Vulnerabilities > CVE-2013-4483 - Numeric Errors vulnerability in Linux Kernel

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2238-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(74358);
  script_version("1.21");
  script_cvs_date("Date: 2019/09/19 12:54:30");

  script_cve_id("CVE-2013-4483", "CVE-2014-3153");
  script_bugtraq_id(63445);
  script_xref(name:"USN", value:"2238-1");

  script_name(english:"Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2238-1)");
  script_summary(english:"Checks dpkg output for updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Ubuntu host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An
unprivileged local user could exploit this flaw to cause a denial of
service (system crash) or gain administrative privileges.
(CVE-2014-3153)

A flaw was discovered in the Linux kernel's IPC reference counting. An
unprivileged local user could exploit this flaw to cause a denial of
service (OOM system crash). (CVE-2013-4483).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/2238-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected linux-image-3.8-generic package."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Android "Towelroot" Futex Requeue Kernel Exploit');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.8-generic");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2013-4483", "CVE-2014-3153");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2238-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.8.0-42-generic", pkgver:"3.8.0-42.62~precise1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.8-generic");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2014:0285 and 
# CentOS Errata and Security Advisory 2014:0285 respectively.
#

include("compat.inc");

if (description)
{
  script_id(72986);
  script_version("1.9");
  script_cvs_date("Date: 2020/01/06");

  script_cve_id("CVE-2013-2929", "CVE-2013-4483", "CVE-2013-4554", "CVE-2013-6381", "CVE-2013-6383", "CVE-2013-6885", "CVE-2013-7263");
  script_bugtraq_id(63445, 63888, 63890, 63931, 63983, 64111, 64686);
  script_xref(name:"RHSA", value:"2014:0285");

  script_name(english:"CentOS 5 : kernel (CESA-2014:0285)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote CentOS host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated kernel packages that fix multiple security issues, several
bugs, and add one enhancement are now available for Red Hat Enterprise
Linux 5.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A buffer overflow flaw was found in the way the qeth_snmp_command()
function in the Linux kernel's QETH network device driver
implementation handled SNMP IOCTL requests with an out-of-bounds
length. A local, unprivileged user could use this flaw to crash the
system or, potentially, escalate their privileges on the system.
(CVE-2013-6381, Important)

* A flaw was found in the way the ipc_rcu_putref() function in the
Linux kernel's IPC implementation handled reference counter
decrementing. A local, unprivileged user could use this flaw to
trigger an Out of Memory (OOM) condition and, potentially, crash the
system. (CVE-2013-4483, Moderate)

* It was found that the Xen hypervisor implementation did not
correctly check privileges of hypercall attempts made by HVM guests,
allowing hypercalls to be invoked from protection rings 1 and 2 in
addition to ring 0. A local attacker in an HVM guest able to execute
code on privilege levels 1 and 2 could potentially use this flaw to
further escalate their privileges in that guest. Note: Xen HVM guests
running unmodified versions of Red Hat Enterprise Linux and Microsoft
Windows are not affected by this issue because they are known to only
use protection rings 0 (kernel) and 3 (userspace). (CVE-2013-4554,
Moderate)

* A flaw was found in the way the Linux kernel's Adaptec RAID
controller (aacraid) checked permissions of compat IOCTLs. A local
attacker could use this flaw to bypass intended security restrictions.
(CVE-2013-6383, Moderate)

* It was found that, under specific circumstances, a combination of
write operations to write-combined memory and locked CPU instructions
may cause a core hang on certain AMD CPUs (for more information, refer
to AMD CPU erratum 793 linked in the References section). A privileged
user in a guest running under the Xen hypervisor could use this flaw
to cause a denial of service on the host system. This update adds a
workaround to the Xen hypervisor implementation, which mitigates the
AMD CPU issue. Note: this issue only affects AMD Family 16h Models
00h-0Fh Processors. Non-AMD CPUs are not vulnerable. (CVE-2013-6885,
Moderate)

* It was found that certain protocol handlers in the Linux kernel's
networking implementation could set the addr_len value without
initializing the associated data structure. A local, unprivileged user
could use this flaw to leak kernel stack memory to user space using
the recvmsg, recvfrom, and recvmmsg system calls. (CVE-2013-7263, Low)

* A flaw was found in the way the get_dumpable() function return value
was interpreted in the ptrace subsystem of the Linux kernel. When
'fs.suid_dumpable' was set to 2, a local, unprivileged local user
could use this flaw to bypass intended ptrace restrictions and obtain
potentially sensitive information. (CVE-2013-2929, Low)

Red Hat would like to thank Vladimir Davydov of Parallels for
reporting CVE-2013-4483 and the Xen project for reporting
CVE-2013-4554 and CVE-2013-6885. Upstream acknowledges Jan Beulich as
the original reporter of CVE-2013-4554 and CVE-2013-6885.

This update also fixes several bugs and adds one enhancement.
Documentation for these changes will be available shortly from the
Technical Notes document linked to in the References section.

All kernel users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues and add this
enhancement. The system must be rebooted for this update to take
effect."
  );
  # https://lists.centos.org/pipermail/centos-announce/2014-March/020199.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?29e2a6db"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-6381");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-PAE");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-PAE-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/03/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/14");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"CentOS Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver);

if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);


flag = 0;
if (rpm_check(release:"CentOS-5", reference:"kernel-2.6.18-371.6.1.el5")) flag++;
if (rpm_check(release:"CentOS-5", cpu:"i386", reference:"kernel-PAE-2.6.18-371.6.1.el5")) flag++;
if (rpm_check(release:"CentOS-5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-371.6.1.el5")) flag++;
if (rpm_check(release:"CentOS-5", reference:"kernel-debug-2.6.18-371.6.1.el5")) flag++;
if (rpm_check(release:"CentOS-5", reference:"kernel-debug-devel-2.6.18-371.6.1.el5")) flag++;
if (rpm_check(release:"CentOS-5", reference:"kernel-devel-2.6.18-371.6.1.el5")) flag++;
if (rpm_check(release:"CentOS-5", reference:"kernel-doc-2.6.18-371.6.1.el5")) flag++;
if (rpm_check(release:"CentOS-5", reference:"kernel-headers-2.6.18-371.6.1.el5")) flag++;
if (rpm_check(release:"CentOS-5", reference:"kernel-xen-2.6.18-371.6.1.el5")) flag++;
if (rpm_check(release:"CentOS-5", reference:"kernel-xen-devel-2.6.18-371.6.1.el5")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2223-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(74211);
  script_version("1.13");
  script_cvs_date("Date: 2019/09/19 12:54:30");

  script_cve_id("CVE-2013-4483", "CVE-2014-0055", "CVE-2014-0077", "CVE-2014-0101", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-2309", "CVE-2014-2523", "CVE-2014-2672", "CVE-2014-2678", "CVE-2014-2706", "CVE-2014-2851", "CVE-2014-3122");
  script_bugtraq_id(63445, 65943, 66095, 66279, 66441, 66492, 66543, 66591, 66678, 66779, 67162, 67300, 67302);
  script_xref(name:"USN", value:"2223-1");

  script_name(english:"Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-2223-1)");
  script_summary(english:"Checks dpkg output for updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Ubuntu host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Matthew Daley reported an information leak in the floppy disk driver
of the Linux kernel. An unprivileged local user could exploit this
flaw to obtain potentially sensitive information from kernel memory.
(CVE-2014-1738)

Matthew Daley reported a flaw in the handling of ioctl commands by the
floppy disk driver in the Linux kernel. An unprivileged local user
could exploit this flaw to gain administrative privileges if the
floppy disk module is loaded. (CVE-2014-1737)

A flaw was discovered in the Linux kernel's IPC reference counting. An
unprivileged local user could exploit this flaw to cause a denial of
service (OOM system crash). (CVE-2013-4483)

A flaw was discovered in the vhost-net subsystem of the Linux kernel.
Guest OS users could exploit this flaw to cause a denial of service
(host OS crash). (CVE-2014-0055)

A flaw was discovered in the handling of network packets when
mergeable buffers are disabled for virtual machines in the Linux
kernel. Guest OS users may exploit this flaw to cause a denial of
service (host OS crash) or possibly gain privilege on the host OS.
(CVE-2014-0077)

A flaw was discovered in the Linux kernel's handling of the SCTP
handshake. A remote attacker could exploit this flaw to cause a denial
of service (system crash). (CVE-2014-0101)

A flaw was discovered in the handling of routing information in Linux
kernel's IPv6 stack. A remote attacker could exploit this flaw to
cause a denial of service (memory consumption) via a flood of ICMPv6
router advertisement packets. (CVE-2014-2309)

An error was discovered in the Linux kernel's DCCP protocol support. A
remote attacked could exploit this flaw to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2014-2523)

Max Sydorenko discovered a race condition in the Atheros 9k wireless
driver in the Linux kernel. This race could be exploited by remote
attackers to cause a denial of service (system crash). (CVE-2014-2672)

An error was discovered in the Reliable Datagram Sockets (RDS)
protocol stack in the Linux kernel. A local user could exploit this
flaw to cause a denial of service (system crash) or possibly have
unspecified other impact. (CVE-2014-2678)

Yaara Rozenblum discovered a race condition in the Linux kernel's
Generic IEEE 802.11 Networking Stack (mac80211). Remote attackers
could exploit this flaw to cause a denial of service (system crash).
(CVE-2014-2706)

A flaw was discovered in the Linux kernel's ping sockets. An
unprivileged local user could exploit this flaw to cause a denial of
service (system crash) or possibly gain privileges via a crafted
application. (CVE-2014-2851)

Sasha Levin reported a bug in the Linux kernel's virtual memory
management subsystem. An unprivileged local user could exploit this
flaw to cause a denial of service (system crash). (CVE-2014-3122).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/2223-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected linux-image-3.5-generic package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/05/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/28");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2013-4483", "CVE-2014-0055", "CVE-2014-0077", "CVE-2014-0101", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-2309", "CVE-2014-2523", "CVE-2014-2672", "CVE-2014-2678", "CVE-2014-2706", "CVE-2014-2851", "CVE-2014-3122");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2223-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.5.0-51-generic", pkgver:"3.5.0-51.76~precise1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.5-generic");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2014:0189-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(83609);
  script_version("2.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2013-2146", "CVE-2013-2930", "CVE-2013-4345", "CVE-2013-4483", "CVE-2013-4511", "CVE-2013-4514", "CVE-2013-4515", "CVE-2013-4587", "CVE-2013-4592", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6378", "CVE-2013-6380", "CVE-2013-6383", "CVE-2013-6463", "CVE-2013-7027");
  script_bugtraq_id(60324, 62740, 63445, 63509, 63512, 63518, 63790, 63886, 63887, 63888, 64013, 64270, 64291, 64318, 64319, 64328, 64669, 64739, 64741, 64742, 64743, 64744, 64746);

  script_name(english:"SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2014:0189-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to
3.0.101 and also includes various other bug and security fixes.

A new feature was added :

  - supported.conf: marked net/netfilter/xt_set as supported
    (bnc#851066)(fate#313309)

The following security bugs have been fixed :

CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu
function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux
kernel through 3.12.5 allows local users to gain privileges via a
large id value. (bnc#853050)

CVE-2013-4592: Memory leak in the __kvm_set_memory_region
function in virt/kvm/kvm_main.c in the Linux kernel before
3.9 allows local users to cause a denial of service (memory
consumption) by leveraging certain device access to trigger
movement of memory slots. (bnc#851101)

CVE-2013-6367: The apic_get_tmcct function in
arch/x86/kvm/lapic.c in the KVM subsystem in the Linux
kernel through 3.12.5 allows guest OS users to cause a
denial of service (divide-by-zero error and host OS crash)
via crafted modifications of the TMICT value. (bnc#853051)

CVE-2013-6368: The KVM subsystem in the Linux kernel through
3.12.5 allows local users to gain privileges or cause a
denial of service (system crash) via a VAPIC synchronization
operation involving a page-end address. (bnc#853052)

CVE-2013-6376: The recalculate_apic_map function in
arch/x86/kvm/lapic.c in the KVM subsystem in the Linux
kernel through 3.12.5 allows guest OS users to cause a
denial of service (host OS crash) via a crafted ICR write
operation in x2apic mode. (bnc#853053)

CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in
the Linux kernel before 3.10 does not properly manage a
reference count, which allows local users to cause a denial
of service (memory consumption or system crash) via a
crafted application. (bnc#848321)

CVE-2013-4511: Multiple integer overflows in Alchemy LCD
frame-buffer drivers in the Linux kernel before 3.12 allow
local users to create a read-write memory mapping for the
entirety of kernel memory, and consequently gain privileges,
via crafted mmap operations, related to the (1)
au1100fb_fb_mmap function in drivers/video/au1100fb.c and
the (2) au1200fb_fb_mmap function in
drivers/video/au1200fb.c. (bnc#849021)

CVE-2013-4514: Multiple buffer overflows in
drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel
before 3.12 allow local users to cause a denial of service
or possibly have unspecified other impact by leveraging the
CAP_NET_ADMIN capability and providing a long station-name
string, related to the (1) wvlan_uil_put_info and (2)
wvlan_set_station_nickname functions. (bnc#849029)

CVE-2013-4515: The bcm_char_ioctl function in
drivers/staging/bcm/Bcmchar.c in the Linux kernel before
3.12 does not initialize a certain data structure, which
allows local users to obtain sensitive information from
kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl
call. (bnc#849034)

CVE-2013-6378: The lbs_debugfs_write function in
drivers/net/wireless/libertas/debugfs.c in the Linux kernel
through 3.12.1 allows local users to cause a denial of
service (OOPS) by leveraging root privileges for a
zero-length write operation. (bnc#852559)

CVE-2013-6380: The aac_send_raw_srb function in
drivers/scsi/aacraid/commctrl.c in the Linux kernel through
3.12.1 does not properly validate a certain size value,
which allows local users to cause a denial of service
(invalid pointer dereference) or possibly have unspecified
other impact via an FSACTL_SEND_RAW_SRB ioctl call that
triggers a crafted SRB command. (bnc#852373)

CVE-2013-7027: The ieee80211_radiotap_iterator_init function
in net/wireless/radiotap.c in the Linux kernel before 3.11.7
does not check whether a frame contains any data outside of
the header, which might allow attackers to cause a denial of
service (buffer over-read) via a crafted header.
(bnc#854634)

CVE-2013-6463: Linux kernel built with the networking
support(CONFIG_NET) is vulnerable to an information leakage
flaw in the socket layer. It could occur while doing
recvmsg(2), recvfrom(2) socket calls. It occurs due to
improperly initialised msg_name & msg_namelen message header
parameters. (bnc#854722)

CVE-2013-6383: The aac_compat_ioctl function in
drivers/scsi/aacraid/linit.c in the Linux kernel before
3.11.8 does not require the CAP_SYS_RAWIO capability, which
allows local users to bypass intended access restrictions
via a crafted ioctl call. (bnc#852558)

CVE-2013-4345: Off-by-one error in the get_prng_bytes
function in crypto/ansi_cprng.c in the Linux kernel through
3.11.4 makes it easier for context-dependent attackers to
defeat cryptographic protection mechanisms via multiple
requests for small amounts of data, leading to improper
management of the state of the consumed data. (bnc#840226)

CVE-2013-2146: arch/x86/kernel/cpu/perf_event_intel.c in the
Linux kernel before 3.8.9, when the Performance Events
Subsystem is enabled, specifies an incorrect bitmask, which
allows local users to cause a denial of service (general
protection fault and system crash) by attempting to set a
reserved bit. (bnc#825006)

CVE-2013-2930: The perf_trace_event_perm function in
kernel/trace/trace_event_perf.c in the Linux kernel before
3.12.2 does not properly restrict access to the perf
subsystem, which allows local users to enable function
tracing via a crafted application. (bnc#849362)

Also the following non-security bugs have been fixed :

  - kernel: correct tlb flush on page table upgrade
    (bnc#847660, LTC#99268).

  - kernel: fix floating-point-control register save and
    restore (bnc#847660, LTC#99000). kernel: correct
    handling of asce-type exceptions (bnc#851879,
    LTC#100293).

    watchdog: Get rid of MODULE_ALIAS_MISCDEV statements
    (bnc#827767).

  - random: fix accounting race condition with lockless irq
    entropy_count update (bnc#789359).

  - blktrace: Send BLK_TN_PROCESS events to all running
    traces (bnc#838623).

  - printk: forcibly flush nmi ringbuffer if oops is in
    progress (bnc#849675).

  - Introduce KABI exception for cpuidle_state->disable via
    #ifndef __GENKSYMS__

  - Honor state disabling in the cpuidle ladder governor
    (bnc#845378).

  - cpuidle: add a sysfs entry to disable specific C state
    for debug purpose (bnc#845378).

  - net: Do not enable tx-nocache-copy by default
    (bnc#845378).

  - mm: reschedule to avoid RCU stall triggering during boot
    of large machines (bnc#820434,bnc#852153). rtc-cmos: Add
    an alarm disable quirk (bnc#805740).

    tty/hvc_iucv: Disconnect IUCV connection when lowering
    DTR (bnc#839973, LTC#97595).

    tty/hvc_console: Add DTR/RTS callback to handle HUPCL
    control (bnc#839973, LTC#97595).

    sched: Avoid throttle_cfs_rq() racing with period_timer
    stopping (bnc#848336).

  - sched/balancing: Periodically decay max cost of idle
    balance (bnc#849256).

  - sched: Consider max cost of idle balance per sched
    domain (bnc#849256).

  - sched: Reduce overestimating rq->avg_idle (bnc#849256).

  - sched: Fix cfs_bandwidth misuse of
    hrtimer_expires_remaining (bnc#848336).

  - sched: Fix hrtimer_cancel()/rq->lock deadlock
    (bnc#848336).

  - sched: Fix race on toggling cfs_bandwidth_used
    (bnc#848336).

  - sched: Guarantee new group-entities always have weight
    (bnc#848336).

  - sched: Use jump labels to reduce overhead when bandwidth
    control is inactive (bnc#848336). sched: Fix several
    races in CFS_BANDWIDTH (bnc#848336).

    futex: fix handling of read-only-mapped hugepages (VM
    Functionality).

  - futex: move user address verification up to common code
    (bnc#851603).

  - futexes: Clean up various details (bnc#851603).

  - futexes: Increase hash table size for better performance
    (bnc#851603).

  - futexes: Document multiprocessor ordering guarantees
    (bnc#851603).

  - futexes: Avoid taking the hb->lock if there is nothing
    to wake up (bnc#851603).

  - futexes: Fix futex_hashsize initialization (bnc#851603).
    mutex: Make more scalable by doing fewer atomic
    operations (bnc#849256).

    powerpc: Fix memory hotplug with sparse vmemmap
    (bnc#827527).

  - powerpc: Add System RAM to /proc/iomem (bnc#827527).

  - powerpc/mm: Mark Memory Resources as busy (bnc#827527).

  - powerpc: Fix fatal SLB miss when restoring PPR
    (bnc#853465).

  - powerpc: Make function that parses RTAS error logs
    global (bnc#852761).

  - powerpc/pseries: Parse and handle EPOW interrupts
    (bnc#852761).

  - powerpc/rtas_flash: Fix validate_flash buffer overflow
    issue (bnc#847842). powerpc/rtas_flash: Fix bad memory
    access (bnc#847842).

    x86: Update UV3 hub revision ID (bnc#846298
    fate#314987).

  - x86: Remove some noise from boot log when starting cpus
    (bnc#770541).

  - x86/microcode/amd: Tone down printk(), do not treat a
    missing firmware file as an error (bnc#843654).

  - x86/dumpstack: Fix printk_address for direct addresses
    (bnc#845621). x86/PCI: reduce severity of host bridge
    window conflict warnings (bnc#858534).

    ipv6: fix race condition regarding dst->expires and
    dst->from (bnc#843185).

  - netback: bump tx queue length (bnc#849404).

  - xfrm: invalidate dst on policy insertion/deletion
    (bnc#842239). xfrm: prevent ipcomp scratch buffer race
    condition (bnc#842239).

    tcp: bind() fix autoselection to share ports
    (bnc#823618).

  - tcp: bind() use stronger condition for bind_conflict
    (bnc#823618).

  - tcp: ipv6: bind() use stronger condition for
    bind_conflict (bnc#823618). kabi: protect bind_conflict
    callback in struct inet_connection_sock_af_ops
    (bnc#823618).

    macvlan: introduce IFF_MACVLAN flag and helper function
    (bnc#846984).

  - macvlan: introduce macvlan_dev_real_dev() helper
    function (bnc#846984). macvlan: disable LRO on lower
    device instead of macvlan (bnc#846984).

    fs: Avoid softlockup in shrink_dcache_for_umount_subtree
    (bnc#834473).

  - blkdev_max_block: make private to fs/buffer.c
    (bnc#820338). storage: SMI Corporation usb key added to
    READ_CAPACITY_10 quirk (bnc#850324).

    autofs4: autofs4_wait() vs. autofs4_catatonic_mode()
    race (bnc#851314).

  - autofs4: catatonic_mode vs. notify_daemon race
    (bnc#851314).

  - autofs4: close the races around autofs4_notify_daemon()
    (bnc#851314).

  - autofs4: deal with autofs4_write/autofs4_write races
    (bnc#851314).

  - autofs4: dont clear DCACHE_NEED_AUTOMOUNT on rootless
    mount (bnc#851314).

  - autofs4: fix deal with autofs4_write races (bnc#851314).
    autofs4: use simple_empty() for empty directory check
    (bnc#851314).

    dlm: set zero linger time on sctp socket (bnc#787843).

  - SUNRPC: Fix a data corruption issue when retransmitting
    RPC calls (no bugzilla yet - netapp confirms problem and
    fix).

  - nfs: Change NFSv4 to not recover locks after they are
    lost (bnc#828236). nfs: Adapt readdirplus to application
    usage patterns (bnc#834708).

    xfs: Account log unmount transaction correctly
    (bnc#849950).

  - xfs: improve ioend error handling (bnc#846036).

  - xfs: reduce ioend latency (bnc#846036).

  - xfs: use per-filesystem I/O completion workqueues
    (bnc#846036). xfs: Hide additional entries in struct
    xfs_mount (bnc#846036 bnc#848544).

    Btrfs: do not BUG_ON() if we get an error walking
    backrefs (FATE#312888).

    vfs: avoid 'attempt to access beyond end of device'
    warnings (bnc#820338).

  - vfs: fix O_DIRECT read past end of block device
    (bnc#820338).

  - cifs: Improve performance of browsing directories with
    several files (bnc#810323). cifs: Ensure cifs
    directories do not show up as files (bnc#826602).

    dm-multipath: abort all requests when failing a path
    (bnc#798050).

  - scsi: Add 'eh_deadline' to limit SCSI EH runtime
    (bnc#798050).

  - scsi: Allow error handling timeout to be specified
    (bnc#798050).

  - scsi: Fixup compilation warning (bnc#798050).

  - scsi: Retry failfast commands after EH (bnc#798050).

  - scsi: Warn on invalid command completion (bnc#798050).

  - advansys: Remove 'last_reset' references (bnc#798050).

  - cleanup setting task state in scsi_error_handler()
    (bnc#798050).

  - dc395: Move 'last_reset' into internal host structure
    (bnc#798050).

  - dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050).

  - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset
    (bnc#798050).

  - scsi: kABI fixes (bnc#798050).

  - scsi: remove check for 'resetting' (bnc#798050).
    tmscsim: Move 'last_reset' into host structure
    (bnc#798050).

    SCSI & usb-storage: add try_rc_10_first flag
    (bnc#853428).

  - iscsi_target: race condition on shutdown (bnc#850072).

  - libfcoe: Make fcoe_sysfs optional / fix fnic NULL
    exception (bnc#837206).

  - lpfc 8.3.42: Fixed issue of task management commands
    having a fixed timeout (bnc#856481).

  - advansys: Remove 'last_reset' references (bnc#856481).

  - dc395: Move 'last_reset' into internal host structure
    (bnc#856481).

  - Add 'eh_deadline' to limit SCSI EH runtime (bnc#856481).

  - remove check for 'resetting' (bnc#856481). tmscsim: Move
    'last_reset' into host structure (bnc#856481).

    scsi_dh_rdac: Add new IBM 1813 product id to rdac
    devlist (bnc#846654).

    md: Change handling of save_raid_disk and metadata
    update during recovery (bnc#849364).

    dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#856481).

    dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset
    (bnc#856481).

    crypto: unload of aes_s390 module causes kernel panic
    (bnc#847660, LTC#98706).

  - crypto: Fix aes-xts parameter corruption (bnc#854546,
    LTC#100718). crypto: gf128mul - fix call to memset()
    (obvious fix).

    X.509: Fix certificate gathering (bnc#805114).

    pcifront: Deal with toolstack missing
    'XenbusStateClosing' state.

  - xencons: generalize use of add_preferred_console()
    (bnc#733022, bnc#852652).

  - netxen: fix off by one bug in netxen_release_tx_buffer()
    (bnc#845729).

  - xen: xen_spin_kick fixed crash/lock release
    (bnc#807434)(bnc#848652). xen: fixed USB passthrough
    issue (bnc#852624).

    igb: Fix get_fw_version function for all parts
    (bnc#848317).

  - igb: Refactor of init_nvm_params (bnc#848317).

  - r8169: check ALDPS bit and disable it if enabled for the
    8168g (bnc#845352).

  - qeth: request length checking in snmp ioctl (bnc#847660,
    LTC#99511). bnx2x: remove false warning regarding
    interrupt number (bnc#769035).

    usb: Fix xHCI host issues on remote wakeup (bnc#846989).

  - xhci: Limit the spurious wakeup fix only to HP machines
    (bnc#833097).

  - Intel xhci: refactor EHCI/xHCI port switching
    (bnc#840116).

  - xhci-hub.c: preserved kABI (bnc#840116). xhci: Refactor
    port status into a new function (bnc#840116).

    HID: multitouch: Add support for NextWindow 0340
    touchscreen (bnc#849855).

  - HID: multitouch: Add support for Qaunta 3027 touchscreen
    (bnc#854516).

  - HID: multitouch: add support for Atmel 212c touchscreen
    (bnc#793727).

  - HID: multitouch: partial support of win8 devices
    (bnc#854516,bnc#793727,bnc#849855). HID: hid-multitouch:
    add support for the IDEACOM 6650 chip
    (bnc#854516,bnc#793727,bnc#849855).

    ALSA: hda - Fix inconsistent mic-mute LED (bnc#848864).

    ALSA: hda - load EQ params into IDT codec on HP bNB13
    systems (bnc#850493).

    lpfc: correct some issues with txcomplq processing
    (bnc#818064).

    lpfc: correct an issue with rrq processing (bnc#818064).

    block: factor out vector mergeable decision to a helper
    function (bnc#769644).

    block: modify __bio_add_page check to accept pages that
    do not start a new segment (bnc#769644).

    sd: avoid deadlocks when running under multipath
    (bnc#818545).

  - sd: fix crash when UA received on DIF enabled device
    (bnc#841445). sg: fix blk_get_queue usage (bnc#834808).

    lpfc: Do not free original IOCB whenever ABTS fails
    (bnc#806988).

  - lpfc: Fix kernel warning on spinlock usage (bnc#806988).
    lpfc: Fixed system panic due to midlayer abort
    (bnc#806988).

    qla2xxx: Add module parameter to override the default
    request queue size (bnc#826756).

    qla2xxx: Module parameter 'ql2xasynclogin' (bnc#825896).

    Pragmatic workaround for realtime class abuse induced
    latency issues.

    Provide realtime priority kthread and workqueue boot
    options (bnc#836718).

    mlx4: allocate just enough pages instead of always 4
    pages (bnc#835186 bnc#835074).

  - mlx4: allow order-0 memory allocations in RX path
    (bnc#835186 bnc#835074).

  - net/mlx4: use one page fragment per incoming frame
    (bnc#835186 bnc#835074). bna: do not register
    ndo_set_rx_mode callback (bnc#847261).

    PCI: pciehp: Retrieve link speed after link is trained
    (bnc#820102).

  - PCI: Separate pci_bus_read_dev_vendor_id from
    pci_scan_device (bnc#820102).

  - PCI: pciehp: replace unconditional sleep with config
    space access check (bnc#820102).

  - PCI: pciehp: make check_link_active more helpful
    (bnc#820102).

  - PCI: pciehp: Add pcie_wait_link_not_active()
    (bnc#820102).

  - PCI: pciehp: Add Disable/enable link functions
    (bnc#820102).

  - PCI: pciehp: Disable/enable link during slot power
    off/on (bnc#820102). PCI: fix truncation of resource
    size to 32 bits (bnc#843419).

    hv: handle more than just WS2008 in KVP negotiation
    (bnc#850640).

    mei: ME hardware reset needs to be synchronized
    (bnc#821619).

    kabi: Restore struct irq_desc::timer_rand_state.

    fs3270: unloading module does not remove device
    (bnc#851879, LTC#100284).

    cio: add message for timeouts on internal I/O
    (bnc#837739,LTC#97047).

    isci: Fix a race condition in the SSP task management
    path (bnc#826978).

    ptp: dynamic allocation of PHC char devices
    (bnc#851290).

    efifb: prevent null-deref when iterating dmi_list
    (bnc#848055).

    dm-mpath: Fixup race condition in activate_path()
    (bnc#708296).

  - dm-mpath: do not detach stale hardware handler
    (bnc#708296). dm-multipath: Improve logging
    (bnc#708296).

    scsi_dh: invoke callback if ->activate is not present
    (bnc#708296).

  - scsi_dh: return individual errors in scsi_dh_activate()
    (bnc#708296).

  - scsi_dh_alua: Decode EMC Clariion extended inquiry
    (bnc#708296).

  - scsi_dh_alua: Decode HP EVA array identifier
    (bnc#708296).

  - scsi_dh_alua: Evaluate state for all port groups
    (bnc#708296).

  - scsi_dh_alua: Fix missing close brace in
    alua_check_sense (bnc#843642).

  - scsi_dh_alua: Make stpg synchronous (bnc#708296).

  - scsi_dh_alua: Pass buffer as function argument
    (bnc#708296).

  - scsi_dh_alua: Re-evaluate port group states after STPG
    (bnc#708296).

  - scsi_dh_alua: Recheck state on transitioning
    (bnc#708296).

  - scsi_dh_alua: Rework rtpg workqueue (bnc#708296).

  - scsi_dh_alua: Use separate alua_port_group structure
    (bnc#708296).

  - scsi_dh_alua: Allow get_alua_data() to return NULL
    (bnc#839407).

  - scsi_dh_alua: asynchronous RTPG (bnc#708296).

  - scsi_dh_alua: correctly terminate target port strings
    (bnc#708296).

  - scsi_dh_alua: defer I/O while workqueue item is pending
    (bnc#708296).

  - scsi_dh_alua: Do not attach to RAID or enclosure devices
    (bnc#819979).

  - scsi_dh_alua: Do not attach to well-known LUNs
    (bnc#821980).

  - scsi_dh_alua: fine-grained locking in alua_rtpg_work()
    (bnc#708296).

  - scsi_dh_alua: invalid state information for 'optimized'
    paths (bnc#843445).

  - scsi_dh_alua: move RTPG to workqueue (bnc#708296).

  - scsi_dh_alua: move 'expiry' into PG structure
    (bnc#708296).

  - scsi_dh_alua: move some sense code handling into generic
    code (bnc#813245).

  - scsi_dh_alua: multipath failover fails with error 15
    (bnc#825696).

  - scsi_dh_alua: parse target device id (bnc#708296).

  - scsi_dh_alua: protect accesses to struct alua_port_group
    (bnc#708296).

  - scsi_dh_alua: put sense buffer on stack (bnc#708296).

  - scsi_dh_alua: reattaching device handler fails with
    'Error 15' (bnc#843429).

  - scsi_dh_alua: remove locking when checking state
    (bnc#708296).

  - scsi_dh_alua: remove stale variable (bnc#708296).

  - scsi_dh_alua: retry RTPG on UNIT ATTENTION (bnc#708296).

  - scsi_dh_alua: retry command on 'mode parameter changed'
    sense code (bnc#843645).

  - scsi_dh_alua: simplify alua_check_sense() (bnc#843642).

  - scsi_dh_alua: simplify state update (bnc#708296).

  - scsi_dh_alua: use delayed_work (bnc#708296).

  - scsi_dh_alua: use flag for RTPG extended header
    (bnc#708296).

  - scsi_dh_alua: use local buffer for VPD inquiry
    (bnc#708296).

  - scsi_dh_alua: use spin_lock_irqsave for port group
    (bnc#708296).

  - scsi_dh_alua: defer I/O while workqueue item is pending
    (bnc#708296).

  - scsi_dh_alua: Rework rtpg workqueue (bnc#708296).

  - scsi_dh_alua: use delayed_work (bnc#708296).

