - md/raid1,5,10: Disable WRITE SAME until a recovery
    strategy is in place (bnc#813889).

  - netback: don't disconnect frontend when seeing oversize
    packet (bnc#823342).

  - netfront: reduce gso_max_size to account for max TCP
    header.

  - netfront: fix kABI after 'reduce gso_max_size to account
    for max TCP header'.

  - backends: Check for insane amounts of requests on the
    ring.

  - Refresh other Xen patches (bnc#804198, bnc#814211,
    bnc#826374).

  - Fix TLB gather virtual address range invalidation corner
    cases (TLB gather memory corruption).

  - mm: fix the TLB range flushed when __tlb_remove_page()
    runs out of slots (TLB gather memory corruption).

  - bnx2x: protect different statistics flows (bnc#814336).

  - Drivers: hv: util: Fix a bug in version negotiation code
    for util services (bnc#828714).

  - kabi/severities: Ignore changes in drivers/hv

  - e1000e: workaround DMA unit hang on I218 (bnc#834647).

  - e1000e: unexpected 'Reset adapter' message when cable
    pulled (bnc#834647).

  - e1000e: 82577: workaround for link drop issue
    (bnc#834647).

  - e1000e: helper functions for accessing EMI registers
    (bnc#834647).

  - atl1c: Fix misuse of netdev_alloc_skb in refilling rx
    ring (bnc#812116).

  - reiserfs: Fixed double unlock in reiserfs_setattr
    failure path.

  - reiserfs: locking, release lock around quota operations
    (bnc#815320).

  - reiserfs: locking, handle nested locks properly
    (bnc#815320).

  - reiserfs: locking, push write lock out of xattr code
    (bnc#815320).

  - af_key: fix info leaks in notify messages (bnc#827749
    CVE-2013-2234).

  - af_key: initialize satype in key_notify_policy_flush()
    (bnc#828119 CVE-2013-2237).

  - kernel/signal.c: stop info leak via the tkill and the
    tgkill syscalls (bnc#823267 CVE-2013-2141).

  - b43: stop format string leaking into error msgs
    (bnc#822579 CVE-2013-2852).

  - net: fix incorrect credentials passing (bnc#816708
    CVE-2013-1979).

  - tipc: fix info leaks via msg_name in
    recv_msg/recv_stream (bnc#816668 CVE-2013-3235).

  - rose: fix info leak via msg_name in rose_recvmsg()
    (bnc#816668 CVE-2013-3234).

  - NFC: llcp: fix info leaks via msg_name in
    llcp_sock_recvmsg() (bnc#816668 CVE-2013-3233).

  - netrom: fix info leak via msg_name in nr_recvmsg()
    (bnc#816668 CVE-2013-3232).

  - llc: Fix missing msg_namelen update in llc_ui_recvmsg()
    (bnc#816668 CVE-2013-3231).

  - l2tp: fix info leak in l2tp_ip6_recvmsg() (bnc#816668
    CVE-2013-3230).

  - iucv: Fix missing msg_namelen update in
    iucv_sock_recvmsg() (bnc#816668 CVE-2013-3229).

  - irda: Fix missing msg_namelen update in
    irda_recvmsg_dgram() (bnc#816668 CVE-2013-3228).

  - caif: Fix missing msg_namelen update in
    caif_seqpkt_recvmsg() (bnc#816668 CVE-2013-3227).

  - Bluetooth: RFCOMM - Fix missing msg_namelen update in
    rfcomm_sock_recvmsg() (bnc#816668 CVE-2013-3226).

  - Bluetooth: fix possible info leak in bt_sock_recvmsg()
    (bnc#816668 CVE-2013-3224).

  - ax25: fix info leak via msg_name in ax25_recvmsg()
    (bnc#816668 CVE-2013-3223).

  - atm: update msg_namelen in vcc_recvmsg() (bnc#816668
    CVE-2013-3222).

  - ipv6: call udp_push_pending_frames when uncorking a
    socket with (bnc#831058, CVE-2013-4162).

  - tracing: Fix possible NULL pointer dereferences
    (bnc#815256 CVE-2013-3301).

  - tg3: fix length overflow in VPD firmware parsing
    (bnc#813733 CVE-2013-1929).

  - dcbnl: fix various netlink info leaks (bnc#810473
    CVE-2013-2634).

  - rtnl: fix info leak on RTM_GETLINK request for VF
    devices (bnc#810473 CVE-2013-2635).

  - crypto: user - fix info leaks in report API (bnc#809906
    CVE-2013-2546 CVE-2013-2547 CVE-2013-2548).

  - kernel/signal.c: use __ARCH_HAS_SA_RESTORER instead of
    SA_RESTORER (bnc#808827 CVE-2013-0914).

  - signal: always clear sa_restorer on execve (bnc#808827
    CVE-2013-0914).

  - signal: Define __ARCH_HAS_SA_RESTORER so we know whether
    to clear sa_restorer (bnc#808827 CVE-2013-0914).

  - ipv6: ip6_sk_dst_check() must not assume ipv6 dst
    (bnc#827750, CVE-2013-2232).

  - xfs: fix _xfs_buf_find oops on blocks beyond the
    filesystem end (CVE-2013-1819 bnc#807471).

  - blk: avoid divide-by-zero with zero discard granularity
    (bnc#832615).

  - dlm: check the write size from user (bnc#831956).

  - drm/i915: Serialize almost all register access
    (bnc#823633).

  - drm/i915: initialize gt_lock early with other spin locks
    (bnc#801341).

  - drm/i915: fix up gt init sequence fallout (bnc#801341).

  - drm/nouveau/hwmon: s/fan0/fan1/.

  - Drivers: hv: balloon: Do not post pressure status if
    interrupted (bnc#829539).

  - drm/i915: Clear FORCEWAKE when taking over from BIOS
    (bnc#801341).

  - drm/i915: Apply alignment restrictions on scanout
    surfaces for VT-d (bnc#818561).