  - scsi_dh_alua: move 'expiry' into PG structure
    (bnc#708296).

  - scsi_dh: invoke callback if ->activate is not present
    (bnc#708296).

  - scsi_dh_alua: correctly terminate target port strings
    (bnc#708296).

  - scsi_dh_alua: retry RTPG on UNIT ATTENTION (bnc#708296).

  - scsi_dh_alua: protect accesses to struct alua_port_group
    (bnc#708296).

  - scsi_dh_alua: fine-grained locking in alua_rtpg_work()
    (bnc#708296).

  - scsi_dh_alua: use spin_lock_irqsave for port group
    (bnc#708296).

  - scsi_dh_alua: remove locking when checking state
    (bnc#708296).

  - scsi_dh_alua: remove stale variable (bnc#708296).

  - scsi_dh: return individual errors in scsi_dh_activate()
    (bnc#708296). scsi_dh_alua: fixup misplaced brace in
    alua_initialize() (bnc#858831).

    drm/i915: add I915_PARAM_HAS_VEBOX to i915_getparam
    (bnc#831103,FATE#316109).

  - drm/i915: add I915_EXEC_VEBOX to
    i915_gem_do_execbuffer() (bnc#831103,FATE#316109).

  - drm/i915: add VEBOX into debugfs
    (bnc#831103,FATE#316109).

  - drm/i915: Enable vebox interrupts
    (bnc#831103,FATE#316109).

  - drm/i915: vebox interrupt get/put
    (bnc#831103,FATE#316109).

  - drm/i915: consolidate interrupt naming scheme
    (bnc#831103,FATE#316109).

  - drm/i915: Convert irq_refounct to struct
    (bnc#831103,FATE#316109).

  - drm/i915: make PM interrupt writes non-destructive
    (bnc#831103,FATE#316109).

  - drm/i915: Add PM regs to pre/post install
    (bnc#831103,FATE#316109).

  - drm/i915: Create an ivybridge_irq_preinstall
    (bnc#831103,FATE#316109).

  - drm/i915: Create a more generic pm handler for hsw+
    (bnc#831103,FATE#316109).

  - drm/i915: Vebox ringbuffer init
    (bnc#831103,FATE#316109).

  - drm/i915: add HAS_VEBOX (bnc#831103,FATE#316109).

  - drm/i915: Rename ring flush functions
    (bnc#831103,FATE#316109).

  - drm/i915: Add VECS semaphore bits
    (bnc#831103,FATE#316109).

  - drm/i915: Introduce VECS: the 4th ring
    (bnc#831103,FATE#316109).

  - drm/i915: Semaphore MBOX update generalization
    (bnc#831103,FATE#316109).

  - drm/i915: Comments for semaphore clarification
    (bnc#831103,FATE#316109).

  - drm/i915: fix gen4 digital port hotplug definitions
    (bnc#850103).

  - drm/mgag200: Bug fix: Modified pll algorithm for EH
    project (bnc#841654). drm: do not add inferred modes for
    monitors that do not support them (bnc #849809).

    s390/cio: dont abort verification after missing irq
    (bnc#837739,LTC#97047).

  - s390/cio: skip broken paths (bnc#837739,LTC#97047).

  - s390/cio: export vpm via sysfs (bnc#837739,LTC#97047).

  - s390/cio: handle unknown pgroup state
    (bnc#837739,LTC#97047).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # http://download.novell.com/patch/finder/?keywords=155ef3b4e3ba6228ccaef2cbc31bebd9
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?508af80c"
  );
  # http://download.novell.com/patch/finder/?keywords=5bc4480468b77bc708f1a53315eda1a5
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?41c59b1d"
  );
  # http://download.novell.com/patch/finder/?keywords=5bf653f731ed3521053f5341cf36caed
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?81371f29"
  );
  # http://download.novell.com/patch/finder/?keywords=80a0fe93ee599f6907148b6d57bc4386
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?f2c10cd3"
  );
  # http://download.novell.com/patch/finder/?keywords=84ede2844b021edeba8226469dc99257
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?4fd89842"
  );
  # http://download.novell.com/patch/finder/?keywords=8fce986182f7f5e181facfac1db4aae3
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?90e9ccc2"
  );
  # http://download.novell.com/patch/finder/?keywords=a863e6ada238d9cd2f9e9150d31fefff
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?09a3fa7e"
  );
  # http://download.novell.com/patch/finder/?keywords=b711e9a5616f248e3074a4b6c9570dc5
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?4a374681"
  );
  # http://download.novell.com/patch/finder/?keywords=d80e8135e5fe036068f832766fc4cfb9
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?fe789f30"
  );
  # http://download.novell.com/patch/finder/?keywords=ff3893b2e58671834b0dfa8fb9b43401
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?2c79cf66"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2146.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2930.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4345.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4483.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4511.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4514.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4515.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4587.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4592.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6367.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6368.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6376.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6378.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6380.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6383.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6463.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-7027.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/708296"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/733022"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/769035"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/769644"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/770541"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/787843"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/789359"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/793727"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/798050"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/805114"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/805740"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/806988"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/807434"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/810323"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/813245"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/818064"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/818545"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/819979"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/820102"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/820338"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/820434"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/821619"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/821980"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/823618"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/825006"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/825696"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/825896"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/826602"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/826756"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/826978"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/827527"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/827767"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/828236"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/831103"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/833097"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/834473"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/834708"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/834808"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/835074"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/835186"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/836718"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/837206"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/837739"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/838623"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/839407"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/839973"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/840116"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/840226"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/841445"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/841654"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/842239"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/843185"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/843419"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/843429"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/843445"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/843642"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/843645"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/843654"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/845352"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/845378"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/845621"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/845729"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/846036"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/846298"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/846654"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/846984"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/846989"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/847261"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/847660"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/847842"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/848055"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/848317"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/848321"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/848335"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/848336"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/848544"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/848652"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/848864"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/849021"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/849029"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/849034"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/849256"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/849362"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/849364"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/849404"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/849675"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/849809"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/849855"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/849950"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/850072"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/850103"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/850324"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/850493"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/850640"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/851066"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/851101"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/851290"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/851314"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/851603"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/851879"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/852153"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/852373"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/852558"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/852559"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/852624"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/852652"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/852761"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/853050"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/853051"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/853052"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/853053"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/853428"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/853465"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/854516"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/854546"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/854634"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/854722"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/856307"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/856481"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/858534"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/858831"
  );
  # https://www.suse.com/support/update/announcement/2014/suse-su-20140189-1.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?b0cc1610"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 11 SP3 for VMware :

zypper in -t patch slessp3-kernel-8823 slessp3-kernel-8827

SUSE Linux Enterprise Server 11 SP3 :

zypper in -t patch slessp3-kernel-8823 slessp3-kernel-8824
slessp3-kernel-8825 slessp3-kernel-8826 slessp3-kernel-8827

SUSE Linux Enterprise High Availability Extension 11 SP3 :

zypper in -t patch slehasp3-kernel-8823 slehasp3-kernel-8824
slehasp3-kernel-8825 slehasp3-kernel-8826 slehasp3-kernel-8827

SUSE Linux Enterprise Desktop 11 SP3 :

zypper in -t patch sledsp3-kernel-8823 sledsp3-kernel-8827

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-pae");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/02/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = eregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! ereg(pattern:"^(SLED11|SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED11 / SLES11", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES11" && (! ereg(pattern:"^3$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3", os_ver + " SP" + sp);
if (os_ver == "SLED11" && (! ereg(pattern:"^3$", string:sp))) audit(AUDIT_OS_NOT, "SLED11 SP3", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-ec2-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-ec2-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-ec2-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-xen-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-xen-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"xen-kmp-default-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;
if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-pae-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-pae-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-pae-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"xen-kmp-pae-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;
if (rpm_check(release:"SLES11", sp:"3", cpu:"s390x", reference:"kernel-default-man-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-default-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-default-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-default-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-source-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-syms-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-trace-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-trace-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-trace-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-ec2-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-ec2-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-ec2-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-xen-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-xen-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"xen-kmp-default-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;
if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-pae-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-pae-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"xen-kmp-pae-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-default-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-default-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-default-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-default-extra-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-source-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-syms-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-trace-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-xen-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-xen-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-xen-extra-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"xen-kmp-default-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-pae-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-pae-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-pae-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-pae-extra-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"xen-kmp-pae-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-default-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-default-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-default-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-default-extra-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-source-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-syms-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-trace-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-xen-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-xen-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-xen-extra-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"xen-kmp-default-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-pae-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-pae-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-pae-extra-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"xen-kmp-pae-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2014:0439. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(76674);
  script_version("1.13");
  script_cvs_date("Date: 2019/10/24 15:35:38");

  script_cve_id(
    "CVE-2013-4483",
    "CVE-2013-7263",
    "CVE-2013-7265",
    "CVE-2013-7339",
    "CVE-2014-0069",
    "CVE-2014-1438",
    "CVE-2014-1690",
    "CVE-2014-1874",
    "CVE-2014-2309",
    "CVE-2014-2523"
  );
  script_bugtraq_id(
    64677,
    64686,
    64781,
    65180,
    65459,
    65588,
    66095,
    66279
  );
  script_xref(name:"RHSA", value:"2014:0439");

  script_name(english:"RHEL 6 : MRG (RHSA-2014:0439)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"Updated kernel-rt packages that fix multiple security issues, several
bugs, and add various enhancements are now available for Red Hat
Enterprise MRG 2.5.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

  * A denial of service flaw was found in the way the Linux
    kernel's IPv6 implementation processed IPv6 router
    advertisement (RA) packets. An attacker able to send a
    large number of RA packets to a target system could
    potentially use this flaw to crash the target system.
    (CVE-2014-2309, Important)

  * A flaw was found in the way the Linux kernel's netfilter
    connection tracking implementation for Datagram
    Congestion Control Protocol (DCCP) packets used the
    skb_header_pointer() function. A remote attacker could
    use this flaw to send a specially crafted DCCP packet
    to crash the system or, potentially, escalate their
    privileges on the system. (CVE-2014-2523, Important)

  * A flaw was found in the way the Linux kernel's CIFS
    implementation handled uncached write operations with
    specially crafted iovec structures. An unprivileged
    local user with access to a CIFS share could use this
    flaw to crash the system, leak kernel memory, or,
    potentially, escalate their privileges on the system.
    (CVE-2014-0069, Moderate)

  * A flaw was found in the way the Linux kernel handled
    pending Floating Pointer Unit (FPU) exceptions during
    the switching of tasks. A local attacker could use this
    flaw to terminate arbitrary processes on the system,
    causing a denial of service, or, potentially, escalate
    their privileges on the system. Note that this flaw only
    affected systems using AMD CPUs on both 32-bit and
    64-bit architectures. (CVE-2014-1438, Moderate)

  * It was found that certain protocol handlers in the Linux
    kernel's networking implementation could set the
    addr_len value without initializing the associated data
    structure. A local, unprivileged user could use this
    flaw to leak kernel stack memory to user space using the
    recvmsg, recvfrom, and recvmmsg system calls.
    (CVE-2013-7263, CVE-2013-7265, Low)

  * An information leak flaw was found in the Linux kernel's
    netfilter connection tracking IRC NAT helper
    implementation that could allow a remote attacker to
    disclose portions of kernel stack memory during IRC
    DCC (Direct Client-to-Client) communication over NAT.
    (CVE-2014-1690, Low)

  * A denial of service flaw was discovered in the way the
    Linux kernel's SELinux implementation handled files with
    an empty SELinux security context. A local user who has
    the CAP_MAC_ADMIN capability could use this flaw to
    crash the system. (CVE-2014-1874, Low)

This update also fixes several bugs and adds multiple enhancements.
Documentation for these changes will be available shortly from the
Technical Notes document linked to in the References section.

Users are advised to upgrade to these updated packages, which upgrade
the kernel-rt kernel to version kernel-rt-3.10.33-rt32.33, correct
these issues, and fix the bugs and add the enhancements noted in the
Red Hat Enterprise MRG 2 Technical Notes. The system must be rebooted
for this update to take effect.");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-4483.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-7263.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-7265.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-7339.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-0069.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-1438.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-1690.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-1874.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-2309.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-2523.html");
  # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_MRG/2/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ae491241");
  script_set_attribute(attribute:"see_also", value:"http://rhn.redhat.com/errata/RHSA-2014-0439.html");
  # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_MRG/2
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?687515f3");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/04/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! ereg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2014:0439";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;

  if (! (rpm_exists(release:"RHEL6", rpm:"mrg-release"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "MRG");

  if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-3.10.33-rt32.33.el6rt")) flag++;
  if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-debug-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-3.10.33-rt32.33.el6rt")) flag++;
  if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-debug-debuginfo-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-debuginfo-3.10.33-rt32.33.el6rt")) flag++;
  if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-debug-devel-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-devel-3.10.33-rt32.33.el6rt")) flag++;
  if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-debuginfo-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debuginfo-3.10.33-rt32.33.el6rt")) flag++;
  if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-debuginfo-common-x86_64-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debuginfo-common-x86_64-3.10.33-rt32.33.el6rt")) flag++;
  if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-devel-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-devel-3.10.33-rt32.33.el6rt")) flag++;
  if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-doc-3.10.0-") && rpm_check(release:"RHEL6", reference:"kernel-rt-doc-3.10.33-rt32.33.el6rt")) flag++;
  if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-firmware-3.10.0-") && rpm_check(release:"RHEL6", reference:"kernel-rt-firmware-3.10.33-rt32.33.el6rt")) flag++;
  if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-trace-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-3.10.33-rt32.33.el6rt")) flag++;
  if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-trace-debuginfo-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-debuginfo-3.10.33-rt32.33.el6rt")) flag++;
  if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-trace-devel-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-devel-3.10.33-rt32.33.el6rt")) flag++;
  if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-vanilla-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-3.10.33-rt32.33.el6rt")) flag++;
  if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-vanilla-debuginfo-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-debuginfo-3.10.33-rt32.33.el6rt")) flag++;
  if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-vanilla-devel-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-devel-3.10.33-rt32.33.el6rt")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc");
  }
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include("compat.inc");

if (description)
{
  script_id(73012);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_cve_id("CVE-2013-2929", "CVE-2013-4483", "CVE-2013-4554", "CVE-2013-6381", "CVE-2013-6383", "CVE-2013-6885", "CVE-2013-7263", "CVE-2013-7265");

  script_name(english:"Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20140312)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"* A buffer overflow flaw was found in the way the qeth_snmp_command()
function in the Linux kernel's QETH network device driver
implementation handled SNMP IOCTL requests with an out-of-bounds
length. A local, unprivileged user could use this flaw to crash the
system or, potentially, escalate their privileges on the system.
(CVE-2013-6381, Important)

* A flaw was found in the way the ipc_rcu_putref() function in the
Linux kernel's IPC implementation handled reference counter
decrementing. A local, unprivileged user could use this flaw to
trigger an Out of Memory (OOM) condition and, potentially, crash the
system. (CVE-2013-4483, Moderate)

* It was found that the Xen hypervisor implementation did not
correctly check privileges of hypercall attempts made by HVM guests,
allowing hypercalls to be invoked from protection rings 1 and 2 in
addition to ring 0. A local attacker in an HVM guest able to execute
code on privilege levels 1 and 2 could potentially use this flaw to
further escalate their privileges in that guest. Note: Xen HVM guests
running unmodified versions of Scientific Linux and Microsoft Windows
are not affected by this issue because they are known to only use
protection rings 0 (kernel) and 3 (userspace). (CVE-2013-4554,
Moderate)

* A flaw was found in the way the Linux kernel's Adaptec RAID
controller (aacraid) checked permissions of compat IOCTLs. A local
attacker could use this flaw to bypass intended security restrictions.
(CVE-2013-6383, Moderate)

A privileged user in a guest running under the Xen hypervisor could
use this flaw to cause a denial of service on the host system. This
update adds a workaround to the Xen hypervisor implementation, which
mitigates the AMD CPU issue. Note: this issue only affects AMD Family
16h Models 00h-0Fh Processors. Non-AMD CPUs are not vulnerable.
(CVE-2013-6885, Moderate)

* It was found that certain protocol handlers in the Linux kernel's
networking implementation could set the addr_len value without
initializing the associated data structure. A local, unprivileged user
could use this flaw to leak kernel stack memory to user space using
the recvmsg, recvfrom, and recvmmsg system calls. (CVE-2013-7263, Low)

* A flaw was found in the way the get_dumpable() function return value
was interpreted in the ptrace subsystem of the Linux kernel. When
'fs.suid_dumpable' was set to 2, a local, unprivileged local user
could use this flaw to bypass intended ptrace restrictions and obtain
potentially sensitive information. (CVE-2013-2929, Low)

The system must be rebooted for this update to take effect."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1403&L=scientific-linux-errata&T=0&P=822
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?f00d3331"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/03/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/14");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL5", reference:"kernel-2.6.18-371.6.1.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-2.6.18-371.6.1.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-debuginfo-2.6.18-371.6.1.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-371.6.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debug-2.6.18-371.6.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debug-debuginfo-2.6.18-371.6.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debug-devel-2.6.18-371.6.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debuginfo-2.6.18-371.6.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debuginfo-common-2.6.18-371.6.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-devel-2.6.18-371.6.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-doc-2.6.18-371.6.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-headers-2.6.18-371.6.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-2.6.18-371.6.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-debuginfo-2.6.18-371.6.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-devel-2.6.18-371.6.1.el5")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-debuginfo / kernel-PAE-devel / etc");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2014:0285. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(72975);
  script_version("1.12");
  script_cvs_date("Date: 2019/10/24 15:35:38");

  script_cve_id("CVE-2013-2929", "CVE-2013-4483", "CVE-2013-4554", "CVE-2013-6381", "CVE-2013-6383", "CVE-2013-6885", "CVE-2013-7263");
  script_bugtraq_id(63445, 63888, 63890, 63931, 63983, 64111, 64686);
  script_xref(name:"RHSA", value:"2014:0285");

  script_name(english:"RHEL 5 : kernel (RHSA-2014:0285)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated kernel packages that fix multiple security issues, several
bugs, and add one enhancement are now available for Red Hat Enterprise
Linux 5.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A buffer overflow flaw was found in the way the qeth_snmp_command()
function in the Linux kernel's QETH network device driver
implementation handled SNMP IOCTL requests with an out-of-bounds
length. A local, unprivileged user could use this flaw to crash the
system or, potentially, escalate their privileges on the system.
(CVE-2013-6381, Important)

* A flaw was found in the way the ipc_rcu_putref() function in the
Linux kernel's IPC implementation handled reference counter
decrementing. A local, unprivileged user could use this flaw to
trigger an Out of Memory (OOM) condition and, potentially, crash the
system. (CVE-2013-4483, Moderate)

* It was found that the Xen hypervisor implementation did not
correctly check privileges of hypercall attempts made by HVM guests,
allowing hypercalls to be invoked from protection rings 1 and 2 in
addition to ring 0. A local attacker in an HVM guest able to execute
code on privilege levels 1 and 2 could potentially use this flaw to
further escalate their privileges in that guest. Note: Xen HVM guests
running unmodified versions of Red Hat Enterprise Linux and Microsoft
Windows are not affected by this issue because they are known to only
use protection rings 0 (kernel) and 3 (userspace). (CVE-2013-4554,
Moderate)

* A flaw was found in the way the Linux kernel's Adaptec RAID
controller (aacraid) checked permissions of compat IOCTLs. A local
attacker could use this flaw to bypass intended security restrictions.
(CVE-2013-6383, Moderate)

* It was found that, under specific circumstances, a combination of
write operations to write-combined memory and locked CPU instructions
may cause a core hang on certain AMD CPUs (for more information, refer
to AMD CPU erratum 793 linked in the References section). A privileged
user in a guest running under the Xen hypervisor could use this flaw
to cause a denial of service on the host system. This update adds a
workaround to the Xen hypervisor implementation, which mitigates the
AMD CPU issue. Note: this issue only affects AMD Family 16h Models
00h-0Fh Processors. Non-AMD CPUs are not vulnerable. (CVE-2013-6885,
Moderate)

* It was found that certain protocol handlers in the Linux kernel's
networking implementation could set the addr_len value without
initializing the associated data structure. A local, unprivileged user
could use this flaw to leak kernel stack memory to user space using
the recvmsg, recvfrom, and recvmmsg system calls. (CVE-2013-7263, Low)

* A flaw was found in the way the get_dumpable() function return value
was interpreted in the ptrace subsystem of the Linux kernel. When
'fs.suid_dumpable' was set to 2, a local, unprivileged local user
could use this flaw to bypass intended ptrace restrictions and obtain
potentially sensitive information. (CVE-2013-2929, Low)

Red Hat would like to thank Vladimir Davydov of Parallels for
reporting CVE-2013-4483 and the Xen project for reporting
CVE-2013-4554 and CVE-2013-6885. Upstream acknowledges Jan Beulich as
the original reporter of CVE-2013-4554 and CVE-2013-6885.

This update also fixes several bugs and adds one enhancement.
Documentation for these changes will be available shortly from the
Technical Notes document linked to in the References section.

All kernel users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues and add this
enhancement. The system must be rebooted for this update to take
effect."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf"
  );
  # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?c6b506c4"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2014:0285"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-6383"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-2929"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-6381"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-7263"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-4554"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-6885"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-4483"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/03/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2014:0285";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-debuginfo-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-devel-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-debuginfo-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-debuginfo-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-debuginfo-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-devel-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-devel-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-devel-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debuginfo-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debuginfo-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debuginfo-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debuginfo-common-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debuginfo-common-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debuginfo-common-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-devel-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-devel-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-devel-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", reference:"kernel-doc-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"kernel-headers-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-headers-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-headers-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-kdump-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-kdump-debuginfo-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-kdump-devel-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-debuginfo-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-debuginfo-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-devel-2.6.18-371.6.1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-devel-2.6.18-371.6.1.el5")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-debuginfo / kernel-PAE-devel / etc");
  }
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2015:0284. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(81624);
  script_version("1.16");
  script_cvs_date("Date: 2019/10/24 15:35:39");

  script_cve_id("CVE-2013-4483", "CVE-2014-3185", "CVE-2014-3611", "CVE-2014-3645", "CVE-2014-3646", "CVE-2014-7841", "CVE-2014-8160");
  script_xref(name:"RHSA", value:"2015:0284");

  script_name(english:"RHEL 6 : kernel (RHSA-2015:0284)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated kernel packages that fix multiple security issues and several
bugs are now available for Red Hat Enterprise Linux 6.5 Extended
Update Support.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A race condition flaw was found in the way the Linux kernel's KVM
subsystem handled PIT (Programmable Interval Timer) emulation. A guest
user who has access to the PIT I/O ports could use this flaw to crash
the host. (CVE-2014-3611, Important)

* A flaw was found in the way the Linux kernel's SCTP implementation
validated INIT chunks when performing Address Configuration Change
(ASCONF). A remote attacker could use this flaw to crash the system by
sending a specially crafted SCTP packet to trigger a NULL pointer
dereference on the system. (CVE-2014-7841, Important)

* A flaw was found in the way the ipc_rcu_putref() function in the
Linux kernel's IPC implementation handled reference counter
decrementing. A local, unprivileged user could use this flaw to
trigger an Out of Memory (OOM) condition and, potentially, crash the
system. (CVE-2013-4483, Moderate)

* A memory corruption flaw was found in the way the USB ConnectTech
WhiteHEAT serial driver processed completion commands sent via USB
Request Blocks buffers. An attacker with physical access to the system
could use this flaw to crash the system or, potentially, escalate
their privileges on the system. (CVE-2014-3185, Moderate)

* It was found that the Linux kernel's KVM subsystem did not handle
the VM exits gracefully for the invept (Invalidate Translations
Derived from EPT) and invvpid (Invalidate Translations Based on VPID)
instructions. On hosts with an Intel processor and invept/invppid VM
exit support, an unprivileged guest user could use these instructions
to crash the guest. (CVE-2014-3645, CVE-2014-3646, Moderate)

* A flaw was found in the way the Linux kernel's netfilter subsystem
handled generic protocol tracking. As demonstrated in the Stream
Control Transmission Protocol (SCTP) case, a remote attacker could use
this flaw to bypass intended iptables rule restrictions when the
associated connection tracking module was not loaded on the system.
(CVE-2014-8160, Moderate)

Red Hat would like to thank Lars Bull of Google for reporting
CVE-2014-3611, Vladimir Davydov (Parallels) for reporting
CVE-2013-4483, and the Advanced Threat Research team at Intel Security
for reporting CVE-2014-3645 and CVE-2014-3646. The CVE-2014-7841 issue
was discovered by Liu Wei of Red Hat.

Bug fixes :

* When forwarding a packet, the iptables target TCPOPTSTRIP used the
tcp_hdr() function to locate the option space. Consequently,
TCPOPTSTRIP located the incorrect place in the packet, and therefore
did not match options for stripping. TCPOPTSTRIP now uses the TCP
header itself to locate the option space, and the options are now
properly stripped. (BZ#1172026)

* The ipset utility computed incorrect values of timeouts from an old
IP set, and these values were then supplied to a new IP set. A resize
on an IP set with a timeouts option enabled could then supply
corrupted data from an old IP set. This bug has been fixed by properly
reading timeout values from an old set before supplying them to a new
set. (BZ#1172763)

* Incorrect processing of errors from the BCM5719 LAN controller could
result in incoming packets being dropped. Now, received errors are
handled properly, and incoming packets are no longer randomly dropped.
(BZ#1180405)

* When the NVMe driver allocated a name-space queue, it was recognized
as a request-based driver, whereas it was a BIO-based driver. While
trying to access data during the loading of NVMe along with a
request-based DM device, the system could terminate unexpectedly or
become unresponsive. Now, NVMe does not set the QUEUE_FLAG_STACKABLE
flag during the allocation of a name-space queue, and the system no
longer attempts to insert a request into the queue, preventing a
crash. (BZ#1180554)

All kernel users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. The system
must be rebooted for this update to take effect."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2015:0284"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-4483"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2014-3185"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2014-3611"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2014-3646"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2014-3645"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2014-7841"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2014-8160"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-firmware");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.5");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/03/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/05");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
include("ksplice.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^6\.5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.5", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2013-4483", "CVE-2014-3185", "CVE-2014-3611", "CVE-2014-3645", "CVE-2014-3646", "CVE-2014-7841", "CVE-2014-8160");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2015:0284");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2015:0284";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"kernel-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"kernel-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", reference:"kernel-abi-whitelists-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"kernel-debug-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-debug-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"kernel-debug-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"kernel-debug-debuginfo-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-debug-debuginfo-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"kernel-debug-debuginfo-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"kernel-debug-devel-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-debug-devel-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"kernel-debug-devel-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"kernel-debuginfo-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-debuginfo-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"kernel-debuginfo-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"kernel-debuginfo-common-i686-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-debuginfo-common-s390x-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"kernel-devel-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-devel-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"kernel-devel-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", reference:"kernel-doc-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", reference:"kernel-firmware-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"kernel-headers-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-headers-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"kernel-headers-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-kdump-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-kdump-debuginfo-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-kdump-devel-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"perf-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"perf-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"perf-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"perf-debuginfo-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"perf-debuginfo-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"perf-debuginfo-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"python-perf-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"python-perf-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"python-perf-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"python-perf-debuginfo-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"python-perf-debuginfo-2.6.32-431.50.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"python-perf-debuginfo-2.6.32-431.50.1.el6")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
  }
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution K31300371.
#
# The text description of this plugin is (C) F5 Networks.
#

include("compat.inc");

if (description)
{
  script_id(91694);
  script_version("2.5");
  script_cvs_date("Date: 2019/01/04 10:03:40");

  script_cve_id("CVE-2013-4483");
  script_bugtraq_id(63445);

  script_name(english:"F5 Networks BIG-IP : Linux kernel vulnerability (K31300371)");
  script_summary(english:"Checks the BIG-IP version.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote device is missing a vendor-supplied security patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The ipc_rcu_putref function in ipc/util.c in the Linux kernel before
3.10 does not properly manage a reference count, which allows local
users to cause a denial of service (memory consumption or system
crash) via a crafted application. (CVE-2013-4483)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://support.f5.com/csp/article/K31300371"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade to one of the non-vulnerable versions listed in the F5
Solution K31300371."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/06/17");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"F5 Networks Local Security Checks");

  script_dependencies("f5_bigip_detect.nbin");
  script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version");

  exit(0);
}


include("f5_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
version = get_kb_item("Host/BIG-IP/version");
if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");

sol = "K31300371";
vmatrix = make_array();

# AFM
vmatrix["AFM"] = make_array();
vmatrix["AFM"]["affected"  ] = make_list("11.4.0-11.6.0");
vmatrix["AFM"]["unaffected"] = make_list("12.0.0-12.1.0","11.6.1","11.5.4HF2");

# AM
vmatrix["AM"] = make_array();
vmatrix["AM"]["affected"  ] = make_list("11.4.0-11.6.0");
vmatrix["AM"]["unaffected"] = make_list("12.0.0-12.1.0","11.6.1","11.5.4HF2");

# APM
vmatrix["APM"] = make_array();
vmatrix["APM"]["affected"  ] = make_list("11.4.0-11.6.0");
vmatrix["APM"]["unaffected"] = make_list("12.0.0-12.1.0","11.6.1","11.5.4HF2");

# ASM
vmatrix["ASM"] = make_array();
vmatrix["ASM"]["affected"  ] = make_list("11.4.0-11.6.0","11.2.1","10.2.1-10.2.4");
vmatrix["ASM"]["unaffected"] = make_list("12.0.0-12.1.0","11.6.1","11.5.4HF2");

# AVR
vmatrix["AVR"] = make_array();
vmatrix["AVR"]["affected"  ] = make_list("11.4.0-11.6.0");
vmatrix["AVR"]["unaffected"] = make_list("12.0.0-12.1.0","11.6.1","11.5.4HF2");

# GTM
vmatrix["GTM"] = make_array();
vmatrix["GTM"]["affected"  ] = make_list("11.4.0-11.6.0","11.2.1","10.2.1-10.2.4");
vmatrix["GTM"]["unaffected"] = make_list("11.6.1","11.5.4HF2");

# LC
vmatrix["LC"] = make_array();
vmatrix["LC"]["affected"  ] = make_list("11.4.0-11.6.0","11.2.1","10.2.1-10.2.4");
vmatrix["LC"]["unaffected"] = make_list("12.0.0-12.1.0","11.6.1","11.5.4HF2");

# LTM
vmatrix["LTM"] = make_array();
vmatrix["LTM"]["affected"  ] = make_list("11.4.0-11.6.0","11.2.1","10.2.1-10.2.4");
vmatrix["LTM"]["unaffected"] = make_list("12.0.0-12.1.0","11.6.1","11.5.4HF2");

# PEM
vmatrix["PEM"] = make_array();
vmatrix["PEM"]["affected"  ] = make_list("11.4.0-11.6.0");
vmatrix["PEM"]["unaffected"] = make_list("12.0.0-12.1.0","11.6.1","11.5.4HF2");


if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
  if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = bigip_get_tested_modules();
  audit_extra = "For BIG-IP module(s) " + tested + ",";
  if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
  else audit(AUDIT_HOST_NOT, "running any of the affected modules");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(72163);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2013-4345", "CVE-2013-4483", "CVE-2013-4511", "CVE-2013-4514", "CVE-2013-4515", "CVE-2013-4587", "CVE-2013-4592", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6378", "CVE-2013-6380", "CVE-2013-6383", "CVE-2013-7027", "CVE-2013-7266", "CVE-2013-7267", "CVE-2013-7268", "CVE-2013-7269", "CVE-2013-7270", "CVE-2013-7271");

  script_name(english:"SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 8779 / 8791 / 8792)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SUSE Linux Enterprise 11 Service Pack 2 kernel was updated to
3.0.101 and also includes various other bug and security fixes.

A new feature was added :

  - supported.conf: marked net/netfilter/xt_set as supported
    (bnc#851066)(fate#313309) The following security bugs
    have been fixed :

  - Array index error in the kvm_vm_ioctl_create_vcpu
    function in virt/kvm/kvm_main.c in the KVM subsystem in
    the Linux kernel through 3.12.5 allows local users to
    gain privileges via a large id value. (bnc#853050).
    (CVE-2013-4587)

  - The KVM subsystem in the Linux kernel through 3.12.5
    allows local users to gain privileges or cause a denial
    of service (system crash) via a VAPIC synchronization
    operation involving a page-end address. (bnc#853052).
    (CVE-2013-6368)

  - The apic_get_tmcct function in arch/x86/kvm/lapic.c in
    the KVM subsystem in the Linux kernel through 3.12.5
    allows guest OS users to cause a denial of service
    (divide-by-zero error and host OS crash) via crafted
    modifications of the TMICT value. (bnc#853051).
    (CVE-2013-6367)

  - Memory leak in the __kvm_set_memory_region function in
    virt/kvm/kvm_main.c in the Linux kernel before 3.9
    allows local users to cause a denial of service (memory
    consumption) by leveraging certain device access to
    trigger movement of memory slots. (bnc#851101).
    (CVE-2013-4592)

  - The lbs_debugfs_write function in
    drivers/net/wireless/libertas/debugfs.c in the Linux
    kernel through 3.12.1 allows local users to cause a
    denial of service (OOPS) by leveraging root privileges
    for a zero-length write operation. (bnc#852559).
    (CVE-2013-6378)

  - Multiple buffer overflows in
    drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel
    before 3.12 allow local users to cause a denial of
    service or possibly have unspecified other impact by
    leveraging the CAP_NET_ADMIN capability and providing a
    long station-name string, related to the (1)
    wvlan_uil_put_info and (2) wvlan_set_station_nickname
    functions. (bnc#849029). (CVE-2013-4514)

  - The bcm_char_ioctl function in
    drivers/staging/bcm/Bcmchar.c in the Linux kernel before
    3.12 does not initialize a certain data structure, which
    allows local users to obtain sensitive information from
    kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO
    ioctl call. (bnc#849034). (CVE-2013-4515)

  - The ieee80211_radiotap_iterator_init function in
    net/wireless/radiotap.c in the Linux kernel before
    3.11.7 does not check whether a frame contains any data
    outside of the header, which might allow attackers to
    cause a denial of service (buffer over-read) via a
    crafted header. (bnc#854634). (CVE-2013-7027)

  - The ipc_rcu_putref function in ipc/util.c in the Linux
    kernel before 3.10 does not properly manage a reference
    count, which allows local users to cause a denial of
    service (memory consumption or system crash) via a
    crafted application. (bnc#848321). (CVE-2013-4483)

  - Multiple integer overflows in Alchemy LCD frame-buffer
    drivers in the Linux kernel before 3.12 allow local
    users to create a read-write memory mapping for the
    entirety of kernel memory, and consequently gain
    privileges, via crafted mmap operations, related to the
    (1) au1100fb_fb_mmap function in
    drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap
    function in drivers/video/au1200fb.c. (bnc#849021).
    (CVE-2013-4511)

  - The aac_send_raw_srb function in
    drivers/scsi/aacraid/commctrl.c in the Linux kernel
    through 3.12.1 does not properly validate a certain size
    value, which allows local users to cause a denial of
    service (invalid pointer dereference) or possibly have
    unspecified other impact via an FSACTL_SEND_RAW_SRB
    ioctl call that triggers a crafted SRB command.
    (bnc#852373). (CVE-2013-6380)

  - Linux kernel built with the networking
    support(CONFIG_NET) is vulnerable to an information
    leakage flaw in the socket layer. It could occur while
    doing recvmsg(2), recvfrom(2) socket calls. It occurs
    due to improperly initialised msg_name &amp; msg_namelen
    message header parameters. (bnc#854722). (CVE-2013-6463)

  - The aac_compat_ioctl function in
    drivers/scsi/aacraid/linit.c in the Linux kernel before
    3.11.8 does not require the CAP_SYS_RAWIO capability,
    which allows local users to bypass intended access
    restrictions via a crafted ioctl call. (bnc#852558).
    (CVE-2013-6383)

  - Off-by-one error in the get_prng_bytes function in
    crypto/ansi_cprng.c in the Linux kernel through 3.11.4
    makes it easier for context-dependent attackers to
    defeat cryptographic protection mechanisms via multiple
    requests for small amounts of data, leading to improper
    management of the state of the consumed data.
    (bnc#840226). (CVE-2013-4345)

Also the following non-security bugs have been fixed :

  - kabi: protect bind_conflict callback in struct
    inet_connection_sock_af_ops. (bnc#823618)

  - printk: forcibly flush nmi ringbuffer if oops is in
    progress. (bnc#849675)

  - blktrace: Send BLK_TN_PROCESS events to all running
    traces. (bnc#838623)

  - x86/dumpstack: Fix printk_address for direct addresses.
    (bnc#845621)

  - futex: fix handling of read-only-mapped hugepages (VM
    Functionality).

  - random: fix accounting race condition with lockless irq
    entropy_count update. (bnc#789359)

  - Provide realtime priority kthread and workqueue boot
    options. (bnc#836718)

  - sched: Fix several races in CFS_BANDWIDTH. (bnc#848336)

  - sched: Fix cfs_bandwidth misuse of
    hrtimer_expires_remaining. (bnc#848336)

  - sched: Fix hrtimer_cancel()/rq->lock deadlock.
    (bnc#848336)

  - sched: Fix race on toggling cfs_bandwidth_used.
    (bnc#848336)

  - sched: Fix buglet in return_cfs_rq_runtime().

  - sched: Guarantee new group-entities always have weight.
    (bnc#848336)

  - sched: Use jump labels to reduce overhead when bandwidth
    control is inactive. (bnc#848336)

  - watchdog: Get rid of MODULE_ALIAS_MISCDEV statements.
    (bnc#827767)

  - tcp: bind() fix autoselection to share ports.
    (bnc#823618)

  - tcp: bind() use stronger condition for bind_conflict.
    (bnc#823618)

  - tcp: ipv6: bind() use stronger condition for
    bind_conflict. (bnc#823618)

  - macvlan: disable LRO on lower device instead of macvlan.
    (bnc#846984)

  - macvlan: introduce IFF_MACVLAN flag and helper function.
    (bnc#846984)

  - macvlan: introduce macvlan_dev_real_dev() helper
    function. (bnc#846984)

  - xen: netback: bump tx queue length. (bnc#849404)

  - xen: xen_spin_kick fixed crash/lock release
    (bnc#807434)(bnc#848652).

  - xen: fixed USB passthrough issue. (bnc#852624)

  - netxen: fix off by one bug in
    netxen_release_tx_buffer(). (bnc#845729)

  - xfrm: invalidate dst on policy insertion/deletion.
    (bnc#842239)

  - xfrm: prevent ipcomp scratch buffer race condition.
    (bnc#842239)

  - crypto: Fix aes-xts parameter corruption (bnc#854546,
    LTC#100718).

  - crypto: gf128mul - fix call to memset() (obvious fix).

  - autofs4: autofs4_wait() vs. autofs4_catatonic_mode()
    race. (bnc#851314)

  - autofs4: catatonic_mode vs. notify_daemon race.
    (bnc#851314)

  - autofs4: close the races around autofs4_notify_daemon().
    (bnc#851314)

  - autofs4: deal with autofs4_write/autofs4_write races.
    (bnc#851314)

  - autofs4 - dont clear DCACHE_NEED_AUTOMOUNT on rootless
    mount. (bnc#851314)

  - autofs4 - fix deal with autofs4_write races.
    (bnc#851314)

  - autofs4 - use simple_empty() for empty directory check.
    (bnc#851314)

  - blkdev_max_block: make private to fs/buffer.c.
    (bnc#820338)

  - Avoid softlockup in shrink_dcache_for_umount_subtree.
    (bnc#834473)

  - dlm: set zero linger time on sctp socket. (bnc#787843)

  - SUNRPC: Fix a data corruption issue when retransmitting
    RPC calls. (bnc#855037)

  - nfs: Change NFSv4 to not recover locks after they are
    lost. (bnc#828236)

  - nfs: Adapt readdirplus to application usage patterns.
    (bnc#834708)

  - xfs: Account log unmount transaction correctly.
    (bnc#849950)

  - xfs: improve ioend error handling. (bnc#846036)

  - xfs: reduce ioend latency. (bnc#846036)

  - xfs: use per-filesystem I/O completion workqueues.
    (bnc#846036)

  - xfs: Hide additional entries in struct xfs_mount.
    (bnc#846036 / bnc#848544)

  - vfs: avoid 'attempt to access beyond end of device'
    warnings. (bnc#820338)

  - vfs: fix O_DIRECT read past end of block device.
    (bnc#820338)

  - cifs: Improve performance of browsing directories with
    several files. (bnc#810323)

  - cifs: Ensure cifs directories do not show up as files.
    (bnc#826602)

  - sd: avoid deadlocks when running under multipath.
    (bnc#818545)

  - sd: fix crash when UA received on DIF enabled device.
    (bnc#841445)

  - sg: fix blk_get_queue usage. (bnc#834808)

  - block: factor out vector mergeable decision to a helper
    function. (bnc#769644)

  - block: modify __bio_add_page check to accept pages that
    do not start a new segment. (bnc#769644)

  - dm-multipath: abort all requests when failing a path.
    (bnc#798050)

  - scsi: Add 'eh_deadline' to limit SCSI EH runtime.
    (bnc#798050)

  - scsi: Allow error handling timeout to be specified.
    (bnc#798050)

  - scsi: Fixup compilation warning. (bnc#798050)

  - scsi: Retry failfast commands after EH. (bnc#798050)

  - scsi: Warn on invalid command completion. (bnc#798050)

  - scsi: kABI fixes. (bnc#798050)

  - scsi: remove check for 'resetting'. (bnc#798050)

  - advansys: Remove 'last_reset' references. (bnc#798050)

  - cleanup setting task state in scsi_error_handler().
    (bnc#798050)

  - dc395: Move 'last_reset' into internal host structure.
    (bnc#798050)

  - dpt_i2o: Remove DPTI_STATE_IOCTL. (bnc#798050)

  - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset.
    (bnc#798050)

  - tmscsim: Move 'last_reset' into host structure.
    (bnc#798050)

  - scsi_dh: invoke callback if ->activate is not present.
    (bnc#708296)

  - scsi_dh: return individual errors in scsi_dh_activate().
    (bnc#708296)

  - scsi_dh_alua: Decode EMC Clariion extended inquiry.
    (bnc#708296)

  - scsi_dh_alua: Decode HP EVA array identifier.
    (bnc#708296)

  - scsi_dh_alua: Evaluate state for all port groups.
    (bnc#708296)

  - scsi_dh_alua: Fix missing close brace in
    alua_check_sense. (bnc#843642)

  - scsi_dh_alua: Make stpg synchronous. (bnc#708296)

  - scsi_dh_alua: Pass buffer as function argument.
    (bnc#708296)

  - scsi_dh_alua: Re-evaluate port group states after STPG.
    (bnc#708296)

  - scsi_dh_alua: Recheck state on transitioning.
    (bnc#708296)

  - scsi_dh_alua: Rework rtpg workqueue. (bnc#708296)

  - scsi_dh_alua: Use separate alua_port_group structure.
    (bnc#708296)

  - scsi_dh_alua: Allow get_alua_data() to return NULL.
    (bnc#839407)

  - scsi_dh_alua: asynchronous RTPG. (bnc#708296)

  - scsi_dh_alua: correctly terminate target port strings.
    (bnc#708296)

  - scsi_dh_alua: defer I/O while workqueue item is pending.
    (bnc#708296)

  - scsi_dh_alua: Do not attach to RAID or enclosure
    devices. (bnc#819979)

  - scsi_dh_alua: Do not attach to well-known LUNs.
    (bnc#821980)

  - scsi_dh_alua: fine-grained locking in alua_rtpg_work().
    (bnc#708296)

  - scsi_dh_alua: invalid state information for 'optimized'
    paths. (bnc#843445)

  - scsi_dh_alua: move RTPG to workqueue. (bnc#708296)

  - scsi_dh_alua: move 'expiry' into PG structure.
    (bnc#708296)

  - scsi_dh_alua: move some sense code handling into generic
    code. (bnc#813245)

  - scsi_dh_alua: multipath failover fails with error 15.
    (bnc#825696)

  - scsi_dh_alua: parse target device id. (bnc#708296)

  - scsi_dh_alua: protect accesses to struct
    alua_port_group. (bnc#708296)

  - scsi_dh_alua: put sense buffer on stack. (bnc#708296)

  - scsi_dh_alua: reattaching device handler fails with
    'Error 15'. (bnc#843429)

  - scsi_dh_alua: remove locking when checking state.
    (bnc#708296)

  - scsi_dh_alua: remove stale variable. (bnc#708296)

  - scsi_dh_alua: retry RTPG on UNIT ATTENTION. (bnc#708296)

  - scsi_dh_alua: retry command on 'mode parameter changed'
    sense code. (bnc#843645)

  - scsi_dh_alua: simplify alua_check_sense(). (bnc#843642)

  - scsi_dh_alua: simplify state update. (bnc#708296)

  - scsi_dh_alua: use delayed_work. (bnc#708296)

  - scsi_dh_alua: use flag for RTPG extended header.
    (bnc#708296)

  - scsi_dh_alua: use local buffer for VPD inquiry.
    (bnc#708296)

  - scsi_dh_alua: use spin_lock_irqsave for port group.
    (bnc#708296)

  - lpfc: Do not free original IOCB whenever ABTS fails.
    (bnc#806988)

  - lpfc: Fix kernel warning on spinlock usage. (bnc#806988)

  - lpfc: Fixed system panic due to midlayer abort.
    (bnc#806988)

  - qla2xxx: Add module parameter to override the default
    request queue size. (bnc#826756)

  - qla2xxx: Module parameter 'ql2xasynclogin'. (bnc#825896)

  - bna: do not register ndo_set_rx_mode callback.
    (bnc#847261)

  - hv: handle more than just WS2008 in KVP negotiation.
    (bnc#850640)

  - drm: do not add inferred modes for monitors that do not
    support them. (bnc#849809)

  - pci/quirks: Modify reset method for Chelsio T4.
    (bnc#831168)

  - pci: fix truncation of resource size to 32 bits.
    (bnc#843419)

  - pci: pciehp: Retrieve link speed after link is trained.
    (bnc#820102)

  - pci: Separate pci_bus_read_dev_vendor_id from
    pci_scan_device. (bnc#820102)

  - pci: pciehp: replace unconditional sleep with config
    space access check. (bnc#820102)

  - pci: pciehp: make check_link_active more helpful.
    (bnc#820102)

  - pci: pciehp: Add pcie_wait_link_not_active().
    (bnc#820102)

  - pci: pciehp: Add Disable/enable link functions.
    (bnc#820102)

  - pci: pciehp: Disable/enable link during slot power
    off/on. (bnc#820102)

  - mlx4: allocate just enough pages instead of always 4
    pages. (bnc#835186 / bnc#835074)

  - mlx4: allow order-0 memory allocations in RX path.
    (bnc#835186 / bnc#835074)

  - net/mlx4: use one page fragment per incoming frame.
    (bnc#835186 / bnc#835074)

  - qeth: request length checking in snmp ioctl (bnc#849848,
    LTC#99511).

  - cio: add message for timeouts on internal I/O
    (bnc#837739,LTC#97047).

  - s390/cio: dont abort verification after missing irq
    (bnc#837739,LTC#97047).

  - s390/cio: skip broken paths (bnc#837739,LTC#97047).

  - s390/cio: export vpm via sysfs (bnc#837739,LTC#97047).

  - s390/cio: handle unknown pgroup state
    (bnc#837739,LTC#97047)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=708296"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=769644"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=787843"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=789359"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=798050"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=806988"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=807434"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=810323"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=813245"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=818545"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=819979"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=820102"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=820338"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=821980"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=823618"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=825696"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=825896"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=826602"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=826756"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=827767"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=828236"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=831168"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=834473"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=834708"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=834808"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=835074"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=835186"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=836718"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=837739"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=838623"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=839407"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=840226"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=841445"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=842239"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=843419"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=843429"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=843445"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=843642"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=843645"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=845621"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=845729"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=846036"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=846984"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=847261"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=848321"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=848336"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=848544"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=848652"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849021"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849029"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849034"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849404"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849675"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849809"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849848"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849950"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=850640"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=851066"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=851101"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=851314"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=852373"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=852558"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=852559"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=852624"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=853050"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=853051"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=853052"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=854546"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=854634"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=854722"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=855037"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4345.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4483.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4511.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4514.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4515.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4587.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4592.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6367.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6368.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6378.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6380.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6383.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6463.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-7027.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Apply SAT patch number 8779 / 8791 / 8792 as appropriate."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-man");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-trace");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/01/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/28");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2");


flag = 0;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-extra-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-extra-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-source-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-syms-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-extra-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-extra-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-kmp-default-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-kmp-pae-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-kmp-trace-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-extra-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-source-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-syms-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-extra-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-extra-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-kmp-default-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-kmp-trace-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"kernel-default-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"kernel-default-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"kernel-default-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"kernel-source-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"kernel-syms-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"kernel-trace-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"kernel-trace-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"kernel-trace-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-ec2-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-ec2-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-ec2-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-pae-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-pae-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-xen-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-xen-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-kmp-default-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-kmp-pae-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-kmp-trace-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"kernel-default-man-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-kmp-default-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-kmp-trace-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(72324);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2013-2146", "CVE-2013-2930", "CVE-2013-4345", "CVE-2013-4483", "CVE-2013-4511", "CVE-2013-4514", "CVE-2013-4515", "CVE-2013-4587", "CVE-2013-4592", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6378", "CVE-2013-6380", "CVE-2013-6383", "CVE-2013-7027", "CVE-2013-7266", "CVE-2013-7267", "CVE-2013-7268", "CVE-2013-7269", "CVE-2013-7270", "CVE-2013-7271");

  script_name(english:"SuSE 11.3 Security Update : Linux kernel (SAT Patch Number 8826)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to
3.0.101 and also includes various other bug and security fixes.

A new feature was added :

  - supported.conf: marked net/netfilter/xt_set as supported
    (bnc#851066)(fate#313309) The following security bugs
    have been fixed :

  - Array index error in the kvm_vm_ioctl_create_vcpu
    function in virt/kvm/kvm_main.c in the KVM subsystem in
    the Linux kernel through 3.12.5 allows local users to
    gain privileges via a large id value. (bnc#853050).
    (CVE-2013-4587)

  - Memory leak in the __kvm_set_memory_region function in
    virt/kvm/kvm_main.c in the Linux kernel before 3.9
    allows local users to cause a denial of service (memory
    consumption) by leveraging certain device access to
    trigger movement of memory slots. (bnc#851101).
    (CVE-2013-4592)

  - The apic_get_tmcct function in arch/x86/kvm/lapic.c in
    the KVM subsystem in the Linux kernel through 3.12.5
    allows guest OS users to cause a denial of service
    (divide-by-zero error and host OS crash) via crafted
    modifications of the TMICT value. (bnc#853051).
    (CVE-2013-6367)

  - The KVM subsystem in the Linux kernel through 3.12.5
    allows local users to gain privileges or cause a denial
    of service (system crash) via a VAPIC synchronization
    operation involving a page-end address. (bnc#853052).
    (CVE-2013-6368)

  - The recalculate_apic_map function in
    arch/x86/kvm/lapic.c in the KVM subsystem in the Linux
    kernel through 3.12.5 allows guest OS users to cause a
    denial of service (host OS crash) via a crafted ICR
    write operation in x2apic mode. (bnc#853053).
    (CVE-2013-6376)

  - The ipc_rcu_putref function in ipc/util.c in the Linux
    kernel before 3.10 does not properly manage a reference
    count, which allows local users to cause a denial of
    service (memory consumption or system crash) via a
    crafted application. (bnc#848321). (CVE-2013-4483)

  - Multiple integer overflows in Alchemy LCD frame-buffer
    drivers in the Linux kernel before 3.12 allow local
    users to create a read-write memory mapping for the
    entirety of kernel memory, and consequently gain
    privileges, via crafted mmap operations, related to the
    (1) au1100fb_fb_mmap function in
    drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap
    function in drivers/video/au1200fb.c. (bnc#849021).
    (CVE-2013-4511)

  - Multiple buffer overflows in
    drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel
    before 3.12 allow local users to cause a denial of
    service or possibly have unspecified other impact by
    leveraging the CAP_NET_ADMIN capability and providing a
    long station-name string, related to the (1)
    wvlan_uil_put_info and (2) wvlan_set_station_nickname
    functions. (bnc#849029). (CVE-2013-4514)

  - The bcm_char_ioctl function in
    drivers/staging/bcm/Bcmchar.c in the Linux kernel before
    3.12 does not initialize a certain data structure, which
    allows local users to obtain sensitive information from
    kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO
    ioctl call. (bnc#849034). (CVE-2013-4515)

  - The lbs_debugfs_write function in
    drivers/net/wireless/libertas/debugfs.c in the Linux
    kernel through 3.12.1 allows local users to cause a
    denial of service (OOPS) by leveraging root privileges
    for a zero-length write operation. (bnc#852559).
    (CVE-2013-6378)

  - The aac_send_raw_srb function in
    drivers/scsi/aacraid/commctrl.c in the Linux kernel
    through 3.12.1 does not properly validate a certain size
    value, which allows local users to cause a denial of
    service (invalid pointer dereference) or possibly have
    unspecified other impact via an FSACTL_SEND_RAW_SRB
    ioctl call that triggers a crafted SRB command.
    (bnc#852373). (CVE-2013-6380)

  - The ieee80211_radiotap_iterator_init function in
    net/wireless/radiotap.c in the Linux kernel before
    3.11.7 does not check whether a frame contains any data
    outside of the header, which might allow attackers to
    cause a denial of service (buffer over-read) via a
    crafted header. (bnc#854634). (CVE-2013-7027)

  - Linux kernel built with the networking
    support(CONFIG_NET) is vulnerable to an information
    leakage flaw in the socket layer. It could occur while
    doing recvmsg(2), recvfrom(2) socket calls. It occurs
    due to improperly initialised msg_name &amp; msg_namelen
    message header parameters. (bnc#854722). (CVE-2013-6463)

  - The aac_compat_ioctl function in
    drivers/scsi/aacraid/linit.c in the Linux kernel before
    3.11.8 does not require the CAP_SYS_RAWIO capability,
    which allows local users to bypass intended access
    restrictions via a crafted ioctl call. (bnc#852558).
    (CVE-2013-6383)

  - Off-by-one error in the get_prng_bytes function in
    crypto/ansi_cprng.c in the Linux kernel through 3.11.4
    makes it easier for context-dependent attackers to
    defeat cryptographic protection mechanisms via multiple
    requests for small amounts of data, leading to improper
    management of the state of the consumed data.
    (bnc#840226). (CVE-2013-4345)

  - arch/x86/kernel/cpu/perf_event_intel.c in the Linux
    kernel before 3.8.9, when the Performance Events
    Subsystem is enabled, specifies an incorrect bitmask,
    which allows local users to cause a denial of service
    (general protection fault and system crash) by
    attempting to set a reserved bit. (bnc#825006).
    (CVE-2013-2146)

  - The perf_trace_event_perm function in
    kernel/trace/trace_event_perf.c in the Linux kernel
    before 3.12.2 does not properly restrict access to the
    perf subsystem, which allows local users to enable
    function tracing via a crafted application.
    (bnc#849362). (CVE-2013-2930)

Also the following non-security bugs have been fixed :

  - kernel: correct tlb flush on page table upgrade
    (bnc#847660, LTC#99268).

  - kernel: fix floating-point-control register save and
    restore (bnc#847660, LTC#99000).

  - kernel: correct handling of asce-type exceptions
    (bnc#851879, LTC#100293).

  - watchdog: Get rid of MODULE_ALIAS_MISCDEV statements.
    (bnc#827767)

  - random: fix accounting race condition with lockless irq
    entropy_count update. (bnc#789359)

  - blktrace: Send BLK_TN_PROCESS events to all running
    traces. (bnc#838623)

  - printk: forcibly flush nmi ringbuffer if oops is in
    progress. (bnc#849675)

  - Introduce KABI exception for cpuidle_state->disable via
    #ifndef __GENKSYMS__

  - Honor state disabling in the cpuidle ladder governor.
    (bnc#845378)

  - cpuidle: add a sysfs entry to disable specific C state
    for debug purpose. (bnc#845378)

  - net: Do not enable tx-nocache-copy by default.
    (bnc#845378)

  - mm: reschedule to avoid RCU stall triggering during boot
    of large machines. (bnc#820434,bnc#852153)

  - rtc-cmos: Add an alarm disable quirk. (bnc#805740)

  - tty/hvc_iucv: Disconnect IUCV connection when lowering
    DTR (bnc#839973, LTC#97595).

  - tty/hvc_console: Add DTR/RTS callback to handle HUPCL
    control (bnc#839973, LTC#97595).

  - sched: Avoid throttle_cfs_rq() racing with period_timer
    stopping. (bnc#848336)

  - sched/balancing: Periodically decay max cost of idle
    balance. (bnc#849256)

  - sched: Consider max cost of idle balance per sched
    domain. (bnc#849256)

  - sched: Reduce overestimating rq->avg_idle. (bnc#849256)

  - sched: Fix cfs_bandwidth misuse of
    hrtimer_expires_remaining. (bnc#848336)

  - sched: Fix hrtimer_cancel()/rq->lock deadlock.
    (bnc#848336)

  - sched: Fix race on toggling cfs_bandwidth_used.
    (bnc#848336)

  - sched: Guarantee new group-entities always have weight.
    (bnc#848336)

  - sched: Use jump labels to reduce overhead when bandwidth
    control is inactive. (bnc#848336)

  - sched: Fix several races in CFS_BANDWIDTH. (bnc#848336)

  - futex: fix handling of read-only-mapped hugepages (VM
    Functionality).

  - futex: move user address verification up to common code.
    (bnc#851603)

  - futexes: Clean up various details. (bnc#851603)

  - futexes: Increase hash table size for better
    performance. (bnc#851603)

  - futexes: Document multiprocessor ordering guarantees.
    (bnc#851603)

  - futexes: Avoid taking the hb->lock if there is nothing
    to wake up. (bnc#851603)

  - futexes: Fix futex_hashsize initialization. (bnc#851603)

  - mutex: Make more scalable by doing fewer atomic
    operations. (bnc#849256)

  - powerpc: Fix memory hotplug with sparse vmemmap.
    (bnc#827527)

  - powerpc: Add System RAM to /proc/iomem. (bnc#827527)

  - powerpc/mm: Mark Memory Resources as busy. (bnc#827527)

  - powerpc: Fix fatal SLB miss when restoring PPR.
    (bnc#853465)

  - powerpc: Make function that parses RTAS error logs
    global. (bnc#852761)

  - powerpc/pseries: Parse and handle EPOW interrupts.
    (bnc#852761)

  - powerpc/rtas_flash: Fix validate_flash buffer overflow
    issue. (bnc#847842)

  - powerpc/rtas_flash: Fix bad memory access. (bnc#847842)

  - x86: Update UV3 hub revision ID (bnc#846298
    fate#314987).

  - x86: Remove some noise from boot log when starting cpus.
    (bnc#770541)

  - x86/microcode/amd: Tone down printk(), do not treat a
    missing firmware file as an error. (bnc#843654)

  - x86/dumpstack: Fix printk_address for direct addresses.
    (bnc#845621)

  - x86/PCI: reduce severity of host bridge window conflict
    warnings. (bnc#858534)

  - ipv6: fix race condition regarding dst->expires and
    dst->from. (bnc#843185)

  - netback: bump tx queue length. (bnc#849404)

  - xfrm: invalidate dst on policy insertion/deletion.
    (bnc#842239)

  - xfrm: prevent ipcomp scratch buffer race condition.
    (bnc#842239)

  - tcp: bind() fix autoselection to share ports.
    (bnc#823618)

  - tcp: bind() use stronger condition for bind_conflict.
    (bnc#823618)

  - tcp: ipv6: bind() use stronger condition for
    bind_conflict. (bnc#823618)

  - kabi: protect bind_conflict callback in struct
    inet_connection_sock_af_ops. (bnc#823618)

  - macvlan: introduce IFF_MACVLAN flag and helper function.
    (bnc#846984)

  - macvlan: introduce macvlan_dev_real_dev() helper
    function. (bnc#846984)

  - macvlan: disable LRO on lower device instead of macvlan.
    (bnc#846984)

  - fs: Avoid softlockup in
    shrink_dcache_for_umount_subtree. (bnc#834473)

  - blkdev_max_block: make private to fs/buffer.c.
    (bnc#820338)

  - storage: SMI Corporation usb key added to
    READ_CAPACITY_10 quirk. (bnc#850324)

  - autofs4: autofs4_wait() vs. autofs4_catatonic_mode()
    race. (bnc#851314)

  - autofs4: catatonic_mode vs. notify_daemon race.
    (bnc#851314)

  - autofs4: close the races around autofs4_notify_daemon().
    (bnc#851314)

  - autofs4: deal with autofs4_write/autofs4_write races.
    (bnc#851314)

  - autofs4: dont clear DCACHE_NEED_AUTOMOUNT on rootless
    mount. (bnc#851314)

  - autofs4: fix deal with autofs4_write races. (bnc#851314)

  - autofs4: use simple_empty() for empty directory check.
    (bnc#851314)

  - dlm: set zero linger time on sctp socket. (bnc#787843)

  - SUNRPC: Fix a data corruption issue when retransmitting
    RPC calls (no bugzilla yet - netapp confirms problem and
    fix).

  - nfs: Change NFSv4 to not recover locks after they are
    lost. (bnc#828236)

  - nfs: Adapt readdirplus to application usage patterns.
    (bnc#834708)

  - xfs: Account log unmount transaction correctly.
    (bnc#849950)

  - xfs: improve ioend error handling. (bnc#846036)

  - xfs: reduce ioend latency. (bnc#846036)

  - xfs: use per-filesystem I/O completion workqueues.
    (bnc#846036)

  - xfs: Hide additional entries in struct xfs_mount.
    (bnc#846036 / bnc#848544)

  - Btrfs: do not BUG_ON() if we get an error walking
    backrefs (FATE#312888).

  - vfs: avoid 'attempt to access beyond end of device'
    warnings. (bnc#820338)

  - vfs: fix O_DIRECT read past end of block device.
    (bnc#820338)

  - cifs: Improve performance of browsing directories with
    several files. (bnc#810323)

  - cifs: Ensure cifs directories do not show up as files.
    (bnc#826602)

  - dm-multipath: abort all requests when failing a path.
    (bnc#798050)

  - scsi: Add 'eh_deadline' to limit SCSI EH runtime.
    (bnc#798050)

  - scsi: Allow error handling timeout to be specified.
    (bnc#798050)

  - scsi: Fixup compilation warning. (bnc#798050)

  - scsi: Retry failfast commands after EH. (bnc#798050)

  - scsi: Warn on invalid command completion. (bnc#798050)

  - advansys: Remove 'last_reset' references. (bnc#798050)

  - cleanup setting task state in scsi_error_handler().
    (bnc#798050)

  - dc395: Move 'last_reset' into internal host structure.
    (bnc#798050)

  - dpt_i2o: Remove DPTI_STATE_IOCTL. (bnc#798050)

  - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset.
    (bnc#798050)

  - scsi: kABI fixes. (bnc#798050)

  - scsi: remove check for 'resetting'. (bnc#798050)

  - tmscsim: Move 'last_reset' into host structure.
    (bnc#798050)

  - SCSI &amp; usb-storage: add try_rc_10_first flag.
    (bnc#853428)

  - iscsi_target: race condition on shutdown. (bnc#850072)

  - libfcoe: Make fcoe_sysfs optional / fix fnic NULL
    exception. (bnc#837206)

  - lpfc 8.3.42: Fixed issue of task management commands
    having a fixed timeout. (bnc#856481)

  - advansys: Remove 'last_reset' references. (bnc#856481)

  - dc395: Move 'last_reset' into internal host structure.
    (bnc#856481)

  - Add 'eh_deadline' to limit SCSI EH runtime. (bnc#856481)

  - remove check for 'resetting'. (bnc#856481)

  - tmscsim: Move 'last_reset' into host structure.
    (bnc#856481)

  - scsi_dh_rdac: Add new IBM 1813 product id to rdac
    devlist. (bnc#846654)

  - md: Change handling of save_raid_disk and metadata
    update during recovery. (bnc#849364)

  - dpt_i2o: Remove DPTI_STATE_IOCTL. (bnc#856481)

  - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset.
    (bnc#856481)

  - crypto: unload of aes_s390 module causes kernel panic
    (bnc#847660, LTC#98706).

  - crypto: Fix aes-xts parameter corruption (bnc#854546,
    LTC#100718).

  - crypto: gf128mul - fix call to memset() (obvious fix).

  - X.509: Fix certificate gathering. (bnc#805114)

  - pcifront: Deal with toolstack missing
    'XenbusStateClosing' state.

  - xencons: generalize use of add_preferred_console().
    (bnc#733022, bnc#852652)

  - netxen: fix off by one bug in
    netxen_release_tx_buffer(). (bnc#845729)

  - xen: xen_spin_kick fixed crash/lock release
    (bnc#807434)(bnc#848652).

  - xen: fixed USB passthrough issue. (bnc#852624)

  - igb: Fix get_fw_version function for all parts.
    (bnc#848317)

  - igb: Refactor of init_nvm_params. (bnc#848317)

  - r8169: check ALDPS bit and disable it if enabled for the
    8168g. (bnc#845352)

  - qeth: request length checking in snmp ioctl (bnc#847660,
    LTC#99511).