  - fs/notify/inode_mark.c: make
    fsnotify_find_inode_mark_locked() static (bnc#807188).

  - fsnotify: change locking order (bnc#807188).

  - fsnotify: dont put marks on temporary list when clearing
    marks by group (bnc#807188).

  - fsnotify: introduce locked versions of
    fsnotify_add_mark() and fsnotify_remove_mark()
    (bnc#807188).

  - fsnotify: pass group to fsnotify_destroy_mark()
    (bnc#807188).

  - fsnotify: use a mutex instead of a spinlock to protect a
    groups mark list (bnc#807188).

  - fanotify: add an extra flag to mark_remove_from_mask
    that indicates wheather a mark should be destroyed
    (bnc#807188).

  - fsnotify: take groups mark_lock before mark lock
    (bnc#807188).

  - fsnotify: use reference counting for groups
    (bnc#807188).

  - fsnotify: introduce fsnotify_get_group() (bnc#807188).

  - inotify, fanotify: replace fsnotify_put_group() with
    fsnotify_destroy_group() (bnc#807188).

  - drm/i915: fix long-standing SNB regression in power
    consumption after resume v2 (bnc#801341).

  - drm/nouveau: use vmalloc for pgt allocation
    (bnc#802347).

  - USB: xhci: correctly enable interrupts (bnc#828191).

  - drm/i915: Resurrect ring kicking for semaphores,
    selectively (bnc#823633,bnc#799516).

  - ALSA: usb-audio: Fix invalid volume resolution for
    Logitech HD Webcam c310 (bnc#821735).

  - ALSA: usb-audio - Fix invalid volume resolution on
    Logitech HD webcam c270 (bnc#821735).

  - config: sync up config options added with btrfs update

  - xfs: xfs: fallback to vmalloc for large buffers in
    xfs_compat_attrlist_by_handle (bnc#818053 bnc#807153).

  - xfs: fallback to vmalloc for large buffers in
    xfs_attrlist_by_handle (bnc#818053 bnc#807153).

  - btrfs: update to v3.10.

  - block: Add bio_end_sector().

  - block: Use bio_sectors() more consistently.

  - btrfs: handle lookup errors after subvol/snapshot
    creation.

  - btrfs: add new ioctl to determine size of compressed
    file (FATE#306586).

  - btrfs: reduce btrfs_path size (FATE#306586).

  - btrfs: simplify move_pages and copy_pages (FATE#306586).

  - Prefix mount messages with btrfs: for clarity
    (FATE#306586).

  - Btrfs: forced readonly when free_log_tree fails
    (FATE#306586).

  - Btrfs: forced readonly when orphan_del fails
    (FATE#306586).

  - btrfs: abort unlink trans in missed error case.

  - btrfs: access superblock via pagecache in
    scan_one_device.

  - Btrfs: account for orphan inodes properly during
    cleanup.

  - Btrfs: add a comment for fs_info->max_inline.

  - Btrfs: add a incompatible format change for smaller
    metadata extent refs.

  - Btrfs: Add a new ioctl to get the label of a mounted
    file system.

  - Btrfs: add a plugging callback to raid56 writes.

  - Btrfs: add a rb_tree to improve performance of ulist
    search.

  - Btrfs: Add a stripe cache to raid56.

  - Btrfs: Add ACCESS_ONCE() to transaction->abort accesses.

  - Btrfs: add all ioctl checks before user change for quota
    operations.

  - Btrfs: add btrfs_scratch_superblock() function.

  - btrfs: add cancellation points to defrag.

  - Btrfs: add code to scrub to copy read data to another
    disk.

  - btrfs: add debug check for extent_io range alignment.

  - Btrfs: add fiemap's flag check.

  - Btrfs: add ioctl to wait for qgroup rescan completion.

  - btrfs: add missing break in btrfs_print_leaf().

  - Btrfs: add new sources for device replace code.

  - btrfs: add 'no file data' flag to btrfs send ioctl.

  - Btrfs: add orphan before truncating pagecache.

  - Btrfs: add path->really_keep_locks.

  - btrfs: add prefix to sanity tests messages.

  - Btrfs: add rw argument to merge_bio_hook().

  - Btrfs: add some free space cache tests.

  - Btrfs: add some missing iput()'s in
    btrfs_orphan_cleanup.

  - Btrfs: add support for device replace ioctls.

  - Btrfs: add tree block level sanity check.

  - Btrfs: add two more find_device() methods.

  - Btrfs: allocate new chunks if the space is not enough
    for global rsv.

  - Btrfs: allow file data clone within a file.

  - Btrfs: allow for selecting only completely empty chunks.

  - Btrfs: allow omitting stream header and end-cmd for
    btrfs send.

  - Btrfs: allow repair code to include target disk when
    searching mirrors.

  - Btrfs: allow running defrag in parallel to
    administrative tasks.

  - Btrfs: allow superblock mismatch from older mkfs.

  - btrfs: annotate intentional switch case fallthroughs.

  - btrfs: annotate quota tree for lockdep.

  - Btrfs: automatic rescan after 'quota enable' command.

  - Btrfs: avoid deadlock on transaction waiting list.

  - Btrfs: avoid double free of fs_info->qgroup_ulist.

  - Btrfs: avoid risk of a deadlock in btrfs_handle_error.

  - Btrfs: bring back balance pause/resume logic.

  - Btrfs: build up error handling for merge_reloc_roots.

  - Btrfs: change core code of btrfs to support the device
    replace operations.

  - Btrfs: changes to live filesystem are also written to
    replacement disk.

  - Btrfs: Check CAP_DAC_READ_SEARCH for
    BTRFS_IOC_INO_PATHS.

  - Btrfs: check for actual acls rather than just xattrs
    when caching no acl.

  - Btrfs: check for NULL pointer in updating reloc roots.

  - Btrfs: check if leaf's parent exists before pushing
    items around.

  - Btrfs: check if we can nocow if we don't have data
    space.

  - Btrfs: check return value of commit when recovering log.