  - bnx2x: remove false warning regarding interrupt number.
    (bnc#769035)

  - usb: Fix xHCI host issues on remote wakeup. (bnc#846989)

  - xhci: Limit the spurious wakeup fix only to HP machines.
    (bnc#833097)

  - Intel xhci: refactor EHCI/xHCI port switching.
    (bnc#840116)

  - xhci-hub.c: preserved kABI. (bnc#840116)

  - xhci: Refactor port status into a new function.
    (bnc#840116)

  - HID: multitouch: Add support for NextWindow 0340
    touchscreen. (bnc#849855)

  - HID: multitouch: Add support for Qaunta 3027
    touchscreen. (bnc#854516)

  - HID: multitouch: add support for Atmel 212c touchscreen.
    (bnc#793727)

  - HID: multitouch: partial support of win8 devices.
    (bnc#854516,bnc#793727,bnc#849855)

  - HID: hid-multitouch: add support for the IDEACOM 6650
    chip. (bnc#854516,bnc#793727,bnc#849855)

  - ALSA: hda - Fix inconsistent mic-mute LED. (bnc#848864)

  - ALSA: hda - load EQ params into IDT codec on HP bNB13
    systems. (bnc#850493)

  - lpfc: correct some issues with txcomplq processing.
    (bnc#818064)

  - lpfc: correct an issue with rrq processing. (bnc#818064)

  - block: factor out vector mergeable decision to a helper
    function. (bnc#769644)

  - block: modify __bio_add_page check to accept pages that
    do not start a new segment. (bnc#769644)

  - sd: avoid deadlocks when running under multipath.
    (bnc#818545)

  - sd: fix crash when UA received on DIF enabled device.
    (bnc#841445)

  - sg: fix blk_get_queue usage. (bnc#834808)

  - lpfc: Do not free original IOCB whenever ABTS fails.
    (bnc#806988)

  - lpfc: Fix kernel warning on spinlock usage. (bnc#806988)

  - lpfc: Fixed system panic due to midlayer abort.
    (bnc#806988)

  - qla2xxx: Add module parameter to override the default
    request queue size. (bnc#826756)

  - qla2xxx: Module parameter 'ql2xasynclogin'. (bnc#825896)

  - Pragmatic workaround for realtime class abuse induced
    latency issues.

  - Provide realtime priority kthread and workqueue boot
    options. (bnc#836718)

  - mlx4: allocate just enough pages instead of always 4
    pages. (bnc#835186 / bnc#835074)

  - mlx4: allow order-0 memory allocations in RX path.
    (bnc#835186 / bnc#835074)

  - net/mlx4: use one page fragment per incoming frame.
    (bnc#835186 / bnc#835074)

  - bna: do not register ndo_set_rx_mode callback.
    (bnc#847261)

  - PCI: pciehp: Retrieve link speed after link is trained.
    (bnc#820102)

  - PCI: Separate pci_bus_read_dev_vendor_id from
    pci_scan_device. (bnc#820102)

  - PCI: pciehp: replace unconditional sleep with config
    space access check. (bnc#820102)

  - PCI: pciehp: make check_link_active more helpful.
    (bnc#820102)

  - PCI: pciehp: Add pcie_wait_link_not_active().
    (bnc#820102)

  - PCI: pciehp: Add Disable/enable link functions.
    (bnc#820102)

  - PCI: pciehp: Disable/enable link during slot power
    off/on. (bnc#820102)

  - PCI: fix truncation of resource size to 32 bits.
    (bnc#843419)

  - hv: handle more than just WS2008 in KVP negotiation.
    (bnc#850640)

  - mei: ME hardware reset needs to be synchronized.
    (bnc#821619)

  - kabi: Restore struct irq_desc::timer_rand_state.

  - fs3270: unloading module does not remove device
    (bnc#851879, LTC#100284).

  - cio: add message for timeouts on internal I/O
    (bnc#837739,LTC#97047).

  - isci: Fix a race condition in the SSP task management
    path. (bnc#826978)

  - ptp: dynamic allocation of PHC char devices.
    (bnc#851290)

  - efifb: prevent null-deref when iterating dmi_list.
    (bnc#848055)

  - dm-mpath: Fixup race condition in activate_path().
    (bnc#708296)

  - dm-mpath: do not detach stale hardware handler.
    (bnc#708296)

  - dm-multipath: Improve logging. (bnc#708296)

  - scsi_dh: invoke callback if ->activate is not present.
    (bnc#708296)

  - scsi_dh: return individual errors in scsi_dh_activate().
    (bnc#708296)

  - scsi_dh_alua: Decode EMC Clariion extended inquiry.
    (bnc#708296)

  - scsi_dh_alua: Decode HP EVA array identifier.
    (bnc#708296)

  - scsi_dh_alua: Evaluate state for all port groups.
    (bnc#708296)

  - scsi_dh_alua: Fix missing close brace in
    alua_check_sense. (bnc#843642)

  - scsi_dh_alua: Make stpg synchronous. (bnc#708296)

  - scsi_dh_alua: Pass buffer as function argument.
    (bnc#708296)

  - scsi_dh_alua: Re-evaluate port group states after STPG.
    (bnc#708296)

  - scsi_dh_alua: Recheck state on transitioning.
    (bnc#708296)

  - scsi_dh_alua: Rework rtpg workqueue. (bnc#708296)

  - scsi_dh_alua: Use separate alua_port_group structure.
    (bnc#708296)

  - scsi_dh_alua: Allow get_alua_data() to return NULL.
    (bnc#839407)

  - scsi_dh_alua: asynchronous RTPG. (bnc#708296)

  - scsi_dh_alua: correctly terminate target port strings.
    (bnc#708296)

  - scsi_dh_alua: defer I/O while workqueue item is pending.
    (bnc#708296)

  - scsi_dh_alua: Do not attach to RAID or enclosure
    devices. (bnc#819979)

  - scsi_dh_alua: Do not attach to well-known LUNs.
    (bnc#821980)

  - scsi_dh_alua: fine-grained locking in alua_rtpg_work().
    (bnc#708296)

  - scsi_dh_alua: invalid state information for 'optimized'
    paths. (bnc#843445)

  - scsi_dh_alua: move RTPG to workqueue. (bnc#708296)

  - scsi_dh_alua: move 'expiry' into PG structure.
    (bnc#708296)

  - scsi_dh_alua: move some sense code handling into generic
    code. (bnc#813245)

  - scsi_dh_alua: multipath failover fails with error 15.
    (bnc#825696)

  - scsi_dh_alua: parse target device id. (bnc#708296)

  - scsi_dh_alua: protect accesses to struct
    alua_port_group. (bnc#708296)

  - scsi_dh_alua: put sense buffer on stack. (bnc#708296)

  - scsi_dh_alua: reattaching device handler fails with
    'Error 15'. (bnc#843429)

  - scsi_dh_alua: remove locking when checking state.
    (bnc#708296)

  - scsi_dh_alua: remove stale variable. (bnc#708296)

  - scsi_dh_alua: retry RTPG on UNIT ATTENTION. (bnc#708296)

  - scsi_dh_alua: retry command on 'mode parameter changed'
    sense code. (bnc#843645)

  - scsi_dh_alua: simplify alua_check_sense(). (bnc#843642)

  - scsi_dh_alua: simplify state update. (bnc#708296)

  - scsi_dh_alua: use delayed_work. (bnc#708296)

  - scsi_dh_alua: use flag for RTPG extended header.
    (bnc#708296)

  - scsi_dh_alua: use local buffer for VPD inquiry.
    (bnc#708296)

  - scsi_dh_alua: use spin_lock_irqsave for port group.
    (bnc#708296)

  - scsi_dh_alua: defer I/O while workqueue item is pending.
    (bnc#708296)

  - scsi_dh_alua: Rework rtpg workqueue. (bnc#708296)

  - scsi_dh_alua: use delayed_work. (bnc#708296)

  - scsi_dh_alua: move 'expiry' into PG structure.
    (bnc#708296)

  - scsi_dh: invoke callback if ->activate is not present.
    (bnc#708296)

  - scsi_dh_alua: correctly terminate target port strings.
    (bnc#708296)

  - scsi_dh_alua: retry RTPG on UNIT ATTENTION. (bnc#708296)

  - scsi_dh_alua: protect accesses to struct
    alua_port_group. (bnc#708296)

  - scsi_dh_alua: fine-grained locking in alua_rtpg_work().
    (bnc#708296)

  - scsi_dh_alua: use spin_lock_irqsave for port group.
    (bnc#708296)

  - scsi_dh_alua: remove locking when checking state.
    (bnc#708296)

  - scsi_dh_alua: remove stale variable. (bnc#708296)

  - scsi_dh: return individual errors in scsi_dh_activate().
    (bnc#708296)

  - scsi_dh_alua: fixup misplaced brace in
    alua_initialize(). (bnc#858831)

  - drm/i915: add I915_PARAM_HAS_VEBOX to i915_getparam
    (bnc#831103,FATE#316109).

  - drm/i915: add I915_EXEC_VEBOX to
    i915_gem_do_execbuffer() (bnc#831103,FATE#316109).

  - drm/i915: add VEBOX into debugfs
    (bnc#831103,FATE#316109).

  - drm/i915: Enable vebox interrupts
    (bnc#831103,FATE#316109).

  - drm/i915: vebox interrupt get/put
    (bnc#831103,FATE#316109).

  - drm/i915: consolidate interrupt naming scheme
    (bnc#831103,FATE#316109).

  - drm/i915: Convert irq_refounct to struct
    (bnc#831103,FATE#316109).

  - drm/i915: make PM interrupt writes non-destructive
    (bnc#831103,FATE#316109).

  - drm/i915: Add PM regs to pre/post install
    (bnc#831103,FATE#316109).

  - drm/i915: Create an ivybridge_irq_preinstall
    (bnc#831103,FATE#316109).

  - drm/i915: Create a more generic pm handler for hsw+
    (bnc#831103,FATE#316109).

  - drm/i915: Vebox ringbuffer init
    (bnc#831103,FATE#316109).

  - drm/i915: add HAS_VEBOX (bnc#831103,FATE#316109).

  - drm/i915: Rename ring flush functions
    (bnc#831103,FATE#316109).

  - drm/i915: Add VECS semaphore bits
    (bnc#831103,FATE#316109).

  - drm/i915: Introduce VECS: the 4th ring
    (bnc#831103,FATE#316109).

  - drm/i915: Semaphore MBOX update generalization
    (bnc#831103,FATE#316109).

  - drm/i915: Comments for semaphore clarification
    (bnc#831103,FATE#316109).

  - drm/i915: fix gen4 digital port hotplug definitions.
    (bnc#850103)

  - drm/mgag200: Bug fix: Modified pll algorithm for EH
    project. (bnc#841654)

  - drm: do not add inferred modes for monitors that do not
    support them. (bnc#849809)

  - s390/cio: dont abort verification after missing irq
    (bnc#837739,LTC#97047).

  - s390/cio: skip broken paths (bnc#837739,LTC#97047).

  - s390/cio: export vpm via sysfs (bnc#837739,LTC#97047).

  - s390/cio: handle unknown pgroup state
    (bnc#837739,LTC#97047)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=708296"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=733022"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=769035"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=769644"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=770541"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=787843"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=789359"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=793727"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=798050"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=805114"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=805740"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=806988"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=807434"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=810323"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=813245"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=818064"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=818545"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=819979"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=820102"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=820338"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=820434"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=821619"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=821980"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=823618"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=825006"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=825696"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=825896"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=826602"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=826756"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=826978"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=827527"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=827767"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=828236"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=831103"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=833097"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=834473"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=834708"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=834808"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=835074"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=835186"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=836718"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=837206"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=837739"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=838623"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=839407"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=839973"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=840116"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=840226"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=841445"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=841654"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=842239"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=843185"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=843419"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=843429"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=843445"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=843642"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=843645"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=843654"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=845352"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=845378"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=845621"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=845729"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=846036"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=846298"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=846654"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=846984"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=846989"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=847261"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=847660"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=847842"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=848055"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=848317"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=848321"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=848335"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=848336"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=848544"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=848652"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=848864"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849021"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849029"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849034"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849256"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849362"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849364"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849404"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849675"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849809"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849855"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849950"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=850072"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=850103"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=850324"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=850493"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=850640"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=851066"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=851101"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=851290"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=851314"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=851603"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=851879"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=852153"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=852373"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=852558"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=852559"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=852624"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=852652"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=852761"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=853050"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=853051"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=853052"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=853053"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=853428"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=853465"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=854516"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=854546"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=854634"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=854722"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=856307"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=856481"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=858534"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=858831"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2146.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2930.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4345.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4483.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4511.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4514.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4515.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4587.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4592.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6367.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6368.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6376.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6378.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6380.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6383.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6463.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-7027.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply SAT patch number 8826.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-man");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/01/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");


flag = 0;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-default-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-default-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-default-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-default-man-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-source-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-syms-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-trace-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-trace-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-trace-devel-3.0.101-0.15.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2233-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(74354);
  script_version("1.21");
  script_cvs_date("Date: 2019/09/19 12:54:30");

  script_cve_id("CVE-2013-4387", "CVE-2013-4470", "CVE-2013-4483", "CVE-2014-1438", "CVE-2014-3122", "CVE-2014-3153");
  script_bugtraq_id(62696, 63359, 63445, 64781, 67162, 67906);
  script_xref(name:"USN", value:"2233-1");

  script_name(english:"Ubuntu 10.04 LTS : linux vulnerabilities (USN-2233-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An
unprivileged local user could exploit this flaw to cause a denial of
service (system crash) or gain administrative privileges.
(CVE-2014-3153)

Dmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6
UDP Fragmentation Offload (UFO) processing. A remote attacker could
leverage this flaw to cause a denial of service (system crash).
(CVE-2013-4387)

Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP
Fragmentation Offload (UFO). An unprivileged local user could exploit
this flaw to cause a denial of service (system crash) or possibly gain
administrative privileges. (CVE-2013-4470)

A flaw was discovered in the Linux kernel's IPC reference counting. An
unprivileged local user could exploit this flaw to cause a denial of
service (OOM system crash). (CVE-2013-4483)

halfdog reported an error in the AMD K7 and K8 platform support in the
Linux kernel. An unprivileged local user could exploit this flaw on
AMD based systems to cause a denial of service (task kill) or possibly
gain privileges via a crafted application. (CVE-2014-1438)

Sasha Levin reported a bug in the Linux kernel's virtual memory
management subsystem. An unprivileged local user could exploit this
flaw to cause a denial of service (system crash). (CVE-2014-3122).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/2233-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Android "Towelroot" Futex Requeue Kernel Exploit');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2013-4387", "CVE-2013-4470", "CVE-2013-4483", "CVE-2014-1438", "CVE-2014-3122", "CVE-2014-3153");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2233-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-61-386", pkgver:"2.6.32-61.124")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-61-generic", pkgver:"2.6.32-61.124")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-61-generic-pae", pkgver:"2.6.32-61.124")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-61-lpia", pkgver:"2.6.32-61.124")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-61-preempt", pkgver:"2.6.32-61.124")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-61-server", pkgver:"2.6.32-61.124")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-61-versatile", pkgver:"2.6.32-61.124")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-61-virtual", pkgver:"2.6.32-61.124")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-2.6-386 / linux-image-2.6-generic / etc");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2014:1392. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(78409);
  script_version("1.25");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/15");

  script_cve_id("CVE-2013-2596", "CVE-2013-4483", "CVE-2014-0181", "CVE-2014-3122", "CVE-2014-3601", "CVE-2014-4608", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-5045", "CVE-2014-5077");
  script_bugtraq_id(63445, 67034, 67162, 68162, 68164, 68214, 68862, 68881, 69489);
  script_xref(name:"RHSA", value:"2014:1392");

  script_name(english:"RHEL 6 : kernel (RHSA-2014:1392)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated kernel packages that fix multiple security issues, address
several hundred bugs, and add numerous enhancements are now available
as part of the ongoing support and maintenance of Red Hat Enterprise
Linux version 6. This is the sixth regular update.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A NULL pointer dereference flaw was found in the way the Linux
kernel's Stream Control Transmission Protocol (SCTP) implementation
handled simultaneous connections between the same hosts. A remote
attacker could use this flaw to crash the system. (CVE-2014-5077,
Important)

* An integer overflow flaw was found in the way the Linux kernel's
Frame Buffer device implementation mapped kernel memory to user space
via the mmap syscall. A local user able to access a frame buffer
device file (/dev/fb*) could possibly use this flaw to escalate their
privileges on the system. (CVE-2013-2596, Important)

* A flaw was found in the way the ipc_rcu_putref() function in the
Linux kernel's IPC implementation handled reference counter
decrementing. A local, unprivileged user could use this flaw to
trigger an Out of Memory (OOM) condition and, potentially, crash the
system. (CVE-2013-4483, Moderate)

* It was found that the permission checks performed by the Linux
kernel when a netlink message was received were not sufficient. A
local, unprivileged user could potentially bypass these restrictions
by passing a netlink socket as stdout or stderr to a more privileged
process and altering the output of this process. (CVE-2014-0181,
Moderate)

* It was found that the try_to_unmap_cluster() function in the Linux
kernel's Memory Managment subsystem did not properly handle page
locking in certain cases, which could potentially trigger the BUG_ON()
macro in the mlock_vma_page() function. A local, unprivileged user
could use this flaw to crash the system. (CVE-2014-3122, Moderate)

* A flaw was found in the way the Linux kernel's kvm_iommu_map_pages()
function handled IOMMU mapping failures. A privileged user in a guest
with an assigned host device could use this flaw to crash the host.
(CVE-2014-3601, Moderate)

* Multiple use-after-free flaws were found in the way the Linux
kernel's Advanced Linux Sound Architecture (ALSA) implementation
handled user controls. A local, privileged user could use either of
these flaws to crash the system. (CVE-2014-4653, CVE-2014-4654,
CVE-2014-4655, Moderate)

* A flaw was found in the way the Linux kernel's VFS subsystem handled
reference counting when performing unmount operations on symbolic
links. A local, unprivileged user could use this flaw to exhaust all
available memory on the system or, potentially, trigger a
use-after-free error, resulting in a system crash or privilege
escalation. (CVE-2014-5045, Moderate)

* An integer overflow flaw was found in the way the
lzo1x_decompress_safe() function of the Linux kernel's LZO
implementation processed Literal Runs. A local attacker could, in
extremely rare cases, use this flaw to crash the system or,
potentially, escalate their privileges on the system. (CVE-2014-4608,
Low)

Red Hat would like to thank Vladimir Davydov of Parallels for
reporting CVE-2013-4483, Jack Morgenstein of Mellanox for reporting
CVE-2014-3601, Vasily Averin of Parallels for reporting CVE-2014-5045,
and Don A. Bailey from Lab Mouse Security for reporting CVE-2014-4608.
The security impact of the CVE-2014-3601 issue was discovered by
Michael Tsirkin of Red Hat.

This update also fixes several hundred bugs and adds numerous
enhancements. Refer to the Red Hat Enterprise Linux 6.6 Release Notes
for information on the most significant of these changes, and the
Technical Notes for further information, both linked to in the
References.

All Red Hat Enterprise Linux 6 users are advised to install these
updated packages, which correct these issues, and fix the bugs and add
the enhancements noted in the Red Hat Enterprise Linux 6.6 Release
Notes and Technical Notes. The system must be rebooted for this update
to take effect."
  );
  # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?b5caa05f"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2014:1392"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-4483"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2014-3122"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2014-0181"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2014-4655"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2014-4654"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2014-5077"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2014-4653"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2014-5045"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2014-4608"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-2596"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2014-3601"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-firmware");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/10/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/14");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
include("ksplice.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2013-2596", "CVE-2013-4483", "CVE-2014-0181", "CVE-2014-3122", "CVE-2014-3601", "CVE-2014-4608", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-5045", "CVE-2014-5077");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2014:1392");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2014:1392";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"kernel-abi-whitelists-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-debug-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-debug-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debug-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-debug-debuginfo-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-debug-debuginfo-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debug-debuginfo-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-debug-devel-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-debug-devel-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debug-devel-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-debuginfo-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-debuginfo-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debuginfo-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-debuginfo-common-i686-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-debuginfo-common-s390x-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-devel-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-devel-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-devel-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"kernel-doc-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"kernel-firmware-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-headers-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-headers-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-headers-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-kdump-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-kdump-debuginfo-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-kdump-devel-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perf-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perf-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perf-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perf-debuginfo-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perf-debuginfo-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perf-debuginfo-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"python-perf-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"python-perf-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"python-perf-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"python-perf-debuginfo-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"python-perf-debuginfo-2.6.32-504.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"python-perf-debuginfo-2.6.32-504.el6")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
  }
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2014:0285 and 
# Oracle Linux Security Advisory ELSA-2014-0285-1 respectively.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(73006);
  script_version("1.8");
  script_cvs_date("Date: 2018/07/18 17:43:57");

  script_cve_id("CVE-2013-2929", "CVE-2013-4483", "CVE-2013-4554", "CVE-2013-6381", "CVE-2013-6383", "CVE-2013-6885", "CVE-2013-7263");
  script_bugtraq_id(63445, 63888, 63890, 63931, 63983, 64111, 64686);
  script_xref(name:"RHSA", value:"2014:0285");

  script_name(english:"Oracle Linux 5 : kernel (ELSA-2014-0285-1)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Oracle Linux host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"From Red Hat Security Advisory 2014:0285 :

Updated kernel packages that fix multiple security issues, several
bugs, and add one enhancement are now available for Red Hat Enterprise
Linux 5.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A buffer overflow flaw was found in the way the qeth_snmp_command()
function in the Linux kernel's QETH network device driver
implementation handled SNMP IOCTL requests with an out-of-bounds
length. A local, unprivileged user could use this flaw to crash the
system or, potentially, escalate their privileges on the system.
(CVE-2013-6381, Important)

* A flaw was found in the way the ipc_rcu_putref() function in the
Linux kernel's IPC implementation handled reference counter
decrementing. A local, unprivileged user could use this flaw to
trigger an Out of Memory (OOM) condition and, potentially, crash the
system. (CVE-2013-4483, Moderate)

* It was found that the Xen hypervisor implementation did not
correctly check privileges of hypercall attempts made by HVM guests,
allowing hypercalls to be invoked from protection rings 1 and 2 in
addition to ring 0. A local attacker in an HVM guest able to execute
code on privilege levels 1 and 2 could potentially use this flaw to
further escalate their privileges in that guest. Note: Xen HVM guests
running unmodified versions of Red Hat Enterprise Linux and Microsoft
Windows are not affected by this issue because they are known to only
use protection rings 0 (kernel) and 3 (userspace). (CVE-2013-4554,
Moderate)

* A flaw was found in the way the Linux kernel's Adaptec RAID
controller (aacraid) checked permissions of compat IOCTLs. A local
attacker could use this flaw to bypass intended security restrictions.
(CVE-2013-6383, Moderate)

* It was found that, under specific circumstances, a combination of
write operations to write-combined memory and locked CPU instructions
may cause a core hang on certain AMD CPUs (for more information, refer
to AMD CPU erratum 793 linked in the References section). A privileged
user in a guest running under the Xen hypervisor could use this flaw
to cause a denial of service on the host system. This update adds a
workaround to the Xen hypervisor implementation, which mitigates the
AMD CPU issue. Note: this issue only affects AMD Family 16h Models
00h-0Fh Processors. Non-AMD CPUs are not vulnerable. (CVE-2013-6885,
Moderate)

* It was found that certain protocol handlers in the Linux kernel's
networking implementation could set the addr_len value without
initializing the associated data structure. A local, unprivileged user
could use this flaw to leak kernel stack memory to user space using
the recvmsg, recvfrom, and recvmmsg system calls. (CVE-2013-7263, Low)

* A flaw was found in the way the get_dumpable() function return value
was interpreted in the ptrace subsystem of the Linux kernel. When
'fs.suid_dumpable' was set to 2, a local, unprivileged local user
could use this flaw to bypass intended ptrace restrictions and obtain
potentially sensitive information. (CVE-2013-2929, Low)

Red Hat would like to thank Vladimir Davydov of Parallels for
reporting CVE-2013-4483 and the Xen project for reporting
CVE-2013-4554 and CVE-2013-6885. Upstream acknowledges Jan Beulich as
the original reporter of CVE-2013-4554 and CVE-2013-6885.

This update also fixes several bugs and adds one enhancement.
Documentation for these changes will be available shortly from the
Technical Notes document linked to in the References section.

All kernel users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues and add this
enhancement. The system must be rebooted for this update to take
effect."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2014-March/004013.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-PAE");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-PAE-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/03/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/14");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !eregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = eregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);

flag = 0;
if (rpm_exists(release:"EL5", rpm:"kernel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-2.6.18-371.6.1.0.1.el5")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-PAE-2.6.18") && rpm_check(release:"EL5", cpu:"i386", reference:"kernel-PAE-2.6.18-371.6.1.0.1.el5")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-PAE-devel-2.6.18") && rpm_check(release:"EL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-371.6.1.0.1.el5")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-debug-2.6.18") && rpm_check(release:"EL5", reference:"kernel-debug-2.6.18-371.6.1.0.1.el5")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-debug-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-debug-devel-2.6.18-371.6.1.0.1.el5")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-devel-2.6.18-371.6.1.0.1.el5")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-doc-2.6.18") && rpm_check(release:"EL5", reference:"kernel-doc-2.6.18-371.6.1.0.1.el5")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-headers-2.6.18") && rpm_check(release:"EL5", reference:"kernel-headers-2.6.18-371.6.1.0.1.el5")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-xen-2.6.18") && rpm_check(release:"EL5", reference:"kernel-xen-2.6.18-371.6.1.0.1.el5")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-xen-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-xen-devel-2.6.18-371.6.1.0.1.el5")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2014:1392 and 
# Oracle Linux Security Advisory ELSA-2014-1392 respectively.
#

include("compat.inc");

if (description)
{
  script_id(78618);
  script_version("1.16");
  script_cvs_date("Date: 2019/09/30 10:58:19");

  script_cve_id("CVE-2013-2596", "CVE-2013-4483", "CVE-2014-0181", "CVE-2014-3122", "CVE-2014-3601", "CVE-2014-4608", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-5045", "CVE-2014-5077");
  script_bugtraq_id(63445, 67034, 67162, 68162, 68164, 68214, 68862, 68881, 69489);
  script_xref(name:"RHSA", value:"2014:1392");

  script_name(english:"Oracle Linux 6 : kernel (ELSA-2014-1392)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Oracle Linux host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"From Red Hat Security Advisory 2014:1392 :

Updated kernel packages that fix multiple security issues, address
several hundred bugs, and add numerous enhancements are now available
as part of the ongoing support and maintenance of Red Hat Enterprise
Linux version 6. This is the sixth regular update.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A NULL pointer dereference flaw was found in the way the Linux
kernel's Stream Control Transmission Protocol (SCTP) implementation
handled simultaneous connections between the same hosts. A remote
attacker could use this flaw to crash the system. (CVE-2014-5077,
Important)

* An integer overflow flaw was found in the way the Linux kernel's
Frame Buffer device implementation mapped kernel memory to user space
via the mmap syscall. A local user able to access a frame buffer
device file (/dev/fb*) could possibly use this flaw to escalate their
privileges on the system. (CVE-2013-2596, Important)

* A flaw was found in the way the ipc_rcu_putref() function in the
Linux kernel's IPC implementation handled reference counter
decrementing. A local, unprivileged user could use this flaw to
trigger an Out of Memory (OOM) condition and, potentially, crash the
system. (CVE-2013-4483, Moderate)

* It was found that the permission checks performed by the Linux
kernel when a netlink message was received were not sufficient. A
local, unprivileged user could potentially bypass these restrictions
by passing a netlink socket as stdout or stderr to a more privileged
process and altering the output of this process. (CVE-2014-0181,
Moderate)

* It was found that the try_to_unmap_cluster() function in the Linux
kernel's Memory Managment subsystem did not properly handle page
locking in certain cases, which could potentially trigger the BUG_ON()
macro in the mlock_vma_page() function. A local, unprivileged user
could use this flaw to crash the system. (CVE-2014-3122, Moderate)

* A flaw was found in the way the Linux kernel's kvm_iommu_map_pages()
function handled IOMMU mapping failures. A privileged user in a guest
with an assigned host device could use this flaw to crash the host.
(CVE-2014-3601, Moderate)

* Multiple use-after-free flaws were found in the way the Linux
kernel's Advanced Linux Sound Architecture (ALSA) implementation
handled user controls. A local, privileged user could use either of
these flaws to crash the system. (CVE-2014-4653, CVE-2014-4654,
CVE-2014-4655, Moderate)

* A flaw was found in the way the Linux kernel's VFS subsystem handled
reference counting when performing unmount operations on symbolic
links. A local, unprivileged user could use this flaw to exhaust all
available memory on the system or, potentially, trigger a
use-after-free error, resulting in a system crash or privilege
escalation. (CVE-2014-5045, Moderate)

* An integer overflow flaw was found in the way the
lzo1x_decompress_safe() function of the Linux kernel's LZO
implementation processed Literal Runs. A local attacker could, in
extremely rare cases, use this flaw to crash the system or,
potentially, escalate their privileges on the system. (CVE-2014-4608,
Low)

Red Hat would like to thank Vladimir Davydov of Parallels for
reporting CVE-2013-4483, Jack Morgenstein of Mellanox for reporting
CVE-2014-3601, Vasily Averin of Parallels for reporting CVE-2014-5045,
and Don A. Bailey from Lab Mouse Security for reporting CVE-2014-4608.
The security impact of the CVE-2014-3601 issue was discovered by
Michael Tsirkin of Red Hat.

This update also fixes several hundred bugs and adds numerous
enhancements. Refer to the Red Hat Enterprise Linux 6.6 Release Notes
for information on the most significant of these changes, and the
Technical Notes for further information, both linked to in the
References.

All Red Hat Enterprise Linux 6 users are advised to install these
updated packages, which correct these issues, and fix the bugs and add
the enhancements noted in the Red Hat Enterprise Linux 6.6 Release
Notes and Technical Notes. The system must be rebooted for this update
to take effect."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2014-October/004556.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-abi-whitelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-firmware");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/10/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/22");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
include("ksplice.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2013-2596", "CVE-2013-4483", "CVE-2014-0181", "CVE-2014-3122", "CVE-2014-3601", "CVE-2014-4608", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-5045", "CVE-2014-5077");  
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2014-1392");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

kernel_major_minor = get_kb_item("Host/uname/major_minor");
if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
expected_kernel_major_minor = "2.6";
if (kernel_major_minor != expected_kernel_major_minor)
  audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);

flag = 0;
if (rpm_exists(release:"EL6", rpm:"kernel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-2.6.32-504.el6")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-abi-whitelists-2.6.32") && rpm_check(release:"EL6", reference:"kernel-abi-whitelists-2.6.32-504.el6")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-debug-2.6.32") && rpm_check(release:"EL6", reference:"kernel-debug-2.6.32-504.el6")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-debug-devel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-debug-devel-2.6.32-504.el6")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-devel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-devel-2.6.32-504.el6")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-doc-2.6.32") && rpm_check(release:"EL6", reference:"kernel-doc-2.6.32-504.el6")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-firmware-2.6.32") && rpm_check(release:"EL6", reference:"kernel-firmware-2.6.32-504.el6")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-headers-2.6.32") && rpm_check(release:"EL6", reference:"kernel-headers-2.6.32-504.el6")) flag++;
if (rpm_check(release:"EL6", reference:"perf-2.6.32-504.el6")) flag++;
if (rpm_check(release:"EL6", reference:"python-perf-2.6.32-504.el6")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
}

#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2013:265. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(70837);
  script_version("1.6");
  script_cvs_date("Date: 2019/08/02 13:32:55");

  script_cve_id("CVE-2013-2015", "CVE-2013-4348", "CVE-2013-4350", "CVE-2013-4387", "CVE-2013-4470", "CVE-2013-4483");
  script_bugtraq_id(59512, 62405, 62696, 63359, 63445, 63536);
  script_xref(name:"MDVSA", value:"2013:265");

  script_name(english:"Mandriva Linux Security Advisory : kernel (MDVSA-2013:265)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple vulnerabilities has been found and corrected in the Linux
kernel :

The ipc_rcu_putref function in ipc/util.c in the Linux kernel before
3.10 does not properly manage a reference count, which allows local
users to cause a denial of service (memory consumption or system
crash) via a crafted application (CVE-2013-4483).

The skb_flow_dissect function in net/core/flow_dissector.c in the
Linux kernel through 3.12 allows remote attackers to cause a denial of
service (infinite loop) via a small value in the IHL field of a packet
with IPIP encapsulation (CVE-2013-4348).

The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is
enabled, does not properly initialize certain data structures, which
allows local users to cause a denial of service (memory corruption and
system crash) or possibly gain privileges via a crafted application
that uses the UDP_CORK option in a setsockopt system call and sends
both short and long packets, related to the ip_ufo_append_data
function in net/ipv4/ip_output.c and the ip6_ufo_append_data function
in net/ipv6/ip6_output.c (CVE-2013-4470).

The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel
before 3.7.3 does not properly handle orphan-list entries for
non-journal filesystems, which allows physically proximate attackers
to cause a denial of service (system hang) via a crafted filesystem on
removable media, as demonstrated by the e2fsprogs
tests/f_orphan_extents_inode/image.gz test (CVE-2013-2015).

net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not
properly determine the need for UDP Fragmentation Offload (UFO)
processing of small packets after the UFO queueing of a large packet,
which allows remote attackers to cause a denial of service (memory
corruption and system crash) or possibly have unspecified other impact
via network traffic that triggers a large response packet
(CVE-2013-4387).

The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel
through 3.11.1 uses data structures and function calls that do not
trigger an intended configuration of IPsec encryption, which allows
remote attackers to obtain sensitive information by sniffing the
network (CVE-2013-4350).

The updated packages provides a solution for these security issues."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cpupower");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-firmware");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cpupower-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cpupower0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/11/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/11");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"cpupower-3.4.68-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", reference:"kernel-firmware-3.4.68-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"kernel-headers-3.4.68-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"kernel-server-3.4.68-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"kernel-server-devel-3.4.68-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", reference:"kernel-source-3.4.68-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64cpupower-devel-3.4.68-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64cpupower0-3.4.68-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"perf-3.4.68-1.1.mbs1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2221-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(74184);
  script_version("1.13");
  script_cvs_date("Date: 2019/09/19 12:54:30");

  script_cve_id("CVE-2013-4483", "CVE-2014-0069", "CVE-2014-0077", "CVE-2014-0101", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-2309", "CVE-2014-2523", "CVE-2014-2672", "CVE-2014-2678", "CVE-2014-2706", "CVE-2014-2851");
  script_bugtraq_id(63445, 65588, 65943, 66095, 66279, 66492, 66543, 66591, 66678, 66779, 67300, 67302);
  script_xref(name:"USN", value:"2221-1");

  script_name(english:"Ubuntu 12.04 LTS : linux vulnerabilities (USN-2221-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Matthew Daley reported an information leak in the floppy disk driver
of the Linux kernel. An unprivileged local user could exploit this
flaw to obtain potentially sensitive information from kernel memory.
(CVE-2014-1738)

Matthew Daley reported a flaw in the handling of ioctl commands by the
floppy disk driver in the Linux kernel. An unprivileged local user
could exploit this flaw to gain administrative privileges if the
floppy disk module is loaded. (CVE-2014-1737)

A flaw was discovered in the Linux kernel's IPC reference counting. An
unprivileged local user could exploit this flaw to cause a denial of
service (OOM system crash). (CVE-2013-4483)

Al Viro discovered an error in how CIFS in the Linux kernel handles
uncached write operations. An unprivileged local user could exploit
this flaw to cause a denial of service (system crash), obtain
sensitive information from kernel memory, or possibly gain privileges.
(CVE-2014-0069)

A flaw was discovered in the handling of network packets when
mergeable buffers are disabled for virtual machines in the Linux
kernel. Guest OS users may exploit this flaw to cause a denial of
service (host OS crash) or possibly gain privilege on the host OS.
(CVE-2014-0077)

A flaw was discovered in the Linux kernel's handling of the SCTP
handshake. A remote attacker could exploit this flaw to cause a denial
of service (system crash). (CVE-2014-0101)

A flaw was discovered in the handling of routing information in Linux
kernel's IPv6 stack. A remote attacker could exploit this flaw to
cause a denial of service (memory consumption) via a flood of ICMPv6
router advertisement packets. (CVE-2014-2309)

An error was discovered in the Linux kernel's DCCP protocol support. A
remote attacked could exploit this flaw to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2014-2523)

Max Sydorenko discovered a race condition in the Atheros 9k wireless
driver in the Linux kernel. This race could be exploited by remote
attackers to cause a denial of service (system crash). (CVE-2014-2672)

An error was discovered in the Reliable Datagram Sockets (RDS)
protocol stack in the Linux kernel. A local user could exploit this
flaw to cause a denial of service (system crash) or possibly have
unspecified other impact. (CVE-2014-2678)

Yaara Rozenblum discovered a race condition in the Linux kernel's
Generic IEEE 802.11 Networking Stack (mac80211). Remote attackers
could exploit this flaw to cause a denial of service (system crash).
(CVE-2014-2706)

A flaw was discovered in the Linux kernel's ping sockets. An
unprivileged local user could exploit this flaw to cause a denial of
service (system crash) or possibly gain privileges via a crafted
application. (CVE-2014-2851).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/2221-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/05/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/27");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2013-4483", "CVE-2014-0069", "CVE-2014-0077", "CVE-2014-0101", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-2309", "CVE-2014-2523", "CVE-2014-2672", "CVE-2014-2678", "CVE-2014-2706", "CVE-2014-2851");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2221-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-63-generic", pkgver:"3.2.0-63.95")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-63-generic-pae", pkgver:"3.2.0-63.95")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-63-highbank", pkgver:"3.2.0-63.95")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-63-virtual", pkgver:"3.2.0-63.95")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.2-generic / linux-image-3.2-generic-pae / etc");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2014:0536-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(83618);
  script_version("2.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2011-2492", "CVE-2011-2494", "CVE-2012-6537", "CVE-2012-6539", "CVE-2012-6540", "CVE-2012-6541", "CVE-2012-6542", "CVE-2012-6544", "CVE-2012-6545", "CVE-2012-6546", "CVE-2012-6547", "CVE-2012-6549", "CVE-2013-0343", "CVE-2013-0914", "CVE-2013-1827", "CVE-2013-2141", "CVE-2013-2164", "CVE-2013-2206", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2237", "CVE-2013-2888", "CVE-2013-2893", "CVE-2013-2897", "CVE-2013-3222", "CVE-2013-3223", "CVE-2013-3224", "CVE-2013-3228", "CVE-2013-3229", "CVE-2013-3231", "CVE-2013-3232", "CVE-2013-3234", "CVE-2013-3235", "CVE-2013-4162", "CVE-2013-4387", "CVE-2013-4470", "CVE-2013-4483", "CVE-2013-4588", "CVE-2013-6383", "CVE-2014-1444", "CVE-2014-1445", "CVE-2014-1446");
  script_bugtraq_id(48441, 50314, 58383, 58409, 58426, 58795, 58977, 58985, 58986, 58987, 58989, 58990, 58991, 58992, 58993, 58996, 59377, 59380, 59381, 59383, 59389, 59390, 59393, 59394, 59397, 60254, 60375, 60715, 60874, 60893, 60953, 61411, 62043, 62044, 62050, 62696, 63359, 63445, 63744, 63888, 64952, 64953, 64954);

  script_name(english:"SUSE SLES10 Security Update : kernel (SUSE-SU-2014:0536-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SUSE Linux Enterprise Server 10 Service Pack 4 LTSS kernel has
been updated to fix various security issues and several bugs.

The following security issues have been addressed :

CVE-2011-2492: The bluetooth subsystem in the Linux kernel before
3.0-rc4 does not properly initialize certain data structures, which
allows local users to obtain potentially sensitive information from
kernel memory via a crafted getsockopt system call, related to (1) the
l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and
(2) the rfcomm_sock_getsockopt_old function in
net/bluetooth/rfcomm/sock.c. (bnc#702014)

CVE-2011-2494: kernel/taskstats.c in the Linux kernel before
3.1 allows local users to obtain sensitive I/O statistics by
sending taskstats commands to a netlink socket, as
demonstrated by discovering the length of another user's
password. (bnc#703156)

CVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel
before 3.6 does not initialize certain structures, which
allows local users to obtain sensitive information from
kernel memory by leveraging the CAP_NET_ADMIN capability.
(bnc#809889)

CVE-2012-6539: The dev_ifconf function in net/socket.c in
the Linux kernel before 3.6 does not initialize a certain
structure, which allows local users to obtain sensitive
information from kernel stack memory via a crafted
application. (bnc#809891)

CVE-2012-6540: The do_ip_vs_get_ctl function in
net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before
3.6 does not initialize a certain structure for
IP_VS_SO_GET_TIMEOUT commands, which allows local users to
obtain sensitive information from kernel stack memory via a
crafted application. (bnc#809892)

CVE-2012-6541: The ccid3_hc_tx_getsockopt function in
net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does
not initialize a certain structure, which allows local users
to obtain sensitive information from kernel stack memory via
a crafted application. (bnc#809893)

CVE-2012-6542: The llc_ui_getname function in
net/llc/af_llc.c in the Linux kernel before 3.6 has an
incorrect return value in certain circumstances, which
allows local users to obtain sensitive information from
kernel stack memory via a crafted application that leverages
an uninitialized pointer argument. (bnc#809894)

CVE-2012-6544: The Bluetooth protocol stack in the Linux
kernel before 3.6 does not properly initialize certain
structures, which allows local users to obtain sensitive
information from kernel stack memory via a crafted
application that targets the (1) L2CAP or (2) HCI
implementation. (bnc#809898)

CVE-2012-6545: The Bluetooth RFCOMM implementation in the
Linux kernel before 3.6 does not properly initialize certain
structures, which allows local users to obtain sensitive
information from kernel memory via a crafted application.
(bnc#809899)

CVE-2012-6546: The ATM implementation in the Linux kernel
before 3.6 does not initialize certain structures, which
allows local users to obtain sensitive information from
kernel stack memory via a crafted application. (bnc#809900)

CVE-2012-6547: The __tun_chr_ioctl function in
drivers/net/tun.c in the Linux kernel before 3.6 does not
initialize a certain structure, which allows local users to
obtain sensitive information from kernel stack memory via a
crafted application. (bnc#809901)

CVE-2012-6549: The isofs_export_encode_fh function in
fs/isofs/export.c in the Linux kernel before 3.6 does not
initialize a certain structure member, which allows local
users to obtain sensitive information from kernel heap
memory via a crafted application. (bnc#809903)

CVE-2013-0343: The ipv6_create_tempaddr function in
net/ipv6/addrconf.c in the Linux kernel through 3.8 does not
properly handle problems with the generation of IPv6
temporary addresses, which allows remote attackers to cause
a denial of service (excessive retries and
address-generation outage), and consequently obtain
sensitive information, via ICMPv6 Router Advertisement (RA)
messages. (bnc#805226)

CVE-2013-0914: The flush_signal_handlers function in
kernel/signal.c in the Linux kernel before 3.8.4 preserves
the value of the sa_restorer field across an exec operation,
which makes it easier for local users to bypass the ASLR
protection mechanism via a crafted application containing a
sigaction system call. (bnc#808827)

CVE-2013-1827: net/dccp/ccid.h in the Linux kernel before
3.5.4 allows local users to gain privileges or cause a
denial of service (NULL pointer dereference and system
crash) by leveraging the CAP_NET_ADMIN capability for a
certain (1) sender or (2) receiver getsockopt call.
(bnc#811354)

CVE-2013-2141: The do_tkill function in kernel/signal.c in
the Linux kernel before 3.8.9 does not initialize a certain
data structure, which allows local users to obtain sensitive
information from kernel memory via a crafted application
that makes a (1) tkill or (2) tgkill system call.
(bnc#823267)

CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in
drivers/cdrom/cdrom.c in the Linux kernel through 3.10
allows local users to obtain sensitive information from
kernel memory via a read operation on a malfunctioning
CD-ROM drive. (bnc#824295)

CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function in
net/sctp/sm_statefuns.c in the SCTP implementation in the
Linux kernel before 3.8.5 does not properly handle
associations during the processing of a duplicate COOKIE
ECHO chunk, which allows remote attackers to cause a denial
of service (NULL pointer dereference and system crash) or
possibly have unspecified other impact via crafted SCTP
traffic. (bnc#826102)

CVE-2013-2232: The ip6_sk_dst_check function in
net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows
local users to cause a denial of service (system crash) by
using an AF_INET6 socket for a connection to an IPv4
interface. (bnc#827750)

CVE-2013-2234: The (1) key_notify_sa_flush and (2)
key_notify_policy_flush functions in net/key/af_key.c in the
Linux kernel before 3.10 do not initialize certain structure
members, which allows local users to obtain sensitive
information from kernel heap memory by reading a broadcast
message from the notify interface of an IPSec key_socket.
(bnc#827749)

CVE-2013-2237: The key_notify_policy_flush function in
net/key/af_key.c in the Linux kernel before 3.9 does not
initialize a certain structure member, which allows local
users to obtain sensitive information from kernel heap
memory by reading a broadcast message from the notify_policy
interface of an IPSec key_socket. (bnc#828119)

CVE-2013-2888: Multiple array index errors in
drivers/hid/hid-core.c in the Human Interface Device (HID)
subsystem in the Linux kernel through 3.11 allow physically
proximate attackers to execute arbitrary code or cause a
denial of service (heap memory corruption) via a crafted
device that provides an invalid Report ID. (bnc#835839)

CVE-2013-2893: The Human Interface Device (HID) subsystem in
the Linux kernel through 3.11, when CONFIG_LOGITECH_FF,
CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled,
allows physically proximate attackers to cause a denial of
service (heap-based out-of-bounds write) via a crafted
device, related to (1) drivers/hid/hid-lgff.c, (2)
drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c.
(bnc#835839)

CVE-2013-2897: Multiple array index errors in
drivers/hid/hid-multitouch.c in the Human Interface Device
(HID) subsystem in the Linux kernel through 3.11, when
CONFIG_HID_MULTITOUCH is enabled, allow physically proximate
attackers to cause a denial of service (heap memory
corruption, or NULL pointer dereference and OOPS) via a
crafted device. (bnc#835839)

CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c
in the Linux kernel before 3.9-rc7 does not initialize a
certain length variable, which allows local users to obtain
sensitive information from kernel stack memory via a crafted
recvmsg or recvfrom system call. (bnc#816668)

CVE-2013-3223: The ax25_recvmsg function in
net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does
not initialize a certain data structure, which allows local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

CVE-2013-3224: The bt_sock_recvmsg function in
net/bluetooth/af_bluetooth.c in the Linux kernel before
3.9-rc7 does not properly initialize a certain length
variable, which allows local users to obtain sensitive
information from kernel stack memory via a crafted recvmsg
or recvfrom system call. (bnc#816668)

CVE-2013-3228: The irda_recvmsg_dgram function in
net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does
not initialize a certain length variable, which allows local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

CVE-2013-3229: The iucv_sock_recvmsg function in
net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does
not initialize a certain length variable, which allows local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

CVE-2013-3231: The llc_ui_recvmsg function in
net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not
initialize a certain length variable, which allows local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

CVE-2013-3232: The nr_recvmsg function in
net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7
does not initialize a certain data structure, which allows
local users to obtain sensitive information from kernel
stack memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

CVE-2013-3234: The rose_recvmsg function in
net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does
not initialize a certain data structure, which allows local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

CVE-2013-3235: net/tipc/socket.c in the Linux kernel before
3.9-rc7 does not initialize a certain data structure and a
certain length variable, which allows local users to obtain
sensitive information from kernel stack memory via a crafted
recvmsg or recvfrom system call. (bnc#816668)

CVE-2013-4162: The udp_v6_push_pending_frames function in
net/ipv6/udp.c in the IPv6 implementation in the Linux
kernel through 3.10.3 makes an incorrect function call for
pending data, which allows local users to cause a denial of
service (BUG and system crash) via a crafted application
that uses the UDP_CORK option in a setsockopt system call.
(bnc#831058)

CVE-2013-4387: net/ipv6/ip6_output.c in the Linux kernel
through 3.11.4 does not properly determine the need for UDP
Fragmentation Offload (UFO) processing of small packets
after the UFO queueing of a large packet, which allows
remote attackers to cause a denial of service (memory
corruption and system crash) or possibly have unspecified
other impact via network traffic that triggers a large
response packet. (bnc#843430)

CVE-2013-4470: The Linux kernel before 3.12, when UDP
Fragmentation Offload (UFO) is enabled, does not properly
initialize certain data structures, which allows local users
to cause a denial of service (memory corruption and system
crash) or possibly gain privileges via a crafted application
that uses the UDP_CORK option in a setsockopt system call
and sends both short and long packets, related to the
ip_ufo_append_data function in net/ipv4/ip_output.c and the
ip6_ufo_append_data function in net/ipv6/ip6_output.c.
(bnc#847672)

CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in
the Linux kernel before 3.10 does not properly manage a
reference count, which allows local users to cause a denial
of service (memory consumption or system crash) via a
crafted application. (bnc#848321)

CVE-2013-4588: Multiple stack-based buffer overflows in
net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before
2.6.33, when CONFIG_IP_VS is used, allow local users to gain
privileges by leveraging the CAP_NET_ADMIN capability for
(1) a getsockopt system call, related to the
do_ip_vs_get_ctl function, or (2) a setsockopt system call,
related to the do_ip_vs_set_ctl function. (bnc#851095)

CVE-2013-6383: The aac_compat_ioctl function in
drivers/scsi/aacraid/linit.c in the Linux kernel before
3.11.8 does not require the CAP_SYS_RAWIO capability, which
allows local users to bypass intended access restrictions
via a crafted ioctl call. (bnc#852558)

CVE-2014-1444: The fst_get_iface function in
drivers/net/wan/farsync.c in the Linux kernel before 3.11.7
does not properly initialize a certain data structure, which
allows local users to obtain sensitive information from
kernel memory by leveraging the CAP_NET_ADMIN capability for
an SIOCWANDEV ioctl call. (bnc#858869)

CVE-2014-1445: The wanxl_ioctl function in
drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7
does not properly initialize a certain data structure, which
allows local users to obtain sensitive information from
kernel memory via an ioctl call. (bnc#858870)

CVE-2014-1446: The yam_ioctl function in
drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8
does not initialize a certain structure member, which allows
local users to obtain sensitive information from kernel
memory by leveraging the CAP_NET_ADMIN capability for an
SIOCYAMGCFG ioctl call. (bnc#858872)

Also the following non-security bugs have been fixed :

  - kernel: Remove newline from execve audit log
    (bnc#827855).

  - kernel: sclp console hangs (bnc#830344, LTC#95711).

  - kernel: fix flush_tlb_kernel_range (bnc#825052,
    LTC#94745). kernel: lost IPIs on CPU hotplug
    (bnc#825052, LTC#94784).

    sctp: deal with multiple COOKIE_ECHO chunks
    (bnc#826102).

  - net: Uninline kfree_skb and allow NULL argument
    (bnc#853501).

  - netback: don't disconnect frontend when seeing oversize
    packet. netfront: reduce gso_max_size to account for max
    TCP header.

    fs/dcache: Avoid race in d_splice_alias and vfs_rmdir
    (bnc#845028).

  - fs/proc: proc_task_lookup() fix memory pinning
    (bnc#827362 bnc#849765).

  - blkdev_max_block: make private to fs/buffer.c
    (bnc#820338).

  - vfs: avoid 'attempt to access beyond end of device'
    warnings (bnc#820338).

  - vfs: fix O_DIRECT read past end of block device
    (bnc#820338).

  - cifs: don't use CIFSGetSrvInodeNumber in
    is_path_accessible (bnc#832603).

  - xfs: Fix kABI breakage caused by AIL list transformation
    (bnc#806219).

  - xfs: Replace custom AIL linked-list code with struct
    list_head (bnc#806219).

  - reiserfs: fix problems with chowning setuid file w/
    xattrs (bnc#790920).

  - reiserfs: fix spurious multiple-fill in
    reiserfs_readdir_dentry (bnc#822722). jbd: Fix forever
    sleeping process in do_get_write_access() (bnc#827983).

    HID: check for NULL field when setting values
    (bnc#835839).

  - HID: provide a helper for validating hid reports
    (bnc#835839).

  - bcm43xx: netlink deadlock fix (bnc#850241).

  - bnx2: Close device if tx_timeout reset fails
    (bnc#857597).

  - xfrm: invalidate dst on policy insertion/deletion
    (bnc#842239).

  - xfrm: prevent ipcomp scratch buffer race condition
    (bnc#842239).

  - lpfc: Update to 8.2.0.106 (bnc#798050).

  - Make lpfc task management timeout configurable
    (bnc#798050).

  - dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050).

  - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset
    (bnc#798050).

  - advansys: Remove 'last_reset' references (bnc#798050).

  - tmscsim: Move 'last_reset' into host structure
    (bnc#798050). dc395: Move 'last_reset' into internal
    host structure (bnc#798050).

    scsi: remove check for 'resetting' (bnc#798050).

  - scsi: Allow error handling timeout to be specified
    (bnc#798050).

  - scsi: Eliminate error handler overload of the SCSI
    serial number (bnc#798050).

  - scsi: Reduce sequential pointer derefs in scsi_error.c
    and reduce size as well (bnc#798050).

  - scsi: Reduce error recovery time by reducing use of TURs
    (bnc#798050).

  - scsi: fix eh wakeup (scsi_schedule_eh vs
    scsi_restart_operations)

  - scsi: cleanup setting task state in scsi_error_handler()
    (bnc#798050).

  - scsi: Add 'eh_deadline' to limit SCSI EH runtime
    (bnc#798050).

  - scsi: Fixup compilation warning (bnc#798050).

  - scsi: fc class: fix scanning when devs are offline
    (bnc#798050).

  - scsi: Warn on invalid command completion (bnc#798050).

  - scsi: Retry failfast commands after EH (bnc#798050).

  - scsi: kABI fixes (bnc#798050).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # http://download.suse.com/patch/finder/?keywords=bd99d2fcd47fefd9c76757c1e9e1cccb
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?f2aa0bd1"
  );
  # http://download.suse.com/patch/finder/?keywords=d046a694b83b003f9bb6b21b6c0e8e6f
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?978cc4de"
  );
  # http://download.suse.com/patch/finder/?keywords=e59a3c9997ba1bed5bbf01d34d34a3d7
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?3d3e6e8e"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-2492.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-2494.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6537.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6539.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6540.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6541.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6542.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6544.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6545.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6546.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6547.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6549.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0343.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0914.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1827.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2141.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2164.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2206.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2232.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2234.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2237.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2888.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2893.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2897.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3222.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3223.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3224.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3228.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3229.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3231.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3232.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3234.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3235.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4162.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4387.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4470.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4483.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4588.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6383.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1444.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1445.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1446.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/702014"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/703156"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/790920"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/798050"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/805226"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/806219"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/808827"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809889"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809891"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809892"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809893"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809894"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809898"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809899"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809900"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809901"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809903"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/811354"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/816668"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/820338"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/822722"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/823267"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/824295"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/825052"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/826102"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/826551"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/827362"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/827749"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/827750"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/827855"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/827983"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/828119"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/830344"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/831058"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/832603"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/835839"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/842239"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/843430"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/845028"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/847672"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/848321"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/849765"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/850241"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/851095"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/852558"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/853501"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/857597"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/858869"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/858870"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/858872"
  );
  # https://www.suse.com/support/update/announcement/2014/suse-su-20140536-1.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?df916a1b"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel packages"
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-bigsmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kdump");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kdumppae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vmi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vmipae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xenpae");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:10");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/04/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = eregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! ereg(pattern:"^(SLES10)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES10", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES10" && (! ereg(pattern:"^4$", string:sp))) audit(AUDIT_OS_NOT, "SLES10 SP4", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-debug-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-kdump-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-smp-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-xen-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-bigsmp-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-kdumppae-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-vmi-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-vmipae-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-xenpae-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", reference:"kernel-default-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", reference:"kernel-source-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", reference:"kernel-syms-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-debug-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-kdump-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-smp-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-xen-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-bigsmp-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-kdumppae-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-vmi-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-vmipae-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-xenpae-2.6.16.60-0.105.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2234-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(74355);
  script_version("1.21");
  script_cvs_date("Date: 2019/09/19 12:54:30");

  script_cve_id("CVE-2013-4387", "CVE-2013-4470", "CVE-2013-4483", "CVE-2014-1438", "CVE-2014-3122", "CVE-2014-3153");
  script_bugtraq_id(62696, 63359, 63445, 64781, 67162, 67906);
  script_xref(name:"USN", value:"2234-1");

  script_name(english:"Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2234-1)");
  script_summary(english:"Checks dpkg output for updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Ubuntu host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An
unprivileged local user could exploit this flaw to cause a denial of
service (system crash) or gain administrative privileges.
(CVE-2014-3153)

Dmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6
UDP Fragmentation Offload (UFO) processing. A remote attacker could
leverage this flaw to cause a denial of service (system crash).
(CVE-2013-4387)

Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP
Fragmentation Offload (UFO). An unprivileged local user could exploit
this flaw to cause a denial of service (system crash) or possibly gain
administrative privileges. (CVE-2013-4470)

A flaw was discovered in the Linux kernel's IPC reference counting. An
unprivileged local user could exploit this flaw to cause a denial of
service (OOM system crash). (CVE-2013-4483)

halfdog reported an error in the AMD K7 and K8 platform support in the
Linux kernel. An unprivileged local user could exploit this flaw on
AMD based systems to cause a denial of service (task kill) or possibly
gain privileges via a crafted application. (CVE-2014-1438)

Sasha Levin reported a bug in the Linux kernel's virtual memory
management subsystem. An unprivileged local user could exploit this
flaw to cause a denial of service (system crash). (CVE-2014-3122).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/2234-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected linux-image-2.6-ec2 package."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Android "Towelroot" Futex Requeue Kernel Exploit');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2013-4387", "CVE-2013-4470", "CVE-2013-4483", "CVE-2014-1438", "CVE-2014-3122", "CVE-2014-3153");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2234-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-365-ec2", pkgver:"2.6.32-365.79")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-2.6-ec2");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2014:1392 and 
# CentOS Errata and Security Advisory 2014:1392 respectively.
#

include("compat.inc");

if (description)
{
  script_id(79181);
  script_version("1.13");
  script_cvs_date("Date: 2020/01/06");

  script_cve_id("CVE-2013-2596", "CVE-2013-4483", "CVE-2014-0181", "CVE-2014-3122", "CVE-2014-3601", "CVE-2014-4608", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-5045", "CVE-2014-5077");
  script_bugtraq_id(63445, 67034, 67162, 68162, 68164, 68214, 68862, 68881, 69489);
  script_xref(name:"RHSA", value:"2014:1392");

  script_name(english:"CentOS 6 : kernel (CESA-2014:1392)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote CentOS host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated kernel packages that fix multiple security issues, address
several hundred bugs, and add numerous enhancements are now available
as part of the ongoing support and maintenance of Red Hat Enterprise
Linux version 6. This is the sixth regular update.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A NULL pointer dereference flaw was found in the way the Linux
kernel's Stream Control Transmission Protocol (SCTP) implementation
handled simultaneous connections between the same hosts. A remote
attacker could use this flaw to crash the system. (CVE-2014-5077,
Important)

* An integer overflow flaw was found in the way the Linux kernel's
Frame Buffer device implementation mapped kernel memory to user space
via the mmap syscall. A local user able to access a frame buffer
device file (/dev/fb*) could possibly use this flaw to escalate their
privileges on the system. (CVE-2013-2596, Important)

* A flaw was found in the way the ipc_rcu_putref() function in the
Linux kernel's IPC implementation handled reference counter
decrementing. A local, unprivileged user could use this flaw to
trigger an Out of Memory (OOM) condition and, potentially, crash the
system. (CVE-2013-4483, Moderate)

* It was found that the permission checks performed by the Linux
kernel when a netlink message was received were not sufficient. A
local, unprivileged user could potentially bypass these restrictions
by passing a netlink socket as stdout or stderr to a more privileged
process and altering the output of this process. (CVE-2014-0181,
Moderate)

* It was found that the try_to_unmap_cluster() function in the Linux
kernel's Memory Managment subsystem did not properly handle page
locking in certain cases, which could potentially trigger the BUG_ON()
macro in the mlock_vma_page() function. A local, unprivileged user
could use this flaw to crash the system. (CVE-2014-3122, Moderate)

* A flaw was found in the way the Linux kernel's kvm_iommu_map_pages()
function handled IOMMU mapping failures. A privileged user in a guest
with an assigned host device could use this flaw to crash the host.
(CVE-2014-3601, Moderate)

* Multiple use-after-free flaws were found in the way the Linux
kernel's Advanced Linux Sound Architecture (ALSA) implementation
handled user controls. A local, privileged user could use either of
these flaws to crash the system. (CVE-2014-4653, CVE-2014-4654,
CVE-2014-4655, Moderate)

* A flaw was found in the way the Linux kernel's VFS subsystem handled
reference counting when performing unmount operations on symbolic
links. A local, unprivileged user could use this flaw to exhaust all
available memory on the system or, potentially, trigger a
use-after-free error, resulting in a system crash or privilege
escalation. (CVE-2014-5045, Moderate)

* An integer overflow flaw was found in the way the
lzo1x_decompress_safe() function of the Linux kernel's LZO
implementation processed Literal Runs. A local attacker could, in
extremely rare cases, use this flaw to crash the system or,
potentially, escalate their privileges on the system. (CVE-2014-4608,
Low)

Red Hat would like to thank Vladimir Davydov of Parallels for
reporting CVE-2013-4483, Jack Morgenstein of Mellanox for reporting
CVE-2014-3601, Vasily Averin of Parallels for reporting CVE-2014-5045,
and Don A. Bailey from Lab Mouse Security for reporting CVE-2014-4608.
The security impact of the CVE-2014-3601 issue was discovered by
Michael Tsirkin of Red Hat.

This update also fixes several hundred bugs and adds numerous
enhancements. Refer to the Red Hat Enterprise Linux 6.6 Release Notes
for information on the most significant of these changes, and the
Technical Notes for further information, both linked to in the
References.

All Red Hat Enterprise Linux 6 users are advised to install these
updated packages, which correct these issues, and fix the bugs and add
the enhancements noted in the Red Hat Enterprise Linux 6.6 Release
Notes and Technical Notes. The system must be rebooted for this update
to take effect."
  );
  # https://lists.centos.org/pipermail/centos-cr-announce/2014-October/001221.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?9556b27e"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2596");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-abi-whitelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-firmware");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/10/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"CentOS Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver);

if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);


flag = 0;
if (rpm_check(release:"CentOS-6", reference:"kernel-2.6.32-504.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"kernel-abi-whitelists-2.6.32-504.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"kernel-debug-2.6.32-504.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"kernel-debug-devel-2.6.32-504.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"kernel-devel-2.6.32-504.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"kernel-doc-2.6.32-504.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"kernel-firmware-2.6.32-504.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"kernel-headers-2.6.32-504.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"perf-2.6.32-504.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"python-perf-2.6.32-504.el6")) flag++;


if (flag)
{
  cr_plugin_caveat = '\n' +
    'NOTE: The security advisory associated with this vulnerability has a\n' +
    'fixed package version that may only be available in the continuous\n' +
    'release (CR) repository for CentOS, until it is present in the next\n' +
    'point release of CentOS.\n\n' +

    'If an equal or higher package level does not exist in the baseline\n' +
    'repository for your major version of CentOS, then updates from the CR\n' +
    'repository will need to be applied in order to address the\n' +
    'vulnerability.\n';
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get() + cr_plugin_caveat
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2014:0285 and 
# Oracle Linux Security Advisory ELSA-2014-0285 respectively.
#

include("compat.inc");

if (description)
{
  script_id(73007);
  script_version("1.14");
  script_cvs_date("Date: 2019/09/30 10:58:18");

  script_cve_id("CVE-2013-2929", "CVE-2013-4483", "CVE-2013-4554", "CVE-2013-6381", "CVE-2013-6383", "CVE-2013-6885", "CVE-2013-7263");
  script_bugtraq_id(63445, 63888, 63890, 63931, 63983, 64111, 64677, 64685, 64686, 64747);
  script_xref(name:"RHSA", value:"2014:0285");

  script_name(english:"Oracle Linux 5 : kernel (ELSA-2014-0285)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Oracle Linux host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"From Red Hat Security Advisory 2014:0285 :

Updated kernel packages that fix multiple security issues, several
bugs, and add one enhancement are now available for Red Hat Enterprise
Linux 5.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A buffer overflow flaw was found in the way the qeth_snmp_command()
function in the Linux kernel's QETH network device driver
implementation handled SNMP IOCTL requests with an out-of-bounds
length. A local, unprivileged user could use this flaw to crash the
system or, potentially, escalate their privileges on the system.
(CVE-2013-6381, Important)

* A flaw was found in the way the ipc_rcu_putref() function in the
Linux kernel's IPC implementation handled reference counter
decrementing. A local, unprivileged user could use this flaw to
trigger an Out of Memory (OOM) condition and, potentially, crash the
system. (CVE-2013-4483, Moderate)

* It was found that the Xen hypervisor implementation did not
correctly check privileges of hypercall attempts made by HVM guests,
allowing hypercalls to be invoked from protection rings 1 and 2 in
addition to ring 0. A local attacker in an HVM guest able to execute
code on privilege levels 1 and 2 could potentially use this flaw to
further escalate their privileges in that guest. Note: Xen HVM guests
running unmodified versions of Red Hat Enterprise Linux and Microsoft
Windows are not affected by this issue because they are known to only
use protection rings 0 (kernel) and 3 (userspace). (CVE-2013-4554,
Moderate)

* A flaw was found in the way the Linux kernel's Adaptec RAID
controller (aacraid) checked permissions of compat IOCTLs. A local
attacker could use this flaw to bypass intended security restrictions.
(CVE-2013-6383, Moderate)

* It was found that, under specific circumstances, a combination of
write operations to write-combined memory and locked CPU instructions
may cause a core hang on certain AMD CPUs (for more information, refer
to AMD CPU erratum 793 linked in the References section). A privileged
user in a guest running under the Xen hypervisor could use this flaw
to cause a denial of service on the host system. This update adds a
workaround to the Xen hypervisor implementation, which mitigates the
AMD CPU issue. Note: this issue only affects AMD Family 16h Models
00h-0Fh Processors. Non-AMD CPUs are not vulnerable. (CVE-2013-6885,
Moderate)

* It was found that certain protocol handlers in the Linux kernel's
networking implementation could set the addr_len value without
initializing the associated data structure. A local, unprivileged user
could use this flaw to leak kernel stack memory to user space using
the recvmsg, recvfrom, and recvmmsg system calls. (CVE-2013-7263, Low)

* A flaw was found in the way the get_dumpable() function return value
was interpreted in the ptrace subsystem of the Linux kernel. When
'fs.suid_dumpable' was set to 2, a local, unprivileged local user
could use this flaw to bypass intended ptrace restrictions and obtain
potentially sensitive information. (CVE-2013-2929, Low)

Red Hat would like to thank Vladimir Davydov of Parallels for
reporting CVE-2013-4483 and the Xen project for reporting
CVE-2013-4554 and CVE-2013-6885. Upstream acknowledges Jan Beulich as
the original reporter of CVE-2013-4554 and CVE-2013-6885.