  - Btrfs: check the return value of
    btrfs_run_ordered_operations().

  - Btrfs: check the return value of
    btrfs_start_delalloc_inodes().

  - btrfs: clean snapshots one by one.

  - btrfs: clean up transaction abort messages.

  - Btrfs: cleanup backref search commit root flag stuff.

  - Btrfs: cleanup, btrfs_read_fs_root_no_name() doesn't
    return NULL.

  - Btrfs: cleanup destroy_marked_extents.

  - Btrfs: cleanup: don't check the same thing twice.

  - Btrfs: cleanup duplicated division functions.

  - Btrfs: cleanup for btrfs_btree_balance_dirty.

  - Btrfs: cleanup for btrfs_wait_order_range.

  - btrfs: cleanup for open-coded alignment.

  - Btrfs: cleanup fs roots if we fail to mount.

  - Btrfs: cleanup of function where btrfs_extend_item() is
    called.

  - Btrfs: cleanup of function where fixup_low_keys() is
    called.

  - Btrfs: cleanup orphan reservation if truncate fails.

  - Btrfs: cleanup orphaned root orphan item.

  - Btrfs: cleanup redundant code in btrfs_submit_direct().

  - Btrfs: cleanup scrub bio and worker wait code.

  - Btrfs: cleanup similar code in delayed inode.

  - btrfs: Cleanup some redundant codes in
    btrfs_log_inode().

  - btrfs: Cleanup some redundant codes in
    btrfs_lookup_csums_range().

  - Btrfs: cleanup the code of copy_nocow_pages_for_inode().

  - Btrfs: cleanup the similar code of the fs root read.

  - Btrfs: cleanup to make the function
    btrfs_delalloc_reserve_metadata more logic.

  - Btrfs: cleanup to remove reduplicate code in
    transaction.c.

  - Btrfs: cleanup unnecessary assignment when cleaning up
    all the residual transaction.

  - Btrfs: cleanup unnecessary clear when freeing a
    transaction or a trans handle.

  - Btrfs: cleanup unused arguments.

  - Btrfs: cleanup unused arguments in send.c.

  - Btrfs: cleanup unused arguments of btrfs_csum_data.

  - Btrfs: cleanup unused function.

  - Btrfs: clear received_uuid field for new writable
    snapshots.

  - Btrfs: Cocci spatch 'memdup.spatch'.

  - Btrfs: Cocci spatch 'ptr_ret.spatch'.

  - Btrfs: compare relevant parts of delayed tree refs.

  - Btrfs: copy everything if we've created an inline
    extent.

  - btrfs: cover more error codes in btrfs_decode_error.

  - Btrfs: creating the subvolume qgroup automatically when
    enabling quota.

  - Btrfs: deal with bad mappings in btrfs_map_block.

  - Btrfs: deal with errors in write_dev_supers.

  - Btrfs: deal with free space cache errors while replaying
    log.

  - btrfs: define BTRFS_MAGIC as a u64 value.

  - Btrfs: delete inline extents when we find them during
    logging.

  - Btrfs: delete unused function.

  - Btrfs: delete unused parameter to
    btrfs_read_root_item().

  - btrfs: deprecate subvolrootid mount option.

  - btrfs: device delete to get errors from the kernel.

  - Btrfs: disable qgroup id 0.

  - Btrfs: disallow mutually exclusive admin operations from
    user mode.

  - Btrfs: disallow some operations on the device replace
    target device.

  - btrfs: do away with non-whole_page extent I/O.

  - Btrfs: do delay iput in sync_fs.

  - Btrfs: do not allow logged extents to be merged or
    removed.

  - Btrfs: do not BUG_ON in prepare_to_reloc.

  - Btrfs: do not BUG_ON on aborted situation.

  - Btrfs: do not call file_update_time in aio_write.

  - Btrfs: do not change inode flags in rename.

  - Btrfs: do not continue if out of memory happens.

  - Btrfs: do not delete a subvolume which is in a R/O
    subvolume.

  - Btrfs: do not log extents when we only log new names.

  - Btrfs: do not mark ems as prealloc if we are writing to
    them.

  - Btrfs: do not merge logged extents if we've removed them
    from the tree.

  - Btrfs: do not overcommit if we don't have enough space
    for global rsv.

  - Btrfs: do not pin while under spin lock.

  - Btrfs: do not warn_on io_ctl->cur in io_ctl_map_page.

  - Btrfs: don't abort the current transaction if there is
    no enough space for inode cache.

  - Btrfs: don't add a NULL extended attribute.

  - Btrfs: don't allow degraded mount if too many devices
    are missing.

  - Btrfs: don't allow device replace on RAID5/RAID6.

  - Btrfs: don't auto defrag a file when doing directIO.

  - Btrfs: don't bother copying if we're only logging the
    inode.

  - Btrfs: don't BUG_ON() in btrfs_num_copies.

  - Btrfs: don't call btrfs_qgroup_free if just
    btrfs_qgroup_reserve fails.

  - Btrfs: don't call readahead hook until we have read the
    entire eb.

  - Btrfs: don't delete fs_roots until after we cleanup the
    transaction.

  - Btrfs: don't drop path when printing out tree errors in
    scrub.

  - Btrfs: don't flush the delalloc inodes in the while loop
    if flushoncommit is set.

  - Btrfs: don't force pages under writeback to finish when
    aborting.

  - Btrfs: don't invoke btrfs_invalidate_inodes() in the
    spin lock context.

  - Btrfs: don't memset new tokens.

  - Btrfs: don't NULL pointer deref on abort.

  - Btrfs: don't panic if we're trying to drop too many
    refs.

  - Btrfs: don't re-enter when allocating a chunk.

  - Btrfs: don't start a new transaction when starting sync.

  - Btrfs: don't steal the reserved space from the global
    reserve if their space type is different.

  - btrfs: don't stop searching after encountering the wrong
    item.

  - Btrfs: don't take inode delalloc mutex if we're a free
    space inode.