This update also fixes several bugs and adds one enhancement.
Documentation for these changes will be available shortly from the
Technical Notes document linked to in the References section.

All kernel users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues and add this
enhancement. The system must be rebooted for this update to take
effect."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2014-March/004012.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-PAE");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-PAE-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/03/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/14");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
include("ksplice.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2013-2929", "CVE-2013-4483", "CVE-2013-4554", "CVE-2013-6381", "CVE-2013-6383", "CVE-2013-6885", "CVE-2013-7263");  
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2014-0285");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

kernel_major_minor = get_kb_item("Host/uname/major_minor");
if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
expected_kernel_major_minor = "2.6";
if (kernel_major_minor != expected_kernel_major_minor)
  audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);

flag = 0;
if (rpm_exists(release:"EL5", rpm:"kernel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-2.6.18-371.6.1.el5")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-PAE-2.6.18") && rpm_check(release:"EL5", cpu:"i386", reference:"kernel-PAE-2.6.18-371.6.1.el5")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-PAE-devel-2.6.18") && rpm_check(release:"EL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-371.6.1.el5")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-debug-2.6.18") && rpm_check(release:"EL5", reference:"kernel-debug-2.6.18-371.6.1.el5")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-debug-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-debug-devel-2.6.18-371.6.1.el5")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-devel-2.6.18-371.6.1.el5")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-doc-2.6.18") && rpm_check(release:"EL5", reference:"kernel-doc-2.6.18-371.6.1.el5")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-headers-2.6.18") && rpm_check(release:"EL5", reference:"kernel-headers-2.6.18-371.6.1.el5")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-xen-2.6.18") && rpm_check(release:"EL5", reference:"kernel-xen-2.6.18-371.6.1.el5")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-xen-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-xen-devel-2.6.18-371.6.1.el5")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2014:0287-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(83611);
  script_version("2.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2011-1083", "CVE-2011-3593", "CVE-2012-1601", "CVE-2012-2137", "CVE-2012-2372", "CVE-2012-2745", "CVE-2012-3375", "CVE-2012-3412", "CVE-2012-3430", "CVE-2012-3511", "CVE-2012-4444", "CVE-2012-4530", "CVE-2012-4565", "CVE-2012-6537", "CVE-2012-6538", "CVE-2012-6539", "CVE-2012-6540", "CVE-2012-6541", "CVE-2012-6542", "CVE-2012-6544", "CVE-2012-6545", "CVE-2012-6546", "CVE-2012-6547", "CVE-2012-6548", "CVE-2012-6549", "CVE-2013-0160", "CVE-2013-0216", "CVE-2013-0231", "CVE-2013-0268", "CVE-2013-0310", "CVE-2013-0343", "CVE-2013-0349", "CVE-2013-0871", "CVE-2013-0914", "CVE-2013-1767", "CVE-2013-1773", "CVE-2013-1774", "CVE-2013-1792", "CVE-2013-1796", "CVE-2013-1797", "CVE-2013-1798", "CVE-2013-1827", "CVE-2013-1928", "CVE-2013-1943", "CVE-2013-2015", "CVE-2013-2141", "CVE-2013-2147", "CVE-2013-2164", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2237", "CVE-2013-2634", "CVE-2013-2851", "CVE-2013-2852", "CVE-2013-2888", "CVE-2013-2889", "CVE-2013-2892", "CVE-2013-2893", "CVE-2013-2897", "CVE-2013-2929", "CVE-2013-3222", "CVE-2013-3223", "CVE-2013-3224", "CVE-2013-3225", "CVE-2013-3228", "CVE-2013-3229", "CVE-2013-3231", "CVE-2013-3232", "CVE-2013-3234", "CVE-2013-3235", "CVE-2013-4345", "CVE-2013-4470", "CVE-2013-4483", "CVE-2013-4511", "CVE-2013-4587", "CVE-2013-4588", "CVE-2013-4591", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6378", "CVE-2013-6383", "CVE-2014-1444", "CVE-2014-1445", "CVE-2014-1446");
  script_bugtraq_id(46630, 50767, 53488, 54062, 54063, 54283, 54365, 54702, 54763, 55151, 55878, 56346, 56891, 57176, 57740, 57743, 57838, 57986, 58052, 58112, 58177, 58200, 58202, 58368, 58383, 58409, 58426, 58597, 58604, 58605, 58607, 58795, 58906, 58977, 58978, 58985, 58986, 58987, 58989, 58990, 58991, 58992, 58993, 58994, 58996, 59377, 59380, 59381, 59383, 59385, 59389, 59390, 59393, 59394, 59397, 59512, 60254, 60280, 60375, 60409, 60410, 60466, 60874, 60893, 60953, 62042, 62043, 62044, 62049, 62050, 62740, 63359, 63445, 63512, 63744, 63791, 63886, 63888, 64111, 64270, 64291, 64328, 64952, 64953, 64954);

  script_name(english:"SUSE SLES11 Security Update : kernel (SUSE-SU-2014:0287-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update to
fix a lot of security issues and non-security bugs.

The following security bugs have been fixed :

CVE-2011-3593: A certain Red Hat patch to the vlan_hwaccel_do_receive
function in net/8021q/vlan_core.c in the Linux kernel 2.6.32 on Red
Hat Enterprise Linux (RHEL) 6 allows remote attackers to cause a
denial of service (system crash) via priority-tagged VLAN frames.
(bnc#735347)

CVE-2012-1601: The KVM implementation in the Linux kernel
before 3.3.6 allows host OS users to cause a denial of
service (NULL pointer dereference and host OS crash) by
making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU
already exists. (bnc#754898)

CVE-2012-2137: Buffer overflow in virt/kvm/irq_comm.c in the
KVM subsystem in the Linux kernel before 3.2.24 allows local
users to cause a denial of service (crash) and possibly
execute arbitrary code via vectors related to Message
Signaled Interrupts (MSI), irq routing entries, and an
incorrect check by the setup_routing_entry function before
invoking the kvm_set_irq function. (bnc#767612)

CVE-2012-2372: The rds_ib_xmit function in net/rds/ib_send.c
in the Reliable Datagram Sockets (RDS) protocol
implementation in the Linux kernel 3.7.4 and earlier allows
local users to cause a denial of service (BUG_ON and kernel
panic) by establishing an RDS connection with the source IP
address equal to the IPoIB interfaces own IP address, as
demonstrated by rds-ping. (bnc#767610)

CVE-2012-2745: The copy_creds function in kernel/cred.c in
the Linux kernel before 3.3.2 provides an invalid
replacement session keyring to a child process, which allows
local users to cause a denial of service (panic) via a
crafted application that uses the fork system call.
(bnc#770695)

CVE-2012-3375: The epoll_ctl system call in fs/eventpoll.c
in the Linux kernel before 3.2.24 does not properly handle
ELOOP errors in EPOLL_CTL_ADD operations, which allows local
users to cause a denial of service (file-descriptor
consumption and system crash) via a crafted application that
attempts to create a circular epoll dependency. NOTE: this
vulnerability exists because of an incorrect fix for
CVE-2011-1083. (bnc#769896)

CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver in
the Linux kernel before 3.2.30 allows remote attackers to
cause a denial of service (DMA descriptor consumption and
network-controller outage) via crafted TCP packets that
trigger a small MSS value. (bnc#774523)

CVE-2012-3430: The rds_recvmsg function in net/rds/recv.c in
the Linux kernel before 3.0.44 does not initialize a certain
structure member, which allows local users to obtain
potentially sensitive information from kernel stack memory
via a (1) recvfrom or (2) recvmsg system call on an RDS
socket. (bnc#773383)

CVE-2012-3511: Multiple race conditions in the
madvise_remove function in mm/madvise.c in the Linux kernel
before 3.4.5 allow local users to cause a denial of service
(use-after-free and system crash) via vectors involving a
(1) munmap or (2) close system call. (bnc#776885)

CVE-2012-4444: The ip6_frag_queue function in
net/ipv6/reassembly.c in the Linux kernel before 2.6.36
allows remote attackers to bypass intended network
restrictions via overlapping IPv6 fragments. (bnc#789831)

CVE-2012-4530: The load_script function in
fs/binfmt_script.c in the Linux kernel before 3.7.2 does not
properly handle recursion, which allows local users to
obtain sensitive information from kernel stack memory via a
crafted application. (bnc#786013)

CVE-2012-4565: The tcp_illinois_info function in
net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19,
when the net.ipv4.tcp_congestion_control illinois setting is
enabled, allows local users to cause a denial of service
(divide-by-zero error and OOPS) by reading TCP stats.
(bnc#787576)

CVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel
before 3.6 does not initialize certain structures, which
allows local users to obtain sensitive information from
kernel memory by leveraging the CAP_NET_ADMIN capability.
(bnc#809889)

CVE-2012-6538: The copy_to_user_auth function in
net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an
incorrect C library function for copying a string, which
allows local users to obtain sensitive information from
kernel heap memory by leveraging the CAP_NET_ADMIN
capability. (bnc#809889)

CVE-2012-6539: The dev_ifconf function in net/socket.c in
the Linux kernel before 3.6 does not initialize a certain
structure, which allows local users to obtain sensitive
information from kernel stack memory via a crafted
application. (bnc#809891)

CVE-2012-6540: The do_ip_vs_get_ctl function in
net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before
3.6 does not initialize a certain structure for
IP_VS_SO_GET_TIMEOUT commands, which allows local users to
obtain sensitive information from kernel stack memory via a
crafted application. (bnc#809892)

CVE-2012-6541: The ccid3_hc_tx_getsockopt function in
net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does
not initialize a certain structure, which allows local users
to obtain sensitive information from kernel stack memory via
a crafted application. (bnc#809893)

CVE-2012-6542: The llc_ui_getname function in
net/llc/af_llc.c in the Linux kernel before 3.6 has an
incorrect return value in certain circumstances, which
allows local users to obtain sensitive information from
kernel stack memory via a crafted application that leverages
an uninitialized pointer argument. (bnc#809894)

CVE-2012-6544: The Bluetooth protocol stack in the Linux
kernel before 3.6 does not properly initialize certain
structures, which allows local users to obtain sensitive
information from kernel stack memory via a crafted
application that targets the (1) L2CAP or (2) HCI
implementation. (bnc#809898)

CVE-2012-6545: The Bluetooth RFCOMM implementation in the
Linux kernel before 3.6 does not properly initialize certain
structures, which allows local users to obtain sensitive
information from kernel memory via a crafted application.
(bnc#809899)

CVE-2012-6546: The ATM implementation in the Linux kernel
before 3.6 does not initialize certain structures, which
allows local users to obtain sensitive information from
kernel stack memory via a crafted application. (bnc#809900)

CVE-2012-6547: The __tun_chr_ioctl function in
drivers/net/tun.c in the Linux kernel before 3.6 does not
initialize a certain structure, which allows local users to
obtain sensitive information from kernel stack memory via a
crafted application. (bnc#809901)

CVE-2012-6548: The udf_encode_fh function in fs/udf/namei.c
in the Linux kernel before 3.6 does not initialize a certain
structure member, which allows local users to obtain
sensitive information from kernel heap memory via a crafted
application. (bnc#809902)

CVE-2012-6549: The isofs_export_encode_fh function in
fs/isofs/export.c in the Linux kernel before 3.6 does not
initialize a certain structure member, which allows local
users to obtain sensitive information from kernel heap
memory via a crafted application. (bnc#809903)

CVE-2013-0160: The Linux kernel through 3.7.9 allows local
users to obtain sensitive information about keystroke timing
by using the inotify API on the /dev/ptmx device.
(bnc#797175)

CVE-2013-0216: The Xen netback functionality in the Linux
kernel before 3.7.8 allows guest OS users to cause a denial
of service (loop) by triggering ring pointer corruption.
(bnc#800280)(XSA-39)

CVE-2013-0231: The pciback_enable_msi function in the PCI
backend driver
(drivers/xen/pciback/conf_space_capability_msi.c) in Xen for
the Linux kernel 2.6.18 and 3.8 allows guest OS users with
PCI device access to cause a denial of service via a large
number of kernel log messages. NOTE: some of these details
are obtained from third-party information.
(bnc#801178)(XSA-43)

CVE-2013-0268: The msr_open function in
arch/x86/kernel/msr.c in the Linux kernel before 3.7.6
allows local users to bypass intended capability
restrictions by executing a crafted application as root, as
demonstrated by msr32.c. (bnc#802642)

CVE-2013-0310: The cipso_v4_validate function in
net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8
allows local users to cause a denial of service (NULL
pointer dereference and system crash) or possibly have
unspecified other impact via an IPOPT_CIPSO IP_OPTIONS
setsockopt system call. (bnc#804653)

CVE-2013-0343: The ipv6_create_tempaddr function in
net/ipv6/addrconf.c in the Linux kernel through 3.8 does not
properly handle problems with the generation of IPv6
temporary addresses, which allows remote attackers to cause
a denial of service (excessive retries and
address-generation outage), and consequently obtain
sensitive information, via ICMPv6 Router Advertisement (RA)
messages. (bnc#805226)

CVE-2013-0349: The hidp_setup_hid function in
net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6
does not properly copy a certain name field, which allows
local users to obtain sensitive information from kernel
memory by setting a long name and making an HIDPCONNADD
ioctl call. (bnc#805227)

CVE-2013-0871: Race condition in the ptrace functionality in
the Linux kernel before 3.7.5 allows local users to gain
privileges via a PTRACE_SETREGS ptrace system call in a
crafted application, as demonstrated by ptrace_death.
(bnc#804154)

CVE-2013-0914: The flush_signal_handlers function in
kernel/signal.c in the Linux kernel before 3.8.4 preserves
the value of the sa_restorer field across an exec operation,
which makes it easier for local users to bypass the ASLR
protection mechanism via a crafted application containing a
sigaction system call. (bnc#808827)

CVE-2013-1767: Use-after-free vulnerability in the
shmem_remount_fs function in mm/shmem.c in the Linux kernel
before 3.7.10 allows local users to gain privileges or cause
a denial of service (system crash) by remounting a tmpfs
filesystem without specifying a required mpol (aka
mempolicy) mount option. (bnc#806138)

CVE-2013-1773: Buffer overflow in the VFAT filesystem
implementation in the Linux kernel before 3.3 allows local
users to gain privileges or cause a denial of service
(system crash) via a VFAT write operation on a filesystem
with the utf8 mount option, which is not properly handled
during UTF-8 to UTF-16 conversion. (bnc#806977)

CVE-2013-1774: The chase_port function in
drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4
allows local users to cause a denial of service (NULL
pointer dereference and system crash) via an attempted
/dev/ttyUSB read or write operation on a disconnected
Edgeport USB serial converter. (bnc#806976)

CVE-2013-1792: Race condition in the install_user_keyrings
function in security/keys/process_keys.c in the Linux kernel
before 3.8.3 allows local users to cause a denial of service
(NULL pointer dereference and system crash) via crafted
keyctl system calls that trigger keyring operations in
simultaneous threads. (bnc#808358)

CVE-2013-1796: The kvm_set_msr_common function in
arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does
not ensure a required time_page alignment during an
MSR_KVM_SYSTEM_TIME operation, which allows guest OS users
to cause a denial of service (buffer overflow and host OS
memory corruption) or possibly have unspecified other impact
via a crafted application. (bnc#806980)

CVE-2013-1797: Use-after-free vulnerability in
arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows
guest OS users to cause a denial of service (host OS memory
corruption) or possibly have unspecified other impact via a
crafted application that triggers use of a guest physical
address (GPA) in (1) movable or (2) removable memory during
an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation.
(bnc#806980)

CVE-2013-1798: The ioapic_read_indirect function in
virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not
properly handle a certain combination of invalid
IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which
allows guest OS users to obtain sensitive information from
host OS memory or cause a denial of service (host OS OOPS)
via a crafted application. (bnc#806980)

CVE-2013-1827: net/dccp/ccid.h in the Linux kernel before
3.5.4 allows local users to gain privileges or cause a
denial of service (NULL pointer dereference and system
crash) by leveraging the CAP_NET_ADMIN capability for a
certain (1) sender or (2) receiver getsockopt call.
(bnc#811354)

CVE-2013-1928: The do_video_set_spu_palette function in
fs/compat_ioctl.c in the Linux kernel before 3.6.5 on
unspecified architectures lacks a certain error check, which
might allow local users to obtain sensitive information from
kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE
ioctl call on a /dev/dvb device. (bnc#813735)

CVE-2013-1943: The KVM subsystem in the Linux kernel before
3.0 does not check whether kernel addresses are specified
during allocation of memory slots for use in a guests
physical address space, which allows local users to gain
privileges or obtain sensitive information from kernel
memory via a crafted application, related to
arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.
(bnc#828012)

CVE-2013-2015: The ext4_orphan_del function in
fs/ext4/namei.c in the Linux kernel before 3.7.3 does not
properly handle orphan-list entries for non-journal
filesystems, which allows physically proximate attackers to
cause a denial of service (system hang) via a crafted
filesystem on removable media, as demonstrated by the
e2fsprogs tests/f_orphan_extents_inode/image.gz test.
(bnc#817377)

CVE-2013-2141: The do_tkill function in kernel/signal.c in
the Linux kernel before 3.8.9 does not initialize a certain
data structure, which allows local users to obtain sensitive
information from kernel memory via a crafted application
that makes a (1) tkill or (2) tgkill system call.
(bnc#823267)

CVE-2013-2147: The HP Smart Array controller disk-array
driver and Compaq SMART2 controller disk-array driver in the
Linux kernel through 3.9.4 do not initialize certain data
structures, which allows local users to obtain sensitive
information from kernel memory via (1) a crafted
IDAGETPCIINFO command for a /dev/ida device, related to the
ida_locked_ioctl function in drivers/block/cpqarray.c or (2)
a crafted CCISS_PASSTHRU32 command for a /dev/cciss device,
related to the cciss_ioctl32_passthru function in
drivers/block/cciss.c. (bnc#823260)

CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in
drivers/cdrom/cdrom.c in the Linux kernel through 3.10
allows local users to obtain sensitive information from
kernel memory via a read operation on a malfunctioning
CD-ROM drive. (bnc#824295)

CVE-2013-2232: The ip6_sk_dst_check function in
net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows
local users to cause a denial of service (system crash) by
using an AF_INET6 socket for a connection to an IPv4
interface. (bnc#827750)

CVE-2013-2234: The (1) key_notify_sa_flush and (2)
key_notify_policy_flush functions in net/key/af_key.c in the
Linux kernel before 3.10 do not initialize certain structure
members, which allows local users to obtain sensitive
information from kernel heap memory by reading a broadcast
message from the notify interface of an IPSec key_socket.
(bnc#827749)

CVE-2013-2237: The key_notify_policy_flush function in
net/key/af_key.c in the Linux kernel before 3.9 does not
initialize a certain structure member, which allows local
users to obtain sensitive information from kernel heap
memory by reading a broadcast message from the notify_policy
interface of an IPSec key_socket. (bnc#828119)

CVE-2013-2634: net/dcb/dcbnl.c in the Linux kernel before
3.8.4 does not initialize certain structures, which allows
local users to obtain sensitive information from kernel
stack memory via a crafted application. (bnc#810473)

CVE-2013-2851: Format string vulnerability in the
register_disk function in block/genhd.c in the Linux kernel
through 3.9.4 allows local users to gain privileges by
leveraging root access and writing format string specifiers
to /sys/module/md_mod/parameters/new_array in order to
create a crafted /dev/md device name. (bnc#822575)

CVE-2013-2852: Format string vulnerability in the
b43_request_firmware function in
drivers/net/wireless/b43/main.c in the Broadcom B43 wireless
driver in the Linux kernel through 3.9.4 allows local users
to gain privileges by leveraging root access and including
format string specifiers in an fwpostfix modprobe parameter,
leading to improper construction of an error message.
(bnc#822579)

CVE-2013-2888: Multiple array index errors in
drivers/hid/hid-core.c in the Human Interface Device (HID)
subsystem in the Linux kernel through 3.11 allow physically
proximate attackers to execute arbitrary code or cause a
denial of service (heap memory corruption) via a crafted
device that provides an invalid Report ID. (bnc#835839)

CVE-2013-2889: drivers/hid/hid-zpff.c in the Human Interface
Device (HID) subsystem in the Linux kernel through 3.11,
when CONFIG_HID_ZEROPLUS is enabled, allows physically
proximate attackers to cause a denial of service (heap-based
out-of-bounds write) via a crafted device. (bnc#835839)

CVE-2013-2892: drivers/hid/hid-pl.c in the Human Interface
Device (HID) subsystem in the Linux kernel through 3.11,
when CONFIG_HID_PANTHERLORD is enabled, allows physically
proximate attackers to cause a denial of service (heap-based
out-of-bounds write) via a crafted device. (bnc#835839)

CVE-2013-2893: The Human Interface Device (HID) subsystem in
the Linux kernel through 3.11, when CONFIG_LOGITECH_FF,
CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled,
allows physically proximate attackers to cause a denial of
service (heap-based out-of-bounds write) via a crafted
device, related to (1) drivers/hid/hid-lgff.c, (2)
drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c.
(bnc#835839)

CVE-2013-2897: Multiple array index errors in
drivers/hid/hid-multitouch.c in the Human Interface Device
(HID) subsystem in the Linux kernel through 3.11, when
CONFIG_HID_MULTITOUCH is enabled, allow physically proximate
attackers to cause a denial of service (heap memory
corruption, or NULL pointer dereference and OOPS) via a
crafted device. (bnc#835839)

CVE-2013-2929: The Linux kernel before 3.12.2 does not
properly use the get_dumpable function, which allows local
users to bypass intended ptrace restrictions or obtain
sensitive information from IA64 scratch registers via a
crafted application, related to kernel/ptrace.c and
arch/ia64/include/asm/processor.h. (bnc#847652)

CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c
in the Linux kernel before 3.9-rc7 does not initialize a
certain length variable, which allows local users to obtain
sensitive information from kernel stack memory via a crafted
recvmsg or recvfrom system call. (bnc#816668)

CVE-2013-3223: The ax25_recvmsg function in
net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does
not initialize a certain data structure, which allows local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

CVE-2013-3224: The bt_sock_recvmsg function in
net/bluetooth/af_bluetooth.c in the Linux kernel before
3.9-rc7 does not properly initialize a certain length
variable, which allows local users to obtain sensitive
information from kernel stack memory via a crafted recvmsg
or recvfrom system call. (bnc#816668)

CVE-2013-3225: The rfcomm_sock_recvmsg function in
net/bluetooth/rfcomm/sock.c in the Linux kernel before
3.9-rc7 does not initialize a certain length variable, which
allows local users to obtain sensitive information from
kernel stack memory via a crafted recvmsg or recvfrom system
call. (bnc#816668)

CVE-2013-3228: The irda_recvmsg_dgram function in
net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does
not initialize a certain length variable, which allows local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

CVE-2013-3229: The iucv_sock_recvmsg function in
net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does
not initialize a certain length variable, which allows local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

CVE-2013-3231: The llc_ui_recvmsg function in
net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not
initialize a certain length variable, which allows local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

CVE-2013-3232: The nr_recvmsg function in
net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7
does not initialize a certain data structure, which allows
local users to obtain sensitive information from kernel
stack memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

CVE-2013-3234: The rose_recvmsg function in
net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does
not initialize a certain data structure, which allows local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

CVE-2013-3235: net/tipc/socket.c in the Linux kernel before
3.9-rc7 does not initialize a certain data structure and a
certain length variable, which allows local users to obtain
sensitive information from kernel stack memory via a crafted
recvmsg or recvfrom system call. (bnc#816668)

CVE-2013-4345: Off-by-one error in the get_prng_bytes
function in crypto/ansi_cprng.c in the Linux kernel through
3.11.4 makes it easier for context-dependent attackers to
defeat cryptographic protection mechanisms via multiple
requests for small amounts of data, leading to improper
management of the state of the consumed data. (bnc#840226)

CVE-2013-4470: The Linux kernel before 3.12, when UDP
Fragmentation Offload (UFO) is enabled, does not properly
initialize certain data structures, which allows local users
to cause a denial of service (memory corruption and system
crash) or possibly gain privileges via a crafted application
that uses the UDP_CORK option in a setsockopt system call
and sends both short and long packets, related to the
ip_ufo_append_data function in net/ipv4/ip_output.c and the
ip6_ufo_append_data function in net/ipv6/ip6_output.c.
(bnc#847672)

CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in
the Linux kernel before 3.10 does not properly manage a
reference count, which allows local users to cause a denial
of service (memory consumption or system crash) via a
crafted application. (bnc#848321)

CVE-2013-4511: Multiple integer overflows in Alchemy LCD
frame-buffer drivers in the Linux kernel before 3.12 allow
local users to create a read-write memory mapping for the
entirety of kernel memory, and consequently gain privileges,
via crafted mmap operations, related to the (1)
au1100fb_fb_mmap function in drivers/video/au1100fb.c and
the (2) au1200fb_fb_mmap function in
drivers/video/au1200fb.c. (bnc#849021)

CVE-2013-4587: Array index error in the
kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in
the KVM subsystem in the Linux kernel through 3.12.5 allows
local users to gain privileges via a large id value.
(bnc#853050)

CVE-2013-4588: Multiple stack-based buffer overflows in
net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before
2.6.33, when CONFIG_IP_VS is used, allow local users to gain
privileges by leveraging the CAP_NET_ADMIN capability for
(1) a getsockopt system call, related to the
do_ip_vs_get_ctl function, or (2) a setsockopt system call,
related to the do_ip_vs_set_ctl function. (bnc#851095)

CVE-2013-4591: Buffer overflow in the
__nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the
Linux kernel before 3.7.2 allows local users to cause a
denial of service (memory corruption and system crash) or
possibly have unspecified other impact via a getxattr system
call for the system.nfs4_acl extended attribute of a
pathname on an NFSv4 filesystem. (bnc#851103)

CVE-2013-6367: The apic_get_tmcct function in
arch/x86/kvm/lapic.c in the KVM subsystem in the Linux
kernel through 3.12.5 allows guest OS users to cause a
denial of service (divide-by-zero error and host OS crash)
via crafted modifications of the TMICT value. (bnc#853051)

CVE-2013-6368: The KVM subsystem in the Linux kernel through
3.12.5 allows local users to gain privileges or cause a
denial of service (system crash) via a VAPIC synchronization
operation involving a page-end address. (bnc#853052)

CVE-2013-6378: The lbs_debugfs_write function in
drivers/net/wireless/libertas/debugfs.c in the Linux kernel
through 3.12.1 allows local users to cause a denial of
service (OOPS) by leveraging root privileges for a
zero-length write operation. (bnc#852559)

CVE-2013-6383: The aac_compat_ioctl function in
drivers/scsi/aacraid/linit.c in the Linux kernel before
3.11.8 does not require the CAP_SYS_RAWIO capability, which
allows local users to bypass intended access restrictions
via a crafted ioctl call. (bnc#852558)

CVE-2014-1444: The fst_get_iface function in
drivers/net/wan/farsync.c in the Linux kernel before 3.11.7
does not properly initialize a certain data structure, which
allows local users to obtain sensitive information from
kernel memory by leveraging the CAP_NET_ADMIN capability for
an SIOCWANDEV ioctl call. (bnc#858869)

CVE-2014-1445: The wanxl_ioctl function in
drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7
does not properly initialize a certain data structure, which
allows local users to obtain sensitive information from
kernel memory via an ioctl call. (bnc#858870)

CVE-2014-1446: The yam_ioctl function in
drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8
does not initialize a certain structure member, which allows
local users to obtain sensitive information from kernel
memory by leveraging the CAP_NET_ADMIN capability for an
SIOCYAMGCFG ioctl call. (bnc#858872)

Also the following non-security bugs have been fixed :

  - x86: Clear HPET configuration registers on startup
    (bnc#748896).

  - sched: fix divide by zero in task_utime() (bnc#761774).

  - sched: Fix pick_next_highest_task_rt() for cgroups
    (bnc#760596).

  - mm: hugetlbfs: Close race during teardown of hugetlbfs
    shared page tables.

  - mm: hugetlbfs: Correctly detect if page tables have just
    been shared. (Fix bad PMD message displayed while using
    hugetlbfs (bnc#762366)).

  - cpumask: Partition_sched_domains takes array of
    cpumask_var_t (bnc#812364).

  - cpumask: Simplify sched_rt.c (bnc#812364).

  - kabi: protect bind_conflict callback in struct
    inet_connection_sock_af_ops (bnc#823618).

  - memcg: fix init_section_page_cgroup pfn alignment
    (bnc#835481).

  - tty: fix up atime/mtime mess, take three (bnc#797175).

  - tty: fix atime/mtime regression (bnc#815745).

  - ptrace: ptrace_resume() should not wake up !TASK_TRACED
    thread (bnc#804154).

  - kbuild: Fix gcc -x syntax (bnc#773831).

  - ftrace: Disable function tracing during suspend/resume
    and hibernation, again (bnc#768668). proc: fix
    pagemap_read() error case (bnc#787573).

    net: Upgrade device features irrespective of mask
    (bnc#715250).

  - tcp: bind() fix autoselection to share ports
    (bnc#823618).

  - tcp: bind() use stronger condition for bind_conflict
    (bnc#823618).

  - tcp: ipv6: bind() use stronger condition for
    bind_conflict (bnc#823618).

  - netfilter: use RCU safe kfree for conntrack extensions
    (bnc#827416).

  - netfilter: prevent race condition breaking net reference
    counting (bnc#835094).

  - netfilter: send ICMPv6 message on fragment reassembly
    timeout (bnc#773577).

  - netfilter: fix sending ICMPv6 on netfilter reassembly
    timeout (bnc#773577).

  - tcp_cubic: limit delayed_ack ratio to prevent divide
    error (bnc#810045). bonding: in balance-rr mode, set
    curr_active_slave only if it is up (bnc#789648).

    scsi: Add 'eh_deadline' to limit SCSI EH runtime
    (bnc#798050).

  - scsi: Allow error handling timeout to be specified
    (bnc#798050).

  - scsi: Fixup compilation warning (bnc#798050).

  - scsi: Retry failfast commands after EH (bnc#798050).

  - scsi: Warn on invalid command completion (bnc#798050).

  - scsi: Always retry internal target error (bnc#745640,
    bnc#825227).

  - scsi: kABI fixes (bnc#798050).

  - scsi: remove check for 'resetting' (bnc#798050).

  - scsi: Eliminate error handler overload of the SCSI
    serial number (bnc#798050).

  - scsi: Reduce error recovery time by reducing use of TURs
    (bnc#798050).

  - scsi: Reduce sequential pointer derefs in scsi_error.c
    and reduce size as well (bnc#798050).

  - scsi: cleanup setting task state in scsi_error_handler()
    (bnc#798050).

  - scsi: fix eh wakeup (scsi_schedule_eh vs
    scsi_restart_operations) (bnc#798050). scsi: fix id
    computation in scsi_eh_target_reset() (bnc#798050).

    advansys: Remove 'last_reset' references (bnc#798050).

  - dc395: Move 'last_reset' into internal host structure
    (bnc#798050).

  - dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050).

  - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset
    (bnc#798050).

  - fc class: fix scanning when devs are offline
    (bnc#798050). tmscsim: Move 'last_reset' into host
    structure (bnc#798050).

    st: Store page order before driver buffer allocation
    (bnc#769644).

  - st: Increase success probability in driver buffer
    allocation (bnc#769644). st: work around broken
    __bio_add_page logic (bnc#769644).

    avoid race by ignoring flush_time in cache_check
    (bnc#814363).

    writeback: remove the internal 5% low bound on
    dirty_ratio

  - writeback: skip balance_dirty_pages() for in-memory fs
    (Do not dirty throttle ram-based filesystems
    (bnc#840858)). writeback: Do not sync data dirtied after
    sync start (bnc#833820).

    blkdev_max_block: make private to fs/buffer.c
    (bnc#820338).

  - vfs: avoid 'attempt to access beyond end of device'
    warnings (bnc#820338). vfs: fix O_DIRECT read past end
    of block device (bnc#820338).

    lib/radix-tree.c: make radix_tree_node_alloc() work
    correctly within interrupt (bnc#763463).

    xfs: allow writeback from kswapd (bnc#826707).

  - xfs: skip writeback from reclaim context (bnc#826707).

  - xfs: Serialize file-extending direct IO (bnc#818371).

  - xfs: Avoid pathological backwards allocation
    (bnc#805945). xfs: fix inode lookup race (bnc#763463).

    cifs: clarify the meaning of tcpStatus == CifsGood
    (bnc#776024).

    cifs: do not allow cifs_reconnect to exit with NULL
    socket pointer (bnc#776024).

    ocfs2: Add a missing journal credit in
    ocfs2_link_credits() -v2 (bnc#773320).

    usb: Fix deadlock in hid_reset when Dell iDRAC is reset
    (bnc#814716).

    usb: xhci: Fix command completion after a drop endpoint
    (bnc#807320).

    netiucv: Hold rtnl between name allocation and device
    registration (bnc#824159).

    rwsem: Test for no active locks in __rwsem_do_wake undo
    code (bnc#813276).

    nfs: NFSv3/v2: Fix data corruption with NFS short reads
    (bnc#818337).

  - nfs: Allow sec=none mounts in certain cases
    (bnc#795354).

  - nfs: Make nfsiod a multi-thread queue (bnc#815352).

  - nfs: increase number of permitted callback connections
    (bnc#771706).

  - nfs: Fix Oops in nfs_lookup_revalidate (bnc#780008).

  - nfs: do not allow TASK_KILLABLE sleeps to block the
    freezer (bnc#775182). nfs: Avoid race in d_splice_alias
    and vfs_rmdir (bnc#845028).

    svcrpc: take lock on turning entry NEGATIVE in
    cache_check (bnc#803320).

  - svcrpc: ensure cache_check caller sees updated entry
    (bnc#803320).

  - sunrpc/cache: remove races with queuing an upcall
    (bnc#803320).

  - sunrpc/cache: use cache_fresh_unlocked consistently and
    correctly (bnc#803320).

  - sunrpc/cache: ensure items removed from cache do not
    have pending upcalls (bnc#803320).

  - sunrpc/cache: do not schedule update on cache item that
    has been replaced (bnc#803320). sunrpc/cache: fix test
    in try_to_negate (bnc#803320).

    xenbus: fix overflow check in xenbus_dev_write().

  - x86: do not corrupt %eip when returning from a signal
    handler.

  - scsiback/usbback: move cond_resched() invocations to
    proper place. netback: fix netbk_count_requests().

    dm: add dm_deleting_md function (bnc#785016).

  - dm: bind new table before destroying old (bnc#785016).

  - dm: keep old table until after resume succeeded
    (bnc#785016). dm: rename dm_get_table to
    dm_get_live_table (bnc#785016).

    drm/edid: Fix up partially corrupted headers
    (bnc#780004).

    drm/edid: Retry EDID fetch up to four times
    (bnc#780004).

    i2c-algo-bit: Fix spurious SCL timeouts under heavy load
    (bnc#780004).

    hpilo: remove pci_disable_device (bnc#752544).

    mptsas: handle 'Initializing Command Required' ASCQ
    (bnc#782178).

    mpt2sas: Fix race on shutdown (bnc#856917).

    ipmi: decrease the IPMI message transaction time in
    interrupt mode (bnc#763654).

  - ipmi: simplify locking (bnc#763654). ipmi: use a tasklet
    for handling received messages (bnc#763654).

    bnx2x: bug fix when loading after SAN boot (bnc#714906).

    bnx2x: previous driver unload revised (bnc#714906).

    ixgbe: Address fact that RSC was not setting GSO size
    for incoming frames (bnc#776144).

    ixgbe: pull PSRTYPE configuration into a separate
    function (bnc#780572 bnc#773640 bnc#776144).

    e1000e: clear REQ and GNT in EECD (82571 && 82572)
    (bnc#762099).

    hpsa: do not attempt to read from a write-only register
    (bnc#777473).

    aio: Fixup kABI for the aio-implement-request-batching
    patch (bnc#772849).

  - aio: bump i_count instead of using igrab (bnc#772849).
    aio: implement request batching (bnc#772849).

    Driver core: Do not remove kobjects in device_shutdown
    (bnc#771992).

    resources: fix call to alignf() in allocate_resource()
    (bnc#744955).

  - resources: when allocate_resource() fails, leave
    resource untouched (bnc#744955).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # http://download.novell.com/patch/finder/?keywords=36a4c03a7a6e23326bdc75867718c3f5
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?499ef588"
  );
  # http://download.novell.com/patch/finder/?keywords=78a90ce26186ad3c08d3168f7c56498f
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6524481b"
  );
  # http://download.novell.com/patch/finder/?keywords=92db776383896ad395b93d570e1b0440
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?c3b1d361"
  );
  # http://download.novell.com/patch/finder/?keywords=c00b87e84b1ec845f992a53432644809
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?3327c148"
  );
  # http://download.novell.com/patch/finder/?keywords=cebd648c35a6ff05d60a592debc063f7
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?85cb8767"
  );
  # http://download.novell.com/patch/finder/?keywords=f67e971841459d6799882fcccab88393
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?7458efe4"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-1083.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-3593.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-1601.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-2137.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-2372.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-2745.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-3375.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-3412.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-3430.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-3511.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4444.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4530.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4565.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6537.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6538.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6539.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6540.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6541.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6542.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6544.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6545.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6546.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6547.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6548.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6549.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0160.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0216.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0231.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0268.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0310.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0343.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0349.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0871.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0914.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1767.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1773.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1774.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1792.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1796.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1797.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1798.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1827.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1928.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1943.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2015.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2141.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2147.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2164.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2232.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2234.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2237.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2634.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2851.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2852.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2888.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2889.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2892.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2893.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2897.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2929.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3222.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3223.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3224.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3225.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3228.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3229.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3231.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3232.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3234.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3235.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4345.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4470.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4483.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4511.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4587.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4588.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4591.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6367.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6368.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6378.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6383.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1444.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1445.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1446.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/714906"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/715250"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/735347"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/744955"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/745640"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/748896"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/752544"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/754898"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/760596"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/761774"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/762099"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/762366"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/763463"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/763654"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/767610"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/767612"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/768668"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/769644"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/769896"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/770695"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/771706"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/771992"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/772849"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/773320"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/773383"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/773577"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/773640"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/773831"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/774523"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/775182"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/776024"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/776144"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/776885"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/777473"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/780004"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/780008"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/780572"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/782178"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/785016"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/786013"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/787573"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/787576"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/789648"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/789831"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/795354"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/797175"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/798050"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/800280"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/801178"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/802642"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/803320"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/804154"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/804653"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/805226"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/805227"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/805945"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/806138"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/806976"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/806977"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/806980"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/807320"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/808358"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/808827"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809889"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809891"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809892"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809893"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809894"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809898"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809899"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809900"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809901"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809902"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809903"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/810045"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/810473"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/811354"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/812364"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/813276"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/813735"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/814363"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/814716"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/815352"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/815745"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/816668"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/817377"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/818337"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/818371"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/820338"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/822575"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/822579"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/823260"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/823267"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/823618"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/824159"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/824295"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/825227"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/826707"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/827416"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/827749"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/827750"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/828012"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/828119"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/833820"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/835094"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/835481"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/835839"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/840226"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/840858"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/845028"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/847652"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/847672"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/848321"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/849021"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/851095"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/851103"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/852558"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/852559"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/853050"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/853051"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/853052"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/856917"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/858869"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/858870"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/858872"
  );
  # https://www.suse.com/support/update/announcement/2014/suse-su-20140287-1.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?3c7c0d67"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 11 SP1 LTSS :

zypper in -t patch slessp1-kernel-8847 slessp1-kernel-8848
slessp1-kernel-8849

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:btrfs-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:btrfs-kmp-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:btrfs-kmp-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ext4dev-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ext4dev-kmp-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ext4dev-kmp-trace");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ext4dev-kmp-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:hyper-v-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:hyper-v-kmp-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:hyper-v-kmp-trace");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/02/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = eregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! ereg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES11" && (! ereg(pattern:"^1$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP1", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"btrfs-kmp-xen-0_2.6.32.59_0.9-0.3.151")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"ext4dev-kmp-xen-0_2.6.32.59_0.9-7.9.118")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"hyper-v-kmp-default-0_2.6.32.59_0.9-0.18.37")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"hyper-v-kmp-trace-0_2.6.32.59_0.9-0.18.37")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"kernel-ec2-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"kernel-ec2-base-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"kernel-ec2-devel-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"kernel-xen-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"kernel-xen-base-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"kernel-xen-devel-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"btrfs-kmp-pae-0_2.6.32.59_0.9-0.3.151")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"ext4dev-kmp-pae-0_2.6.32.59_0.9-7.9.118")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"hyper-v-kmp-pae-0_2.6.32.59_0.9-0.18.37")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"kernel-pae-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"kernel-pae-base-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"kernel-pae-devel-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"s390x", reference:"kernel-default-man-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", reference:"btrfs-kmp-default-0_2.6.32.59_0.9-0.3.151")) flag++;
if (rpm_check(release:"SLES11", sp:"1", reference:"ext4dev-kmp-default-0_2.6.32.59_0.9-7.9.118")) flag++;
if (rpm_check(release:"SLES11", sp:"1", reference:"ext4dev-kmp-trace-0_2.6.32.59_0.9-7.9.118")) flag++;
if (rpm_check(release:"SLES11", sp:"1", reference:"kernel-default-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", reference:"kernel-default-base-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", reference:"kernel-default-devel-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", reference:"kernel-source-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", reference:"kernel-syms-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", reference:"kernel-trace-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", reference:"kernel-trace-base-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", reference:"kernel-trace-devel-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"btrfs-kmp-xen-0_2.6.32.59_0.9-0.3.151")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"ext4dev-kmp-xen-0_2.6.32.59_0.9-7.9.118")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"hyper-v-kmp-default-0_2.6.32.59_0.9-0.18.37")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"hyper-v-kmp-trace-0_2.6.32.59_0.9-0.18.37")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"kernel-ec2-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"kernel-ec2-base-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"kernel-ec2-devel-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"kernel-xen-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"kernel-xen-base-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"kernel-xen-devel-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"btrfs-kmp-pae-0_2.6.32.59_0.9-0.3.151")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"ext4dev-kmp-pae-0_2.6.32.59_0.9-7.9.118")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"hyper-v-kmp-pae-0_2.6.32.59_0.9-0.18.37")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"kernel-pae-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"kernel-pae-base-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"kernel-pae-devel-2.6.32.59-0.9.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2014:0832-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(83628);
  script_version("2.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2013-0343", "CVE-2013-2888", "CVE-2013-2893", "CVE-2013-2897", "CVE-2013-4470", "CVE-2013-4483", "CVE-2013-4588", "CVE-2013-6382", "CVE-2013-6383", "CVE-2013-7263", "CVE-2013-7264", "CVE-2013-7265", "CVE-2014-1444", "CVE-2014-1445", "CVE-2014-1446", "CVE-2014-1737", "CVE-2014-1738");
  script_bugtraq_id(58795, 62043, 62044, 62050, 63359, 63445, 63744, 63888, 63889, 64677, 64685, 64686, 64952, 64953, 64954, 67300, 67302);

  script_name(english:"SUSE SLES10 Security Update : kernel (SUSE-SU-2014:0832-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SUSE Linux Enterprise Server 10 SP3 LTSS received a roll up update
to fix several security and non-security issues.

The following security issues have been fixed :

CVE-2013-0343: The ipv6_create_tempaddr function in
net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly
handle problems with the generation of IPv6 temporary addresses, which
allows remote attackers to cause a denial of service (excessive
retries and address-generation outage), and consequently obtain
sensitive information, via ICMPv6 Router Advertisement (RA) messages.
(bnc#805226)

CVE-2013-2888: Multiple array index errors in
drivers/hid/hid-core.c in the Human Interface Device (HID)
subsystem in the Linux kernel through 3.11 allow physically
proximate attackers to execute arbitrary code or cause a
denial of service (heap memory corruption) via a crafted
device that provides an invalid Report ID. (bnc#835839)

CVE-2013-2893: The Human Interface Device (HID) subsystem in
the Linux kernel through 3.11, when CONFIG_LOGITECH_FF,
CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled,
allows physically proximate attackers to cause a denial of
service (heap-based out-of-bounds write) via a crafted
device, related to (1) drivers/hid/hid-lgff.c, (2)
drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c.
(bnc#835839)

CVE-2013-2897: Multiple array index errors in
drivers/hid/hid-multitouch.c in the Human Interface Device
(HID) subsystem in the Linux kernel through 3.11, when
CONFIG_HID_MULTITOUCH is enabled, allow physically proximate
attackers to cause a denial of service (heap memory
corruption, or NULL pointer dereference and OOPS) via a
crafted device. (bnc#835839)

CVE-2013-4470: The Linux kernel before 3.12, when UDP
Fragmentation Offload (UFO) is enabled, does not properly
initialize certain data structures, which allows local users
to cause a denial of service (memory corruption and system
crash) or possibly gain privileges via a crafted application
that uses the UDP_CORK option in a setsockopt system call
and sends both short and long packets, related to the
ip_ufo_append_data function in net/ipv4/ip_output.c and the
ip6_ufo_append_data function in net/ipv6/ip6_output.c.
(bnc#847672)

CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in
the Linux kernel before 3.10 does not properly manage a
reference count, which allows local users to cause a denial
of service (memory consumption or system crash) via a
crafted application. (bnc#848321)

CVE-2013-4588: Multiple stack-based buffer overflows in
net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before
2.6.33, when CONFIG_IP_VS is used, allow local users to gain
privileges by leveraging the CAP_NET_ADMIN capability for
(1) a getsockopt system call, related to the
do_ip_vs_get_ctl function, or (2) a setsockopt system call,
related to the do_ip_vs_set_ctl function. (bnc#851095)

CVE-2013-6382: Multiple buffer underflows in the XFS
implementation in the Linux kernel through 3.12.1 allow
local users to cause a denial of service (memory corruption)
or possibly have unspecified other impact by leveraging the
CAP_SYS_ADMIN capability for a (1)
XFS_IOC_ATTRLIST_BY_HANDLE or (2)
XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted
length value, related to the xfs_attrlist_by_handle function
in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle
function in fs/xfs/xfs_ioctl32.c. (bnc#852553)

CVE-2013-6383: The aac_compat_ioctl function in
drivers/scsi/aacraid/linit.c in the Linux kernel before
3.11.8 does not require the CAP_SYS_RAWIO capability, which
allows local users to bypass intended access restrictions
via a crafted ioctl call. (bnc#852558)

CVE-2013-7263: The Linux kernel before 3.12.4 updates
certain length values before ensuring that associated data
structures have been initialized, which allows local users
to obtain sensitive information from kernel stack memory via
a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call,
related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,
net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#857643)

CVE-2013-7264: The l2tp_ip_recvmsg function in
net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates
a certain length value before ensuring that an associated
data structure has been initialized, which allows local
users to obtain sensitive information from kernel stack
memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg
system call. (bnc#857643)

CVE-2013-7265: The pn_recvmsg function in
net/phonet/datagram.c in the Linux kernel before 3.12.4
updates a certain length value before ensuring that an
associated data structure has been initialized, which allows
local users to obtain sensitive information from kernel
stack memory via a (1) recvfrom, (2) recvmmsg, or (3)
recvmsg system call. (bnc#857643)

CVE-2014-1444: The fst_get_iface function in
drivers/net/wan/farsync.c in the Linux kernel before 3.11.7
does not properly initialize a certain data structure, which
allows local users to obtain sensitive information from
kernel memory by leveraging the CAP_NET_ADMIN capability for
an SIOCWANDEV ioctl call. (bnc#858869)

CVE-2014-1445: The wanxl_ioctl function in
drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7
does not properly initialize a certain data structure, which
allows local users to obtain sensitive information from
kernel memory via an ioctl call. (bnc#858870)

CVE-2014-1446: The yam_ioctl function in
drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8
does not initialize a certain structure member, which allows
local users to obtain sensitive information from kernel
memory by leveraging the CAP_NET_ADMIN capability for an
SIOCYAMGCFG ioctl call. (bnc#858872)

CVE-2014-1737: The raw_cmd_copyin function in
drivers/block/floppy.c in the Linux kernel through 3.14.3
does not properly handle error conditions during processing
of an FDRAWCMD ioctl call, which allows local users to
trigger kfree operations and gain privileges by leveraging
write access to a /dev/fd device. (bnc#875798)

CVE-2014-1738: The raw_cmd_copyout function in
drivers/block/floppy.c in the Linux kernel through 3.14.3
does not properly restrict access to certain pointers during
processing of an FDRAWCMD ioctl call, which allows local
users to obtain sensitive information from kernel heap
memory by leveraging write access to a /dev/fd device.
(bnc#875798)

The following bugs have been fixed :

  - kernel: sclp console hangs (bnc#830344, LTC#95711,
    bnc#860304).

  - ia64: Change default PSR.ac from '1' to '0' (Fix erratum
    #237) (bnc#874108).

  - net: Uninline kfree_skb and allow NULL argument
    (bnc#853501).

  - tcp: syncookies: reduce cookie lifetime to 128 seconds
    (bnc#833968).

  - tcp: syncookies: reduce mss table to four values
    (bnc#833968).

  - udp: Fix bogus UFO packet generation (bnc#847672).

  - blkdev_max_block: make private to fs/buffer.c
    (bnc#820338).

  - vfs: avoid 'attempt to access beyond end of device'
    warnings (bnc#820338).

  - vfs: fix O_DIRECT read past end of block device
    (bnc#820338).

  - HID: check for NULL field when setting values
    (bnc#835839).

  - HID: provide a helper for validating hid reports
    (bnc#835839).

  - dl2k: Tighten ioctl permissions (bnc#758813).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # http://download.suse.com/patch/finder/?keywords=17ddf66eae63aab3af8b2b3bec742669
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?3366e92c"
  );
  # http://download.suse.com/patch/finder/?keywords=26314f5d51311e1fdece27b8fcdf804a
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?992a6e07"
  );
  # http://download.suse.com/patch/finder/?keywords=9914353b490102922bc3d08bdf30bacc
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?287c54b5"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0343.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2888.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2893.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2897.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4470.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4483.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4588.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6382.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6383.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-7263.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-7264.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-7265.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1444.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1445.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1446.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1737.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1738.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/758813"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/805226"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/820338"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/830344"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/833968"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/835839"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/847672"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/848321"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/851095"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/852553"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/852558"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/853501"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/857643"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/858869"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/858870"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/858872"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/860304"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/874108"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/875798"
  );
  # https://www.suse.com/support/update/announcement/2014/suse-su-20140832-1.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?d643af8f"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel packages"
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-bigsmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kdump");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kdumppae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vmi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vmipae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xenpae");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:10");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = eregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! ereg(pattern:"^(SLES10)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES10", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES10" && (! ereg(pattern:"^3$", string:sp))) audit(AUDIT_OS_NOT, "SLES10 SP3", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES10", sp:"3", cpu:"x86_64", reference:"kernel-debug-2.6.16.60-0.123.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"x86_64", reference:"kernel-kdump-2.6.16.60-0.123.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"x86_64", reference:"kernel-smp-2.6.16.60-0.123.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"x86_64", reference:"kernel-xen-2.6.16.60-0.123.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"x86_64", reference:"kernel-bigsmp-2.6.16.60-0.123.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"x86_64", reference:"kernel-kdumppae-2.6.16.60-0.123.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"x86_64", reference:"kernel-vmi-2.6.16.60-0.123.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"x86_64", reference:"kernel-vmipae-2.6.16.60-0.123.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"x86_64", reference:"kernel-xenpae-2.6.16.60-0.123.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", reference:"kernel-default-2.6.16.60-0.123.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", reference:"kernel-source-2.6.16.60-0.123.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", reference:"kernel-syms-2.6.16.60-0.123.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"i586", reference:"kernel-debug-2.6.16.60-0.123.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"i586", reference:"kernel-kdump-2.6.16.60-0.123.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"i586", reference:"kernel-smp-2.6.16.60-0.123.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"i586", reference:"kernel-xen-2.6.16.60-0.123.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"i586", reference:"kernel-bigsmp-2.6.16.60-0.123.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"i586", reference:"kernel-kdumppae-2.6.16.60-0.123.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"i586", reference:"kernel-vmi-2.6.16.60-0.123.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"i586", reference:"kernel-vmipae-2.6.16.60-0.123.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"i586", reference:"kernel-xenpae-2.6.16.60-0.123.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(72325);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2013-2146", "CVE-2013-2930", "CVE-2013-4345", "CVE-2013-4483", "CVE-2013-4511", "CVE-2013-4514", "CVE-2013-4515", "CVE-2013-4587", "CVE-2013-4592", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6378", "CVE-2013-6380", "CVE-2013-6383", "CVE-2013-7027", "CVE-2013-7266", "CVE-2013-7267", "CVE-2013-7268", "CVE-2013-7269", "CVE-2013-7270", "CVE-2013-7271");

  script_name(english:"SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 8823 / 8827)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to
3.0.101 and also includes various other bug and security fixes.

A new feature was added :

  - supported.conf: marked net/netfilter/xt_set as supported
    (bnc#851066)(fate#313309) The following security bugs
    have been fixed :

  - Array index error in the kvm_vm_ioctl_create_vcpu
    function in virt/kvm/kvm_main.c in the KVM subsystem in
    the Linux kernel through 3.12.5 allows local users to
    gain privileges via a large id value. (bnc#853050).
    (CVE-2013-4587)

  - Memory leak in the __kvm_set_memory_region function in
    virt/kvm/kvm_main.c in the Linux kernel before 3.9
    allows local users to cause a denial of service (memory
    consumption) by leveraging certain device access to
    trigger movement of memory slots. (bnc#851101).
    (CVE-2013-4592)

  - The apic_get_tmcct function in arch/x86/kvm/lapic.c in
    the KVM subsystem in the Linux kernel through 3.12.5
    allows guest OS users to cause a denial of service
    (divide-by-zero error and host OS crash) via crafted
    modifications of the TMICT value. (bnc#853051).
    (CVE-2013-6367)

  - The KVM subsystem in the Linux kernel through 3.12.5
    allows local users to gain privileges or cause a denial
    of service (system crash) via a VAPIC synchronization
    operation involving a page-end address. (bnc#853052).
    (CVE-2013-6368)

  - The recalculate_apic_map function in
    arch/x86/kvm/lapic.c in the KVM subsystem in the Linux
    kernel through 3.12.5 allows guest OS users to cause a
    denial of service (host OS crash) via a crafted ICR
    write operation in x2apic mode. (bnc#853053).
    (CVE-2013-6376)

  - The ipc_rcu_putref function in ipc/util.c in the Linux
    kernel before 3.10 does not properly manage a reference
    count, which allows local users to cause a denial of
    service (memory consumption or system crash) via a
    crafted application. (bnc#848321). (CVE-2013-4483)

  - Multiple integer overflows in Alchemy LCD frame-buffer
    drivers in the Linux kernel before 3.12 allow local
    users to create a read-write memory mapping for the
    entirety of kernel memory, and consequently gain
    privileges, via crafted mmap operations, related to the
    (1) au1100fb_fb_mmap function in
    drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap
    function in drivers/video/au1200fb.c. (bnc#849021).
    (CVE-2013-4511)

  - Multiple buffer overflows in
    drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel
    before 3.12 allow local users to cause a denial of
    service or possibly have unspecified other impact by
    leveraging the CAP_NET_ADMIN capability and providing a
    long station-name string, related to the (1)
    wvlan_uil_put_info and (2) wvlan_set_station_nickname
    functions. (bnc#849029). (CVE-2013-4514)

  - The bcm_char_ioctl function in
    drivers/staging/bcm/Bcmchar.c in the Linux kernel before
    3.12 does not initialize a certain data structure, which
    allows local users to obtain sensitive information from
    kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO
    ioctl call. (bnc#849034). (CVE-2013-4515)

  - The lbs_debugfs_write function in
    drivers/net/wireless/libertas/debugfs.c in the Linux
    kernel through 3.12.1 allows local users to cause a
    denial of service (OOPS) by leveraging root privileges
    for a zero-length write operation. (bnc#852559).
    (CVE-2013-6378)

  - The aac_send_raw_srb function in
    drivers/scsi/aacraid/commctrl.c in the Linux kernel
    through 3.12.1 does not properly validate a certain size
    value, which allows local users to cause a denial of
    service (invalid pointer dereference) or possibly have
    unspecified other impact via an FSACTL_SEND_RAW_SRB
    ioctl call that triggers a crafted SRB command.
    (bnc#852373). (CVE-2013-6380)

  - The ieee80211_radiotap_iterator_init function in
    net/wireless/radiotap.c in the Linux kernel before
    3.11.7 does not check whether a frame contains any data
    outside of the header, which might allow attackers to
    cause a denial of service (buffer over-read) via a
    crafted header. (bnc#854634). (CVE-2013-7027)

  - Linux kernel built with the networking
    support(CONFIG_NET) is vulnerable to an information
    leakage flaw in the socket layer. It could occur while
    doing recvmsg(2), recvfrom(2) socket calls. It occurs
    due to improperly initialised msg_name &amp; msg_namelen
    message header parameters. (bnc#854722). (CVE-2013-6463)

  - The aac_compat_ioctl function in
    drivers/scsi/aacraid/linit.c in the Linux kernel before
    3.11.8 does not require the CAP_SYS_RAWIO capability,
    which allows local users to bypass intended access
    restrictions via a crafted ioctl call. (bnc#852558).
    (CVE-2013-6383)

  - Off-by-one error in the get_prng_bytes function in
    crypto/ansi_cprng.c in the Linux kernel through 3.11.4
    makes it easier for context-dependent attackers to
    defeat cryptographic protection mechanisms via multiple
    requests for small amounts of data, leading to improper
    management of the state of the consumed data.
    (bnc#840226). (CVE-2013-4345)

  - arch/x86/kernel/cpu/perf_event_intel.c in the Linux
    kernel before 3.8.9, when the Performance Events
    Subsystem is enabled, specifies an incorrect bitmask,
    which allows local users to cause a denial of service
    (general protection fault and system crash) by
    attempting to set a reserved bit. (bnc#825006).
    (CVE-2013-2146)

  - The perf_trace_event_perm function in
    kernel/trace/trace_event_perf.c in the Linux kernel
    before 3.12.2 does not properly restrict access to the
    perf subsystem, which allows local users to enable
    function tracing via a crafted application.
    (bnc#849362). (CVE-2013-2930)

Also the following non-security bugs have been fixed :

  - kernel: correct tlb flush on page table upgrade
    (bnc#847660, LTC#99268).

  - kernel: fix floating-point-control register save and
    restore (bnc#847660, LTC#99000).

  - kernel: correct handling of asce-type exceptions
    (bnc#851879, LTC#100293).

  - watchdog: Get rid of MODULE_ALIAS_MISCDEV statements.
    (bnc#827767)

  - random: fix accounting race condition with lockless irq
    entropy_count update. (bnc#789359)

  - blktrace: Send BLK_TN_PROCESS events to all running
    traces. (bnc#838623)

  - printk: forcibly flush nmi ringbuffer if oops is in
    progress. (bnc#849675)

  - Introduce KABI exception for cpuidle_state->disable via
    #ifndef __GENKSYMS__

  - Honor state disabling in the cpuidle ladder governor.
    (bnc#845378)

  - cpuidle: add a sysfs entry to disable specific C state
    for debug purpose. (bnc#845378)

  - net: Do not enable tx-nocache-copy by default.
    (bnc#845378)

  - mm: reschedule to avoid RCU stall triggering during boot
    of large machines. (bnc#820434,bnc#852153)

  - rtc-cmos: Add an alarm disable quirk. (bnc#805740)

  - tty/hvc_iucv: Disconnect IUCV connection when lowering
    DTR (bnc#839973, LTC#97595).

  - tty/hvc_console: Add DTR/RTS callback to handle HUPCL
    control (bnc#839973, LTC#97595).

  - sched: Avoid throttle_cfs_rq() racing with period_timer
    stopping. (bnc#848336)

  - sched/balancing: Periodically decay max cost of idle
    balance. (bnc#849256)

  - sched: Consider max cost of idle balance per sched
    domain. (bnc#849256)

  - sched: Reduce overestimating rq->avg_idle. (bnc#849256)

  - sched: Fix cfs_bandwidth misuse of
    hrtimer_expires_remaining. (bnc#848336)

  - sched: Fix hrtimer_cancel()/rq->lock deadlock.
    (bnc#848336)

  - sched: Fix race on toggling cfs_bandwidth_used.
    (bnc#848336)

  - sched: Guarantee new group-entities always have weight.
    (bnc#848336)

  - sched: Use jump labels to reduce overhead when bandwidth
    control is inactive. (bnc#848336)

  - sched: Fix several races in CFS_BANDWIDTH. (bnc#848336)

  - futex: fix handling of read-only-mapped hugepages (VM
    Functionality).

  - futex: move user address verification up to common code.
    (bnc#851603)

  - futexes: Clean up various details. (bnc#851603)

  - futexes: Increase hash table size for better
    performance. (bnc#851603)

  - futexes: Document multiprocessor ordering guarantees.
    (bnc#851603)

  - futexes: Avoid taking the hb->lock if there is nothing
    to wake up. (bnc#851603)

  - futexes: Fix futex_hashsize initialization. (bnc#851603)

  - mutex: Make more scalable by doing fewer atomic
    operations. (bnc#849256)

  - powerpc: Fix memory hotplug with sparse vmemmap.
    (bnc#827527)

  - powerpc: Add System RAM to /proc/iomem. (bnc#827527)

  - powerpc/mm: Mark Memory Resources as busy. (bnc#827527)

  - powerpc: Fix fatal SLB miss when restoring PPR.
    (bnc#853465)

  - powerpc: Make function that parses RTAS error logs
    global. (bnc#852761)

  - powerpc/pseries: Parse and handle EPOW interrupts.
    (bnc#852761)

  - powerpc/rtas_flash: Fix validate_flash buffer overflow
    issue. (bnc#847842)

  - powerpc/rtas_flash: Fix bad memory access. (bnc#847842)

  - x86: Update UV3 hub revision ID (bnc#846298
    fate#314987).