  - Btrfs: don't traverse the ordered operation list
    repeatedly.

  - Btrfs: Don't trust the superblock label and simply
    printk('%s') it.

  - Btrfs: don't try and free ebs twice in log replay.

  - btrfs: don't try to notify udev about missing devices.

  - Btrfs: don't use global block reservation for inode
    cache truncation.

  - Btrfs: don't wait for all the writers circularly during
    the transaction commit.

  - Btrfs: don't wait on ordered extents if we have a trans
    open.

  - Btrfs: dont do log_removal in insert_new_root.

  - btrfs: Drop inode if inode root is NULL.

  - Btrfs: eliminate a use-after-free in btrfs_balance().

  - Btrfs: enforce min_bytes parameter during extent
    allocation.

  - Btrfs: enhance btrfs structures for device replace
    support.

  - btrfs: enhance superblock checks.

  - btrfs: ensure we don't overrun devices_info in
    __btrfs_alloc_chunk.

  - Btrfs: exclude logged extents before replying when we
    are mixed.

  - Btrfs: explicitly use global_block_rsv for quota_tree.

  - Btrfs: extend the checksum item as much as possible.

  - btrfs: fall back to global reservation when removing
    subvolumes.

  - Btrfs: fill the global reserve when unpinning space.

  - Btrfs: fix a bug of per-file nocow.

  - Btrfs: fix a bug when llseek for delalloc bytes behind
    prealloc extents.

  - Btrfs: fix a build warning for an unused label.

  - Btrfs: fix a deadlock in aborting transaction due to
    ENOSPC.

  - Btrfs: fix a double free on pending snapshots in error
    handling.

  - Btrfs: fix a mismerge in btrfs_balance().

  - Btrfs: fix a regression in balance usage filter.

  - Btrfs: fix a scrub regression in case of write errors.

  - Btrfs: fix a warning when disabling quota.

  - Btrfs: fix a warning when updating qgroup limit.

  - Btrfs: fix accessing a freed tree root.

  - Btrfs: fix accessing the root pointer in tree mod log
    functions.

  - Btrfs: fix all callers of read_tree_block.

  - Btrfs: fix an while-loop of listxattr.

  - Btrfs: fix autodefrag and umount lockup.

  - Btrfs: fix backref walking race with tree deletions.

  - Btrfs: fix bad extent logging.

  - Btrfs: fix broken nocow after balance.

  - btrfs: fix btrfs_cont_expand() freeing IS_ERR em.

  - btrfs: fix btrfs_extend_item() comment.

  - Btrfs: fix BUG() in scrub when first superblock reading
    gives EIO.

  - Btrfs: fix check on same raid type flag twice.

  - Btrfs: fix chunk allocation error handling.

  - Btrfs: fix cleaner thread not working with inode cache
    option.

  - Btrfs: fix cluster alignment for mount -o ssd.

  - btrfs: fix comment typos.

  - Btrfs: fix confusing edquot happening case.

  - Btrfs: fix crash in log replay with qgroups enabled.

  - Btrfs: fix crash regarding to ulist_add_merge.

  - Btrfs: fix deadlock due to unsubmitted.

  - Btrfs: fix double free in the
    btrfs_qgroup_account_ref().

  - Btrfs: fix double free in the iterate_extent_inodes().

  - Btrfs: fix EDQUOT handling in
    btrfs_delalloc_reserve_metadata.

  - Btrfs: fix EIO from btrfs send in is_extent_unchanged
    for punched holes.

  - Btrfs: fix error handling in btrfs_ioctl_send().

  - Btrfs: fix error handling in make/read block group.

  - Btrfs: fix estale with btrfs send.

  - Btrfs: fix extent logging with O_DIRECT into prealloc.

  - Btrfs: fix freeing delayed ref head while still holding
    its mutex.

  - Btrfs: fix freeze vs auto defrag.

  - Btrfs: fix hash overflow handling.

  - Btrfs: fix how we discard outstanding ordered extents on
    abort.

  - Btrfs: fix infinite loop when we abort on mount.

  - Btrfs: fix joining the same transaction handler more
    than 2 times.

  - Btrfs: fix lockdep warning.

  - Btrfs: fix locking on ROOT_REPLACE operations in tree
    mod log.

  - Btrfs: fix lots of orphan inodes when the space is not
    enough.

  - Btrfs: fix max chunk size on raid5/6.

  - Btrfs: fix memory leak in btrfs_create_tree().

  - Btrfs: fix memory leak in name_cache_insert().

  - Btrfs: fix memory leak of log roots.

  - Btrfs: fix memory leak of pending_snapshot->inherit.

  - Btrfs: fix memory patcher through fs_info->qgroup_ulist.

  - btrfs: fix minor typo in comment.

  - btrfs: fix misleading variable name for flags.

  - Btrfs: fix missed transaction->aborted check.

  - Btrfs: fix missing check about ulist_add() in qgroup.c.

  - Btrfs: fix missing check before creating a qgroup
    relation.

  - Btrfs: fix missing check before disabling quota.

  - Btrfs: fix missing check in the btrfs_qgroup_inherit().

  - Btrfs: fix missing deleted items in
    btrfs_clean_quota_tree.

  - Btrfs: fix missing flush when committing a transaction.

  - Btrfs: fix missing i_size update.

  - Btrfs: fix missing log when BTRFS_INODE_NEEDS_FULL_SYNC
    is set.

  - Btrfs: fix missing qgroup reservation before
    fallocating.

  - Btrfs: fix missing release of qgroup reservation in
    commit_transaction().

  - Btrfs: fix missing release of the space/qgroup
    reservation in start_transaction().

  - Btrfs: fix missing reserved space release in error path
    of delalloc reservation.

  - Btrfs: fix missing write access release in
    btrfs_ioctl_resize().

  - Btrfs: fix 'mutually exclusive op is running' error
    code.

  - Btrfs: fix not being able to find skinny extents during
    relocate.

  - Btrfs: fix NULL pointer after aborting a transaction.

  - Btrfs: fix off-by-one error of the reserved size of
    btrfs_allocate().

  - Btrfs: fix off-by-one error of the same page check in
    btrfs_punch_hole().

  - Btrfs: fix off-by-one in fiemap.

  - Btrfs: fix off-by-one in lseek.

  - Btrfs: fix oops when recovering the file data by scrub
    function.

  - Btrfs: fix panic when recovering tree log.

  - Btrfs: fix permissions of empty files not affected by
    umask.

  - Btrfs: fix permissions of empty files not affected by
    umask.

  - Btrfs: fix possible infinite loop in slow caching.

  - Btrfs: fix possible memory leak in replace_path().

  - Btrfs: fix possible memory leak in the
    find_parent_nodes().

  - Btrfs: fix possible stale data exposure.

  - Btrfs: Fix printk and variable name.

  - Btrfs: fix qgroup rescan resume on mount.

  - Btrfs: fix race between mmap writes and compression.

  - Btrfs: fix race between snapshot deletion and getting
    inode.

  - Btrfs: fix race in check-integrity caused by usage of
    bitfield.

  - Btrfs: fix reada debug code compilation.

  - Btrfs: fix remount vs autodefrag.

  - Btrfs: fix repeated delalloc work allocation.

  - Btrfs: fix resize a readonly device.

  - Btrfs: fix several potential problems in
    copy_nocow_pages_for_inode.

  - Btrfs: fix space accounting for unlink and rename.

  - Btrfs: fix space leak when we fail to reserve metadata
    space.

  - btrfs: fix the code comments for LZO compression
    workspace.

  - Btrfs: fix the comment typo for
    btrfs_attach_transaction_barrier.

  - Btrfs: fix the deadlock between the transaction
    start/attach and commit.

  - Btrfs: fix the page that is beyond EOF.

  - Btrfs: fix the qgroup reserved space is released
    prematurely.

  - Btrfs: fix the race between bio and btrfs_stop_workers.

  - Btrfs: fix transaction throttling for delayed refs.

  - Btrfs: fix tree mod log regression on root split
    operations.

  - Btrfs: fix trivial error in btrfs_ioctl_resize().

  - Btrfs: Fix typo in fs/btrfs.

  - Btrfs: fix unblocked autodefraggers when remount.

  - Btrfs: fix unclosed transaction handler when the async
    transaction commitment fails.

  - Btrfs: fix uncompleted transaction.

  - Btrfs: fix unlock after free on rewinded tree blocks.

  - Btrfs: fix unlock order in btrfs_ioctl_resize.

  - Btrfs: fix unlock order in btrfs_ioctl_rm_dev.

  - Btrfs: fix unnecessary while loop when search the free
    space, cache.

  - Btrfs: fix unprotected defragable inode insertion.

  - Btrfs: fix unprotected extent map operation when logging
    file extents.

  - Btrfs: fix unprotected root node of the subvolume's
    inode rb-tree.

  - Btrfs: fix use-after-free bug during umount.

  - btrfs: fix varargs in __btrfs_std_error.

  - Btrfs: fix warning of free_extent_map.

  - Btrfs: fix warning when creating snapshots.

  - Btrfs: fix wrong comment in can_overcommit().

  - Btrfs: fix wrong file extent length.

  - Btrfs: fix wrong handle at error path of
    create_snapshot() when the commit fails.

  - Btrfs: fix wrong max device number for single profile.

  - Btrfs: fix wrong mirror number tuning.

  - Btrfs: fix wrong outstanding_extents when doing DIO
    write.

  - Btrfs: fix wrong reservation of csums.

  - Btrfs: fix wrong reserved space in qgroup during
    snap/subv creation.

  - Btrfs: fix wrong reserved space when deleting a
    snapshot/subvolume.

  - Btrfs: fix wrong return value of btrfs_lookup_csum().

  - Btrfs: fix wrong return value of btrfs_truncate_page().

  - Btrfs: fix wrong return value of
    btrfs_wait_for_commit().

  - Btrfs: fix wrong sync_writers decrement in
    btrfs_file_aio_write().

  - btrfs: fixup/remove module.h usage as required.

  - Btrfs: flush all dirty inodes if writeback can not
    start.

  - Btrfs: free all recorded tree blocks on error.

  - Btrfs: free csums when we're done scrubbing an extent.

  - Btrfs: get better concurrency for snapshot-aware defrag
    work.

  - Btrfs: get right arguments for btrfs_wait_ordered_range.

  - btrfs: get the device in write mode when deleting it.

  - Btrfs: get write access for qgroup operations.

  - Btrfs: get write access for scrub.

  - Btrfs: get write access when doing resize fs.

  - Btrfs: get write access when removing a device.

  - Btrfs: get write access when setting the default
    subvolume.

  - Btrfs: handle a bogus chunk tree nicely.

  - Btrfs: handle errors from btrfs_map_bio() everywhere.

  - Btrfs: handle errors in compression submission path.

  - btrfs: handle errors returned from get_tree_block_key.

  - btrfs: handle null fs_info in btrfs_panic().

  - Btrfs: handle running extent ops with skinny metadata.

  - Btrfs: hold the ordered operations mutex when waiting on
    ordered extents.

  - Btrfs: hold the tree mod lock in __tree_mod_log_rewind.

  - Btrfs: if we aren't committing just end the transaction
    if we error out.

  - btrfs: ignore device open failures in
    __btrfs_open_devices.

  - Btrfs: ignore orphan qgroup relations.

  - Btrfs: implement unlocked dio write.

  - Btrfs: improve the delayed inode throttling.

  - Btrfs: improve the loop of scrub_stripe.

  - Btrfs: improve the noflush reservation.

  - Btrfs: improve the performance of the csums lookup.

  - Btrfs: in scrub repair code, optimize the reading of
    mirrors.

  - Btrfs: in scrub repair code, simplify alloc error
    handling.

  - Btrfs: Include the device in most error printk()s.

  - Btrfs: increase BTRFS_MAX_MIRRORS by one for dev
    replace.

  - btrfs: Init io_lock after cloning btrfs device struct.

  - Btrfs: init relocate extent_io_tree with a mapping.

  - Btrfs: inline csums if we're fsyncing.

  - Btrfs: introduce a btrfs_dev_replace_item type.

  - Btrfs: introduce a mutex lock for btrfs quota
    operations.

  - Btrfs: introduce GET_READ_MIRRORS functionality for
    btrfs_map_block().

  - Btrfs: introduce grab/put functions for the root of the
    fs/file tree.

  - Btrfs: introduce per-subvolume delalloc inode list.

  - Btrfs: introduce per-subvolume ordered extent list.

  - Btrfs: introduce qgroup_ulist to avoid frequently
    allocating/freeing ulist.

  - Btrfs: just flush the delalloc inodes in the source tree
    before snapshot creation.

  - Btrfs: keep track of the extents original block length.

  - Btrfs: kill replicate code in replay_one_buffer.

  - Btrfs: kill some BUG_ONs() in the find_parent_nodes().

  - Btrfs: kill unnecessary arguments in del_ptr.

  - Btrfs: kill unused argument of
    btrfs_pin_extent_for_log_replay.

  - Btrfs: kill unused argument of update_block_group.

  - Btrfs: kill unused arguments of cache_block_group.

  - Btrfs: let allocation start from the right raid type.

  - btrfs: limit fallocate extent reservation to 256MB.

  - Btrfs: limit the global reserve to 512mb.

  - btrfs: list_entry can't return NULL.

  - Btrfs: log changed inodes based on the extent map tree.

  - Btrfs: log ram bytes properly.

  - Btrfs: make __merge_refs() return type be void.

  - Btrfs: make backref walking code handle skinny metadata.

  - Btrfs: make delalloc inodes be flushed by multi-task.

  - Btrfs: make delayed ref lock logic more readable.

  - Btrfs: make ordered extent be flushed by multi-task.

  - Btrfs: make ordered operations be handled by multi-task.

  - btrfs: make orphan cleanup less verbose.

  - Btrfs: make raid attr array more readable.

  - btrfs: make static code static & remove dead code.

  - btrfs: make subvol creation/deletion killable in the
    early stages.

  - Btrfs: make sure nbytes are right after log replay.

  - Btrfs: make sure NODATACOW also gets NODATASUM set.

  - Btrfs: make sure roots are assigned before freeing their
    nodes.

  - Btrfs: make the chunk allocator completely tree
    lockless.

  - Btrfs: make the cleaner complete early when the fs is
    going to be umounted.

  - Btrfs: make the scrub page array dynamically allocated.

  - Btrfs: make the snap/subv deletion end more early when
    the fs is R/O.

  - Btrfs: make the state of the transaction more readable.

  - Btrfs: merge inode_list in __merge_refs.

  - Btrfs: merge pending IO for tree log write back.

  - btrfs: merge save_error_info helpers into one.

  - Btrfs: MOD_LOG_KEY_REMOVE_WHILE_MOVING never change
    node's nritems.

  - btrfs: more open-coded file_inode().

  - Btrfs: move btrfs_truncate_page to btrfs_cont_expand
    instead of btrfs_truncate.

  - Btrfs: move checks in set_page_dirty under DEBUG.

  - Btrfs: move d_instantiate outside the transaction during
    mksubvol.

  - Btrfs: move fs/btrfs/ioctl.h to
    include/uapi/linux/btrfs.h.

  - btrfs: move ifdef around sanity checks out of
    init_btrfs_fs.

  - btrfs: move leak debug code to functions.

  - Btrfs: move some common code into a subfunction.

  - Btrfs: move the R/O check out of
    btrfs_clean_one_deleted_snapshot().

  - btrfs: Notify udev when removing device.

  - Btrfs: only clear dirty on the buffer if it is marked as
    dirty.

  - Btrfs: only do the tree_mod_log_free_eb if this is our
    last ref.

  - Btrfs: only exclude supers in the range of our block
    group.

  - Btrfs: only log the inode item if we can get away with
    it.

  - Btrfs: only unlock and relock if we have to.

  - Btrfs: optimize leaf_space_used.

  - Btrfs: optimize read_block_for_search.

  - Btrfs: optimize reada_for_balance.

  - Btrfs: optimize the error handle of use_block_rsv().

  - Btrfs: optionally avoid reads from device replace source
    drive.

  - Btrfs: pass fs_info instead of root.

  - Btrfs: pass fs_info to btrfs_map_block() instead of
    mapping_tree.

  - Btrfs: Pass fs_info to btrfs_num_copies() instead of
    mapping_tree.

  - Btrfs: pass NULL instead of 0.

  - Btrfs: pass root object into btrfs_ioctl_(start,
    wait)_sync().

  - Btrfs: pause the space balance when remounting to R/O.

  - Btrfs: place ordered operations on a per transaction
    list.

  - Btrfs: prevent qgroup destroy when there are still
    relations.

  - Btrfs: protect devices list with its mutex.

  - Btrfs: protect fs_info->alloc_start.

  - Btrfs: punch hole past the end of the file.

  - Btrfs: put csums on the right ordered extent.

  - Btrfs: put our inode if orphan cleanup fails.

  - Btrfs: put raid properties into global table.

  - btrfs: put some enospc messages under enospc_debug.

  - Btrfs: RAID5 and RAID6.

  - btrfs/raid56: Add missing #include <linux/vmalloc.h>.

  - btrfs: read entire device info under lock.

  - Btrfs: recheck bio against block device when we map the
    bio.

  - Btrfs: record first logical byte in memory.

  - Btrfs: reduce CPU contention while waiting for delayed
    extent operations.

  - Btrfs: reduce lock contention on extent buffer locks.

  - Btrfs: refactor error handling to drop inode in
    btrfs_create().

  - Btrfs: relax the block group size limit for bitmaps.

  - btrfs: remove a printk from scan_one_device.

  - Btrfs: remove almost all of the BUG()'s from tree-log.c.

  - Btrfs: remove btrfs_sector_sum structure.

  - Btrfs: remove btrfs_try_spin_lock.

  - Btrfs: remove BUG_ON() in btrfs_read_fs_tree_no_radix().

  - btrfs: remove cache only arguments from defrag path.

  - Btrfs: remove conflicting check for minimum number of
    devices in raid56.

  - Btrfs: remove deprecated comments.

  - Btrfs: remove extent mapping if we fail to add chunk.

  - Btrfs: remove reduplicate check about root in the
    function btrfs_clean_quota_tree.

  - Btrfs: remove some BUG_ONs() when walking backref tree.

  - Btrfs: remove some unnecessary spin_lock usages.

  - Btrfs: remove the block device pointer from the scrub
    context struct.

  - Btrfs: remove the code for the impossible case in
    cleanup_transaction().

  - Btrfs: Remove the invalid shrink size check up from
    btrfs_shrink_dev().

  - Btrfs: remove the time check in
    btrfs_commit_transaction().

  - btrfs: remove unnecessary cur_trans set before goto loop
    in join_transaction.

  - btrfs: remove unnecessary DEFINE_WAIT() declarations.

  - Btrfs: remove unnecessary dget_parent/dput when creating
    the pending snapshot.

  - Btrfs: remove unnecessary ->s_umount in
    cleaner_kthread().

  - Btrfs: remove unnecessary varient ->num_joined in
    btrfs_transaction structure.

  - Btrfs: remove unused argument of btrfs_extend_item().

  - Btrfs: remove unused argument of fixup_low_keys().

  - Btrfs: remove unused code in btrfs_del_root.

  - Btrfs: remove unused extent io tree ops V2.

  - btrfs: remove unused fd in btrfs_ioctl_send().

  - btrfs: remove unused fs_info from btrfs_decode_error().

  - btrfs: remove unused gfp mask parameter from
    release_extent_buffer callchain.

  - btrfs: remove unused 'item' in
    btrfs_insert_delayed_item().

  - Btrfs: remove unused variable in
    __process_changed_new_xattr().

  - Btrfs: remove unused variable in the
    iterate_extent_inodes().

  - Btrfs: remove useless copy in quota_ctl.

  - Btrfs: remove warn on in free space cache writeout.

  - Btrfs: rename root_times_lock to root_item_lock.

  - Btrfs: rename the scrub context structure.

  - Btrfs: reorder locks and sanity checks in
    btrfs_ioctl_defrag.

  - Btrfs: reorder tree mod log operations in deleting a
    pointer.

  - Btrfs: rescan for qgroups.

  - Btrfs: reset path lock state to zero.

  - Btrfs: restructure btrfs_run_defrag_inodes().

  - Btrfs: return as soon as possible when edquot happens.

  - Btrfs: return EIO if we have extent tree corruption.

  - Btrfs: return ENOMEM rather than use BUG_ON when
    btrfs_alloc_path fails.

  - Btrfs: return errno if possible when we fail to allocate
    memory.

  - Btrfs: return error code in
    btrfs_check_trunc_cache_free_space().

  - Btrfs: return error when we specify wrong start to
    defrag.

  - Btrfs: return free space in cow error path.

  - Btrfs: rework the overcommit logic to be based on the
    total size.

  - Btrfs: save us a read_lock.

  - Btrfs: select XOR_BLOCKS in Kconfig.

  - Btrfs: separate sequence numbers for delayed ref
    tracking and tree mod log.

  - Btrfs: serialize unlocked dio reads with truncate.

  - Btrfs: set/change the label of a mounted file system.

  - Btrfs: set flushing if we're limited flushing.

  - Btrfs: set hole punching time properly.

  - Btrfs: set UUID in root_item for created trees.

  - Btrfs: share stop worker code.

  - btrfs: show compiled-in config features at module load
    time.

  - Btrfs: simplify unlink reservations.

  - Btrfs: skip adding an acl attribute if we don't have to.

  - Btrfs: snapshot-aware defrag.

  - Btrfs: split btrfs_qgroup_account_ref into four
    functions.

  - Btrfs: steal from global reserve if we are cleaning up
    orphans.

  - Btrfs: stop all workers before cleaning up roots.

  - Btrfs: stop using try_to_writeback_inodes_sb_nr to flush
    delalloc.

  - Btrfs: stop waiting on current trans if we aborted.

  - Btrfs: traverse and flush the delalloc inodes once.

  - btrfs: try harder to allocate raid56 stripe cache.

  - Btrfs: unlock extent range on enospc in compressed
    submit.

  - btrfs: unpin_extent_cache: fix the typo and unnecessary
    arguements.

  - Btrfs: unreserve space if our ordered extent fails to
    work.

  - btrfs: update kconfig title.

  - Btrfs: update the global reserve if it is empty.

  - btrfs: update timestamps on truncate().

  - Btrfs: update to use fs_state bit.

  - Btrfs: use a btrfs bioset instead of abusing bio
    internals.

  - Btrfs: use a lock to protect incompat/compat flag of the
    super block.

  - Btrfs: use a percpu to keep track of possibly pinned
    bytes.

  - Btrfs: use bit operation for ->fs_state.

  - Btrfs: use common work instead of delayed work.

  - Btrfs: use ctl->unit for free space calculation instead
    of block_group->sectorsize.

  - Btrfs: use existing align macros in btrfs_allocate().

  - Btrfs: use helper to cleanup tree roots.

  - btrfs: use only inline_pages from extent buffer.

  - Btrfs: use percpu counter for dirty metadata count.

  - Btrfs: use percpu counter for fs_info->delalloc_bytes.

  - btrfs: use rcu_barrier() to wait for bdev puts at
    unmount.

  - Btrfs: use REQ_META for all metadata IO.

  - Btrfs: use reserved space for creating a snapshot.

  - Btrfs: use right range to find checksum for compressed
    extents.

  - Btrfs: use seqlock to protect fs_info->avail_(data,
    metadata, system)_alloc_bits.

  - Btrfs: use set_nlink if our i_nlink is 0.

  - Btrfs: use slabs for auto defrag allocation.

  - Btrfs: use slabs for delayed reference allocation.

  - Btrfs: use the inode own lock to protect its
    delalloc_bytes.

  - Btrfs: use token to avoid times mapping extent buffer.

  - Btrfs: use tokens where we can in the tree log.

  - Btrfs: use tree_root to avoid edquot when disabling
    quota.

  - btrfs: use unsigned long type for extent state bits.

  - Btrfs: use wrapper page_offset.

  - Btrfs: various abort cleanups.

  - Btrfs: wait on ordered extents at the last possible
    moment.

  - Btrfs: wait ordered range before doing direct io.

  - Btrfs: wake up delayed ref flushing waiters on abort.

  - clear chunk_alloc flag on retryable failure.

  - Correct allowed raid levels on balance.

  - Fix misspellings of 'whether' in comments.

  - fs/btrfs: drop if around WARN_ON.

  - fs/btrfs: remove depends on CONFIG_EXPERIMENTAL.

  - fs/btrfs: use WARN.

  - Minor format cleanup.

  - new helper: file_inode(file).

  - Revert 'Btrfs: fix permissions of empty files not
    affected by umask'.

  - Revert 'Btrfs: MOD_LOG_KEY_REMOVE_WHILE_MOVING never
    change node's nritems'.

  - Revert 'Btrfs: reorder tree mod log operations in
    deleting a pointer'.

  - treewide: Fix typo in printk.

  - writeback: remove nr_pages_dirtied arg from
    balance_dirty_pages_ratelimited_nr().

  - drivers/cdrom/cdrom.c: use kzalloc() for failing
    hardware (bnc#824295, CVE-2013-2164).

  - fanotify: info leak in copy_event_to_user()
    (CVE-2013-2148 bnc#823517).

  - block: do not pass disk names as format strings
    (bnc#822575 CVE-2013-2851).

  - libceph: Fix NULL pointer dereference in auth client
    code. (CVE-2013-1059, bnc#826350)

  - Update
    patches.drivers/media-rtl28xxu-01-add-NOXON-DAB-DAB-USB-
    dongle-rev-2.patch (bnc#811882).

  - Update
    patches.drivers/media-rtl28xxu-02-1b80-d3a8-ASUS-My-Cine
    ma-U3100Mini-Pl.patch (bnc#811882).

  - Update
    patches.drivers/media-rtl28xxu-03-add-Gigabyte-U7300-DVB
    -T-Dongle.patch (bnc#811882).

  - Update
    patches.drivers/media-rtl28xxu-04-correct-some-device-na
    mes.patch (bnc#811882).

  - Update
    patches.drivers/media-rtl28xxu-05-Support-Digivox-Mini-H
    D.patch (bnc#811882).

  - Update
    patches.drivers/media-rtl28xxu-06-Add-USB-IDs-for-Compro
    -VideoMate-U620.patch (bnc#811882).

  - Update
    patches.drivers/media-rtl28xxu-07-Add-USB-ID-for-MaxMedi
    a-HU394-T.patch (bnc#811882). Correct the bnc reference.

  - Update
    patches.fixes/block-discard-granularity-might-not-be-pow
    er-of-2.patch (bnc#823797).

  - block: discard granularity might not be power of 2.

  - USB: reset resume quirk needed by a hub (bnc#810144).

  - NFS: Fix keytabless mounts (bnc#817651).

  - ipv4: fix redirect handling for TCP packets
    (bnc#814510).

  - Always include the git commit in KOTD builds This allows
    us not to set it explicitly in builds submitted to the
    official distribution (bnc#821612, bnc#824171).

  - Btrfs: relocate csums properly with prealloc extents.

  - gcc4: disable __compiletime_object_size for GCC 4.6+
    (bnc#837258).

&#9; - ALSA: hda - Add Toshiba Satellite C870 to MSI blacklist
(bnc#833585)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=799516"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=801341"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=802347"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=804198"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=807153"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=807188"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=807471"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=808827"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=809906"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=810144"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=810473"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=811882"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=812116"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=813733"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=813889"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=814211"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=814336"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=814510"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=815256"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=815320"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=816668"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=816708"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=817651"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=818053"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=818561"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=821612"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=821735"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=822575"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=822579"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=823267"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=823342"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=823517"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=823633"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=823797"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=824171"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=824295"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=826102"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=826350"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=826374"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=827749"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=827750"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=828119"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=828191"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=828714"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=829539"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=831058"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=831956"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=832615"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=833321"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=833585"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=834647"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=837258"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=838346"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/12/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-base-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-base-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-debugsource-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-devel-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-devel-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"kernel-devel-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"kernel-source-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"kernel-source-vanilla-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"kernel-syms-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-base-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-base-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-debugsource-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-devel-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-devel-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-base-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-base-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-debugsource-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-devel-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-devel-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-base-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-base-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-debugsource-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-devel-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-devel-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-base-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-base-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-debugsource-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-devel-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-devel-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-base-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-base-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-debugsource-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-devel-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-devel-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-vanilla-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-vanilla-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-vanilla-debugsource-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-vanilla-devel-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-vanilla-devel-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-base-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-base-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-debugsource-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-devel-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-devel-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-base-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-base-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-debugsource-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-devel-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-devel-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-base-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-base-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-debugsource-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-devel-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-devel-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-base-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-base-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-debugsource-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-devel-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-devel-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-base-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-base-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-debugsource-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-devel-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-devel-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-base-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-base-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-debugsource-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-devel-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-devel-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-vanilla-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-vanilla-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-vanilla-debugsource-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-vanilla-devel-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-vanilla-devel-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-base-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-debugsource-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-devel-3.7.10-1.24.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-devel-debuginfo-3.7.10-1.24.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}