  - x86: Remove some noise from boot log when starting cpus.
    (bnc#770541)

  - x86/microcode/amd: Tone down printk(), do not treat a
    missing firmware file as an error. (bnc#843654)

  - x86/dumpstack: Fix printk_address for direct addresses.
    (bnc#845621)

  - x86/PCI: reduce severity of host bridge window conflict
    warnings. (bnc#858534)

  - ipv6: fix race condition regarding dst->expires and
    dst->from. (bnc#843185)

  - netback: bump tx queue length. (bnc#849404)

  - xfrm: invalidate dst on policy insertion/deletion.
    (bnc#842239)

  - xfrm: prevent ipcomp scratch buffer race condition.
    (bnc#842239)

  - tcp: bind() fix autoselection to share ports.
    (bnc#823618)

  - tcp: bind() use stronger condition for bind_conflict.
    (bnc#823618)

  - tcp: ipv6: bind() use stronger condition for
    bind_conflict. (bnc#823618)

  - kabi: protect bind_conflict callback in struct
    inet_connection_sock_af_ops. (bnc#823618)

  - macvlan: introduce IFF_MACVLAN flag and helper function.
    (bnc#846984)

  - macvlan: introduce macvlan_dev_real_dev() helper
    function. (bnc#846984)

  - macvlan: disable LRO on lower device instead of macvlan.
    (bnc#846984)

  - fs: Avoid softlockup in
    shrink_dcache_for_umount_subtree. (bnc#834473)

  - blkdev_max_block: make private to fs/buffer.c.
    (bnc#820338)

  - storage: SMI Corporation usb key added to
    READ_CAPACITY_10 quirk. (bnc#850324)

  - autofs4: autofs4_wait() vs. autofs4_catatonic_mode()
    race. (bnc#851314)

  - autofs4: catatonic_mode vs. notify_daemon race.
    (bnc#851314)

  - autofs4: close the races around autofs4_notify_daemon().
    (bnc#851314)

  - autofs4: deal with autofs4_write/autofs4_write races.
    (bnc#851314)

  - autofs4: dont clear DCACHE_NEED_AUTOMOUNT on rootless
    mount. (bnc#851314)

  - autofs4: fix deal with autofs4_write races. (bnc#851314)

  - autofs4: use simple_empty() for empty directory check.
    (bnc#851314)

  - dlm: set zero linger time on sctp socket. (bnc#787843)

  - SUNRPC: Fix a data corruption issue when retransmitting
    RPC calls (no bugzilla yet - netapp confirms problem and
    fix).

  - nfs: Change NFSv4 to not recover locks after they are
    lost. (bnc#828236)

  - nfs: Adapt readdirplus to application usage patterns.
    (bnc#834708)

  - xfs: Account log unmount transaction correctly.
    (bnc#849950)

  - xfs: improve ioend error handling. (bnc#846036)

  - xfs: reduce ioend latency. (bnc#846036)

  - xfs: use per-filesystem I/O completion workqueues.
    (bnc#846036)

  - xfs: Hide additional entries in struct xfs_mount.
    (bnc#846036 / bnc#848544)

  - Btrfs: do not BUG_ON() if we get an error walking
    backrefs (FATE#312888).

  - vfs: avoid 'attempt to access beyond end of device'
    warnings. (bnc#820338)

  - vfs: fix O_DIRECT read past end of block device.
    (bnc#820338)

  - cifs: Improve performance of browsing directories with
    several files. (bnc#810323)

  - cifs: Ensure cifs directories do not show up as files.
    (bnc#826602)

  - dm-multipath: abort all requests when failing a path.
    (bnc#798050)

  - scsi: Add 'eh_deadline' to limit SCSI EH runtime.
    (bnc#798050)

  - scsi: Allow error handling timeout to be specified.
    (bnc#798050)

  - scsi: Fixup compilation warning. (bnc#798050)

  - scsi: Retry failfast commands after EH. (bnc#798050)

  - scsi: Warn on invalid command completion. (bnc#798050)

  - advansys: Remove 'last_reset' references. (bnc#798050)

  - cleanup setting task state in scsi_error_handler().
    (bnc#798050)

  - dc395: Move 'last_reset' into internal host structure.
    (bnc#798050)

  - dpt_i2o: Remove DPTI_STATE_IOCTL. (bnc#798050)

  - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset.
    (bnc#798050)

  - scsi: kABI fixes. (bnc#798050)

  - scsi: remove check for 'resetting'. (bnc#798050)

  - tmscsim: Move 'last_reset' into host structure.
    (bnc#798050)

  - SCSI &amp; usb-storage: add try_rc_10_first flag.
    (bnc#853428)

  - iscsi_target: race condition on shutdown. (bnc#850072)

  - libfcoe: Make fcoe_sysfs optional / fix fnic NULL
    exception. (bnc#837206)

  - lpfc 8.3.42: Fixed issue of task management commands
    having a fixed timeout. (bnc#856481)

  - advansys: Remove 'last_reset' references. (bnc#856481)

  - dc395: Move 'last_reset' into internal host structure.
    (bnc#856481)

  - Add 'eh_deadline' to limit SCSI EH runtime. (bnc#856481)

  - remove check for 'resetting'. (bnc#856481)

  - tmscsim: Move 'last_reset' into host structure.
    (bnc#856481)

  - scsi_dh_rdac: Add new IBM 1813 product id to rdac
    devlist. (bnc#846654)

  - md: Change handling of save_raid_disk and metadata
    update during recovery. (bnc#849364)

  - dpt_i2o: Remove DPTI_STATE_IOCTL. (bnc#856481)

  - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset.
    (bnc#856481)

  - crypto: unload of aes_s390 module causes kernel panic
    (bnc#847660, LTC#98706).

  - crypto: Fix aes-xts parameter corruption (bnc#854546,
    LTC#100718).

  - crypto: gf128mul - fix call to memset() (obvious fix).

  - X.509: Fix certificate gathering. (bnc#805114)

  - pcifront: Deal with toolstack missing
    'XenbusStateClosing' state.

  - xencons: generalize use of add_preferred_console().
    (bnc#733022, bnc#852652)

  - netxen: fix off by one bug in
    netxen_release_tx_buffer(). (bnc#845729)

  - xen: xen_spin_kick fixed crash/lock release
    (bnc#807434)(bnc#848652).

  - xen: fixed USB passthrough issue. (bnc#852624)

  - igb: Fix get_fw_version function for all parts.
    (bnc#848317)

  - igb: Refactor of init_nvm_params. (bnc#848317)

  - r8169: check ALDPS bit and disable it if enabled for the
    8168g. (bnc#845352)

  - qeth: request length checking in snmp ioctl (bnc#847660,
    LTC#99511).

  - bnx2x: remove false warning regarding interrupt number.
    (bnc#769035)

  - usb: Fix xHCI host issues on remote wakeup. (bnc#846989)

  - xhci: Limit the spurious wakeup fix only to HP machines.
    (bnc#833097)

  - Intel xhci: refactor EHCI/xHCI port switching.
    (bnc#840116)

  - xhci-hub.c: preserved kABI. (bnc#840116)

  - xhci: Refactor port status into a new function.
    (bnc#840116)

  - HID: multitouch: Add support for NextWindow 0340
    touchscreen. (bnc#849855)

  - HID: multitouch: Add support for Qaunta 3027
    touchscreen. (bnc#854516)

  - HID: multitouch: add support for Atmel 212c touchscreen.
    (bnc#793727)

  - HID: multitouch: partial support of win8 devices.
    (bnc#854516,bnc#793727,bnc#849855)

  - HID: hid-multitouch: add support for the IDEACOM 6650
    chip. (bnc#854516,bnc#793727,bnc#849855)

  - ALSA: hda - Fix inconsistent mic-mute LED. (bnc#848864)

  - ALSA: hda - load EQ params into IDT codec on HP bNB13
    systems. (bnc#850493)

  - lpfc: correct some issues with txcomplq processing.
    (bnc#818064)

  - lpfc: correct an issue with rrq processing. (bnc#818064)

  - block: factor out vector mergeable decision to a helper
    function. (bnc#769644)

  - block: modify __bio_add_page check to accept pages that
    do not start a new segment. (bnc#769644)

  - sd: avoid deadlocks when running under multipath.
    (bnc#818545)

  - sd: fix crash when UA received on DIF enabled device.
    (bnc#841445)

  - sg: fix blk_get_queue usage. (bnc#834808)

  - lpfc: Do not free original IOCB whenever ABTS fails.
    (bnc#806988)

  - lpfc: Fix kernel warning on spinlock usage. (bnc#806988)

  - lpfc: Fixed system panic due to midlayer abort.
    (bnc#806988)

  - qla2xxx: Add module parameter to override the default
    request queue size. (bnc#826756)

  - qla2xxx: Module parameter 'ql2xasynclogin'. (bnc#825896)

  - Pragmatic workaround for realtime class abuse induced
    latency issues.

  - Provide realtime priority kthread and workqueue boot
    options. (bnc#836718)

  - mlx4: allocate just enough pages instead of always 4
    pages. (bnc#835186 / bnc#835074)

  - mlx4: allow order-0 memory allocations in RX path.
    (bnc#835186 / bnc#835074)

  - net/mlx4: use one page fragment per incoming frame.
    (bnc#835186 / bnc#835074)

  - bna: do not register ndo_set_rx_mode callback.
    (bnc#847261)

  - PCI: pciehp: Retrieve link speed after link is trained.
    (bnc#820102)

  - PCI: Separate pci_bus_read_dev_vendor_id from
    pci_scan_device. (bnc#820102)

  - PCI: pciehp: replace unconditional sleep with config
    space access check. (bnc#820102)

  - PCI: pciehp: make check_link_active more helpful.
    (bnc#820102)

  - PCI: pciehp: Add pcie_wait_link_not_active().
    (bnc#820102)

  - PCI: pciehp: Add Disable/enable link functions.
    (bnc#820102)

  - PCI: pciehp: Disable/enable link during slot power
    off/on. (bnc#820102)

  - PCI: fix truncation of resource size to 32 bits.
    (bnc#843419)

  - hv: handle more than just WS2008 in KVP negotiation.
    (bnc#850640)

  - mei: ME hardware reset needs to be synchronized.
    (bnc#821619)

  - kabi: Restore struct irq_desc::timer_rand_state.

  - fs3270: unloading module does not remove device
    (bnc#851879, LTC#100284).

  - cio: add message for timeouts on internal I/O
    (bnc#837739,LTC#97047).

  - isci: Fix a race condition in the SSP task management
    path. (bnc#826978)

  - ptp: dynamic allocation of PHC char devices.
    (bnc#851290)

  - efifb: prevent null-deref when iterating dmi_list.
    (bnc#848055)

  - dm-mpath: Fixup race condition in activate_path().
    (bnc#708296)

  - dm-mpath: do not detach stale hardware handler.
    (bnc#708296)

  - dm-multipath: Improve logging. (bnc#708296)

  - scsi_dh: invoke callback if ->activate is not present.
    (bnc#708296)

  - scsi_dh: return individual errors in scsi_dh_activate().
    (bnc#708296)

  - scsi_dh_alua: Decode EMC Clariion extended inquiry.
    (bnc#708296)

  - scsi_dh_alua: Decode HP EVA array identifier.
    (bnc#708296)

  - scsi_dh_alua: Evaluate state for all port groups.
    (bnc#708296)

  - scsi_dh_alua: Fix missing close brace in
    alua_check_sense. (bnc#843642)

  - scsi_dh_alua: Make stpg synchronous. (bnc#708296)

  - scsi_dh_alua: Pass buffer as function argument.
    (bnc#708296)

  - scsi_dh_alua: Re-evaluate port group states after STPG.
    (bnc#708296)

  - scsi_dh_alua: Recheck state on transitioning.
    (bnc#708296)

  - scsi_dh_alua: Rework rtpg workqueue. (bnc#708296)

  - scsi_dh_alua: Use separate alua_port_group structure.
    (bnc#708296)

  - scsi_dh_alua: Allow get_alua_data() to return NULL.
    (bnc#839407)

  - scsi_dh_alua: asynchronous RTPG. (bnc#708296)

  - scsi_dh_alua: correctly terminate target port strings.
    (bnc#708296)

  - scsi_dh_alua: defer I/O while workqueue item is pending.
    (bnc#708296)

  - scsi_dh_alua: Do not attach to RAID or enclosure
    devices. (bnc#819979)

  - scsi_dh_alua: Do not attach to well-known LUNs.
    (bnc#821980)

  - scsi_dh_alua: fine-grained locking in alua_rtpg_work().
    (bnc#708296)

  - scsi_dh_alua: invalid state information for 'optimized'
    paths. (bnc#843445)

  - scsi_dh_alua: move RTPG to workqueue. (bnc#708296)

  - scsi_dh_alua: move 'expiry' into PG structure.
    (bnc#708296)

  - scsi_dh_alua: move some sense code handling into generic
    code. (bnc#813245)

  - scsi_dh_alua: multipath failover fails with error 15.
    (bnc#825696)

  - scsi_dh_alua: parse target device id. (bnc#708296)

  - scsi_dh_alua: protect accesses to struct
    alua_port_group. (bnc#708296)

  - scsi_dh_alua: put sense buffer on stack. (bnc#708296)

  - scsi_dh_alua: reattaching device handler fails with
    'Error 15'. (bnc#843429)

  - scsi_dh_alua: remove locking when checking state.
    (bnc#708296)

  - scsi_dh_alua: remove stale variable. (bnc#708296)

  - scsi_dh_alua: retry RTPG on UNIT ATTENTION. (bnc#708296)

  - scsi_dh_alua: retry command on 'mode parameter changed'
    sense code. (bnc#843645)

  - scsi_dh_alua: simplify alua_check_sense(). (bnc#843642)

  - scsi_dh_alua: simplify state update. (bnc#708296)

  - scsi_dh_alua: use delayed_work. (bnc#708296)

  - scsi_dh_alua: use flag for RTPG extended header.
    (bnc#708296)

  - scsi_dh_alua: use local buffer for VPD inquiry.
    (bnc#708296)

  - scsi_dh_alua: use spin_lock_irqsave for port group.
    (bnc#708296)

  - scsi_dh_alua: defer I/O while workqueue item is pending.
    (bnc#708296)

  - scsi_dh_alua: Rework rtpg workqueue. (bnc#708296)

  - scsi_dh_alua: use delayed_work. (bnc#708296)

  - scsi_dh_alua: move 'expiry' into PG structure.
    (bnc#708296)

  - scsi_dh: invoke callback if ->activate is not present.
    (bnc#708296)

  - scsi_dh_alua: correctly terminate target port strings.
    (bnc#708296)

  - scsi_dh_alua: retry RTPG on UNIT ATTENTION. (bnc#708296)

  - scsi_dh_alua: protect accesses to struct
    alua_port_group. (bnc#708296)

  - scsi_dh_alua: fine-grained locking in alua_rtpg_work().
    (bnc#708296)

  - scsi_dh_alua: use spin_lock_irqsave for port group.
    (bnc#708296)

  - scsi_dh_alua: remove locking when checking state.
    (bnc#708296)

  - scsi_dh_alua: remove stale variable. (bnc#708296)

  - scsi_dh: return individual errors in scsi_dh_activate().
    (bnc#708296)

  - scsi_dh_alua: fixup misplaced brace in
    alua_initialize(). (bnc#858831)

  - drm/i915: add I915_PARAM_HAS_VEBOX to i915_getparam
    (bnc#831103,FATE#316109).

  - drm/i915: add I915_EXEC_VEBOX to
    i915_gem_do_execbuffer() (bnc#831103,FATE#316109).

  - drm/i915: add VEBOX into debugfs
    (bnc#831103,FATE#316109).

  - drm/i915: Enable vebox interrupts
    (bnc#831103,FATE#316109).

  - drm/i915: vebox interrupt get/put
    (bnc#831103,FATE#316109).

  - drm/i915: consolidate interrupt naming scheme
    (bnc#831103,FATE#316109).

  - drm/i915: Convert irq_refounct to struct
    (bnc#831103,FATE#316109).

  - drm/i915: make PM interrupt writes non-destructive
    (bnc#831103,FATE#316109).

  - drm/i915: Add PM regs to pre/post install
    (bnc#831103,FATE#316109).

  - drm/i915: Create an ivybridge_irq_preinstall
    (bnc#831103,FATE#316109).

  - drm/i915: Create a more generic pm handler for hsw+
    (bnc#831103,FATE#316109).

  - drm/i915: Vebox ringbuffer init
    (bnc#831103,FATE#316109).

  - drm/i915: add HAS_VEBOX (bnc#831103,FATE#316109).

  - drm/i915: Rename ring flush functions
    (bnc#831103,FATE#316109).

  - drm/i915: Add VECS semaphore bits
    (bnc#831103,FATE#316109).

  - drm/i915: Introduce VECS: the 4th ring
    (bnc#831103,FATE#316109).

  - drm/i915: Semaphore MBOX update generalization
    (bnc#831103,FATE#316109).

  - drm/i915: Comments for semaphore clarification
    (bnc#831103,FATE#316109).

  - drm/i915: fix gen4 digital port hotplug definitions.
    (bnc#850103)

  - drm/mgag200: Bug fix: Modified pll algorithm for EH
    project. (bnc#841654)

  - drm: do not add inferred modes for monitors that do not
    support them. (bnc#849809)

  - s390/cio: dont abort verification after missing irq
    (bnc#837739,LTC#97047).

  - s390/cio: skip broken paths (bnc#837739,LTC#97047).

  - s390/cio: export vpm via sysfs (bnc#837739,LTC#97047).

  - s390/cio: handle unknown pgroup state
    (bnc#837739,LTC#97047)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=708296"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=733022"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=769035"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=769644"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=770541"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=787843"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=789359"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=793727"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=798050"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=805114"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=805740"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=806988"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=807434"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=810323"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=813245"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=818064"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=818545"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=819979"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=820102"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=820338"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=820434"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=821619"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=821980"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=823618"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=825006"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=825696"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=825896"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=826602"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=826756"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=826978"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=827527"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=827767"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=828236"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=831103"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=833097"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=834473"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=834708"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=834808"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=835074"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=835186"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=836718"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=837206"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=837739"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=838623"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=839407"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=839973"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=840116"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=840226"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=841445"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=841654"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=842239"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=843185"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=843419"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=843429"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=843445"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=843642"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=843645"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=843654"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=845352"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=845378"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=845621"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=845729"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=846036"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=846298"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=846654"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=846984"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=846989"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=847261"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=847660"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=847842"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=848055"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=848317"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=848321"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=848335"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=848336"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=848544"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=848652"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=848864"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849021"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849029"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849034"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849256"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849362"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849364"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849404"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849675"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849809"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849855"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=849950"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=850072"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=850103"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=850324"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=850493"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=850640"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=851066"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=851101"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=851290"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=851314"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=851603"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=851879"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=852153"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=852373"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=852558"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=852559"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=852624"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=852652"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=852761"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=853050"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=853051"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=853052"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=853053"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=853428"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=853465"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=854516"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=854546"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=854634"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=854722"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=856307"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=856481"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=858534"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=858831"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2146.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2930.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4345.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4483.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4511.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4514.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4515.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4587.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4592.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6367.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6368.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6376.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6378.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6380.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6383.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6463.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-7027.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Apply SAT patch number 8823 / 8827 as appropriate."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/01/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");


flag = 0;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-extra-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-extra-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-source-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-syms-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-trace-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-extra-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"xen-kmp-default-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"xen-kmp-pae-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-default-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-default-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-default-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-default-extra-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-source-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-syms-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-trace-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-xen-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-xen-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-xen-extra-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"xen-kmp-default-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-default-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-default-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-default-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-ec2-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-ec2-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-ec2-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-pae-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-pae-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-source-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-syms-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-trace-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-trace-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-trace-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-xen-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-xen-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"xen-kmp-default-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"xen-kmp-pae-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-default-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-default-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-default-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-ec2-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-ec2-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-ec2-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-source-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-syms-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-trace-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-trace-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-trace-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-xen-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-xen-base-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-0.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"xen-kmp-default-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include("compat.inc");

if (description)
{
  script_id(78845);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25");

  script_cve_id("CVE-2013-2596", "CVE-2013-4483", "CVE-2014-0181", "CVE-2014-3122", "CVE-2014-3601", "CVE-2014-4608", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-5045", "CVE-2014-5077");

  script_name(english:"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20141014)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"* A NULL pointer dereference flaw was found in the way the Linux
kernel's Stream Control Transmission Protocol (SCTP) implementation
handled simultaneous connections between the same hosts. A remote
attacker could use this flaw to crash the system. (CVE-2014-5077,
Important)

* An integer overflow flaw was found in the way the Linux kernel's
Frame Buffer device implementation mapped kernel memory to user space
via the mmap syscall. A local user able to access a frame buffer
device file (/dev/fb*) could possibly use this flaw to escalate their
privileges on the system. (CVE-2013-2596, Important)

* A flaw was found in the way the ipc_rcu_putref() function in the
Linux kernel's IPC implementation handled reference counter
decrementing. A local, unprivileged user could use this flaw to
trigger an Out of Memory (OOM) condition and, potentially, crash the
system. (CVE-2013-4483, Moderate)

* It was found that the permission checks performed by the Linux
kernel when a netlink message was received were not sufficient. A
local, unprivileged user could potentially bypass these restrictions
by passing a netlink socket as stdout or stderr to a more privileged
process and altering the output of this process. (CVE-2014-0181,
Moderate)

* It was found that the try_to_unmap_cluster() function in the Linux
kernel's Memory Managment subsystem did not properly handle page
locking in certain cases, which could potentially trigger the BUG_ON()
macro in the mlock_vma_page() function. A local, unprivileged user
could use this flaw to crash the system. (CVE-2014-3122, Moderate)

* A flaw was found in the way the Linux kernel's kvm_iommu_map_pages()
function handled IOMMU mapping failures. A privileged user in a guest
with an assigned host device could use this flaw to crash the host.
(CVE-2014-3601, Moderate)

* Multiple use-after-free flaws were found in the way the Linux
kernel's Advanced Linux Sound Architecture (ALSA) implementation
handled user controls. A local, privileged user could use either of
these flaws to crash the system. (CVE-2014-4653, CVE-2014-4654,
CVE-2014-4655, Moderate)

* A flaw was found in the way the Linux kernel's VFS subsystem handled
reference counting when performing unmount operations on symbolic
links. A local, unprivileged user could use this flaw to exhaust all
available memory on the system or, potentially, trigger a
use-after-free error, resulting in a system crash or privilege
escalation. (CVE-2014-5045, Moderate)

* An integer overflow flaw was found in the way the
lzo1x_decompress_safe() function of the Linux kernel's LZO
implementation processed Literal Runs. A local attacker could, in
extremely rare cases, use this flaw to crash the system or,
potentially, escalate their privileges on the system. (CVE-2014-4608,
Low)

The system must be rebooted for this update to take effect."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1411&L=scientific-linux-errata&T=0&P=1615
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?398f36ec"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-firmware");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/10/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/04");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL6", reference:"kernel-2.6.32-504.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-abi-whitelists-2.6.32-504.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debug-2.6.32-504.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debug-debuginfo-2.6.32-504.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debug-devel-2.6.32-504.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debuginfo-2.6.32-504.el6")) flag++;
if (rpm_check(release:"SL6", cpu:"i386", reference:"kernel-debuginfo-common-i686-2.6.32-504.el6")) flag++;
if (rpm_check(release:"SL6", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-504.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-devel-2.6.32-504.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-doc-2.6.32-504.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-firmware-2.6.32-504.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-headers-2.6.32-504.el6")) flag++;
if (rpm_check(release:"SL6", reference:"perf-2.6.32-504.el6")) flag++;
if (rpm_check(release:"SL6", reference:"perf-debuginfo-2.6.32-504.el6")) flag++;
if (rpm_check(release:"SL6", reference:"python-perf-2.6.32-504.el6")) flag++;
if (rpm_check(release:"SL6", reference:"python-perf-debuginfo-2.6.32-504.el6")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2014:0140-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(83608);
  script_version("2.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2013-4345", "CVE-2013-4483", "CVE-2013-4511", "CVE-2013-4514", "CVE-2013-4515", "CVE-2013-4587", "CVE-2013-4592", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6378", "CVE-2013-6380", "CVE-2013-6383", "CVE-2013-6463", "CVE-2013-7027");
  script_bugtraq_id(62740, 63445, 63509, 63512, 63518, 63790, 63886, 63887, 63888, 64013, 64270, 64291, 64328, 64669);

  script_name(english:"SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2014:0140-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SUSE Linux Enterprise 11 Service Pack 2 kernel was updated to
3.0.101 and also includes various other bug and security fixes.

A new feature was added :

  - supported.conf: marked net/netfilter/xt_set as supported
    (bnc#851066)(fate#313309)

The following security bugs have been fixed :

CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu
function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux
kernel through 3.12.5 allows local users to gain privileges via a
large id value. (bnc#853050)

CVE-2013-6368: The KVM subsystem in the Linux kernel through
3.12.5 allows local users to gain privileges or cause a
denial of service (system crash) via a VAPIC synchronization
operation involving a page-end address. (bnc#853052)

CVE-2013-6367: The apic_get_tmcct function in
arch/x86/kvm/lapic.c in the KVM subsystem in the Linux
kernel through 3.12.5 allows guest OS users to cause a
denial of service (divide-by-zero error and host OS crash)
via crafted modifications of the TMICT value. (bnc#853051)

CVE-2013-4592: Memory leak in the __kvm_set_memory_region
function in virt/kvm/kvm_main.c in the Linux kernel before
3.9 allows local users to cause a denial of service (memory
consumption) by leveraging certain device access to trigger
movement of memory slots. (bnc#851101)

CVE-2013-6378: The lbs_debugfs_write function in
drivers/net/wireless/libertas/debugfs.c in the Linux kernel
through 3.12.1 allows local users to cause a denial of
service (OOPS) by leveraging root privileges for a
zero-length write operation. (bnc#852559)

CVE-2013-4514: Multiple buffer overflows in
drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel
before 3.12 allow local users to cause a denial of service
or possibly have unspecified other impact by leveraging the
CAP_NET_ADMIN capability and providing a long station-name
string, related to the (1) wvlan_uil_put_info and (2)
wvlan_set_station_nickname functions. (bnc#849029)

CVE-2013-4515: The bcm_char_ioctl function in
drivers/staging/bcm/Bcmchar.c in the Linux kernel before
3.12 does not initialize a certain data structure, which
allows local users to obtain sensitive information from
kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl
call. (bnc#849034)

CVE-2013-7027: The ieee80211_radiotap_iterator_init function
in net/wireless/radiotap.c in the Linux kernel before 3.11.7
does not check whether a frame contains any data outside of
the header, which might allow attackers to cause a denial of
service (buffer over-read) via a crafted header.
(bnc#854634)

CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in
the Linux kernel before 3.10 does not properly manage a
reference count, which allows local users to cause a denial
of service (memory consumption or system crash) via a
crafted application. (bnc#848321)

CVE-2013-4511: Multiple integer overflows in Alchemy LCD
frame-buffer drivers in the Linux kernel before 3.12 allow
local users to create a read-write memory mapping for the
entirety of kernel memory, and consequently gain privileges,
via crafted mmap operations, related to the (1)
au1100fb_fb_mmap function in drivers/video/au1100fb.c and
the (2) au1200fb_fb_mmap function in
drivers/video/au1200fb.c. (bnc#849021)

CVE-2013-6380: The aac_send_raw_srb function in
drivers/scsi/aacraid/commctrl.c in the Linux kernel through
3.12.1 does not properly validate a certain size value,
which allows local users to cause a denial of service
(invalid pointer dereference) or possibly have unspecified
other impact via an FSACTL_SEND_RAW_SRB ioctl call that
triggers a crafted SRB command. (bnc#852373)

CVE-2013-6463: Linux kernel built with the networking
support(CONFIG_NET) is vulnerable to an information leakage
flaw in the socket layer. It could occur while doing
recvmsg(2), recvfrom(2) socket calls. It occurs due to
improperly initialised msg_name & msg_namelen message header
parameters. (bnc#854722)

CVE-2013-6383: The aac_compat_ioctl function in
drivers/scsi/aacraid/linit.c in the Linux kernel before
3.11.8 does not require the CAP_SYS_RAWIO capability, which
allows local users to bypass intended access restrictions
via a crafted ioctl call. (bnc#852558)

CVE-2013-4345: Off-by-one error in the get_prng_bytes
function in crypto/ansi_cprng.c in the Linux kernel through
3.11.4 makes it easier for context-dependent attackers to
defeat cryptographic protection mechanisms via multiple
requests for small amounts of data, leading to improper
management of the state of the consumed data. (bnc#840226)

Also the following non-security bugs have been fixed :

  - kabi: protect bind_conflict callback in struct
    inet_connection_sock_af_ops (bnc#823618).

  - printk: forcibly flush nmi ringbuffer if oops is in
    progress (bnc#849675).

  - blktrace: Send BLK_TN_PROCESS events to all running
    traces (bnc#838623).

  - x86/dumpstack: Fix printk_address for direct addresses
    (bnc#845621).

  - futex: fix handling of read-only-mapped hugepages (VM
    Functionality).

  - random: fix accounting race condition with lockless irq
    entropy_count update (bnc#789359).

  - Provide realtime priority kthread and workqueue boot
    options (bnc#836718).

  - sched: Fix several races in CFS_BANDWIDTH (bnc#848336).

  - sched: Fix cfs_bandwidth misuse of
    hrtimer_expires_remaining (bnc#848336).

  - sched: Fix hrtimer_cancel()/rq->lock deadlock
    (bnc#848336).

  - sched: Fix race on toggling cfs_bandwidth_used
    (bnc#848336).

  - sched: Fix buglet in return_cfs_rq_runtime().

  - sched: Guarantee new group-entities always have weight
    (bnc#848336).

  - sched: Use jump labels to reduce overhead when bandwidth
    control is inactive (bnc#848336). watchdog: Get rid of
    MODULE_ALIAS_MISCDEV statements (bnc#827767).

    tcp: bind() fix autoselection to share ports
    (bnc#823618).

  - tcp: bind() use stronger condition for bind_conflict
    (bnc#823618).

  - tcp: ipv6: bind() use stronger condition for
    bind_conflict (bnc#823618).

  - macvlan: disable LRO on lower device instead of macvlan
    (bnc#846984).

  - macvlan: introduce IFF_MACVLAN flag and helper function
    (bnc#846984).

  - macvlan: introduce macvlan_dev_real_dev() helper
    function (bnc#846984).

  - xen: netback: bump tx queue length (bnc#849404).

  - xen: xen_spin_kick fixed crash/lock release
    (bnc#807434)(bnc#848652).

  - xen: fixed USB passthrough issue (bnc#852624).

  - netxen: fix off by one bug in netxen_release_tx_buffer()
    (bnc#845729).

  - xfrm: invalidate dst on policy insertion/deletion
    (bnc#842239). xfrm: prevent ipcomp scratch buffer race
    condition (bnc#842239).

    crypto: Fix aes-xts parameter corruption (bnc#854546,
    LTC#100718).

    crypto: gf128mul - fix call to memset() (obvious fix).

    autofs4: autofs4_wait() vs. autofs4_catatonic_mode()
    race (bnc#851314).

  - autofs4: catatonic_mode vs. notify_daemon race
    (bnc#851314).

  - autofs4: close the races around autofs4_notify_daemon()
    (bnc#851314).

  - autofs4: deal with autofs4_write/autofs4_write races
    (bnc#851314).

  - autofs4 - dont clear DCACHE_NEED_AUTOMOUNT on rootless
    mount (bnc#851314).

  - autofs4 - fix deal with autofs4_write races
    (bnc#851314). autofs4 - use simple_empty() for empty
    directory check (bnc#851314).

    blkdev_max_block: make private to fs/buffer.c
    (bnc#820338).

    Avoid softlockup in shrink_dcache_for_umount_subtree
    (bnc#834473).

    dlm: set zero linger time on sctp socket (bnc#787843).

  - SUNRPC: Fix a data corruption issue when retransmitting
    RPC calls (bnc#855037)

  - nfs: Change NFSv4 to not recover locks after they are
    lost (bnc#828236). nfs: Adapt readdirplus to application
    usage patterns (bnc#834708).

    xfs: Account log unmount transaction correctly
    (bnc#849950).

  - xfs: improve ioend error handling (bnc#846036).

  - xfs: reduce ioend latency (bnc#846036).

  - xfs: use per-filesystem I/O completion workqueues
    (bnc#846036). xfs: Hide additional entries in struct
    xfs_mount (bnc#846036 bnc#848544).

    vfs: avoid 'attempt to access beyond end of device'
    warnings (bnc#820338).

    vfs: fix O_DIRECT read past end of block device
    (bnc#820338).

    cifs: Improve performance of browsing directories with
    several files (bnc#810323).

    cifs: Ensure cifs directories do not show up as files
    (bnc#826602).

    sd: avoid deadlocks when running under multipath
    (bnc#818545).

  - sd: fix crash when UA received on DIF enabled device
    (bnc#841445). sg: fix blk_get_queue usage (bnc#834808).

    block: factor out vector mergeable decision to a helper
    function (bnc#769644).

    block: modify __bio_add_page check to accept pages that
    do not start a new segment (bnc#769644).

    dm-multipath: abort all requests when failing a path
    (bnc#798050).

  - scsi: Add 'eh_deadline' to limit SCSI EH runtime
    (bnc#798050).

  - scsi: Allow error handling timeout to be specified
    (bnc#798050).

  - scsi: Fixup compilation warning (bnc#798050).

  - scsi: Retry failfast commands after EH (bnc#798050).

  - scsi: Warn on invalid command completion (bnc#798050).

  - scsi: kABI fixes (bnc#798050).

  - scsi: remove check for 'resetting' (bnc#798050).

  - advansys: Remove 'last_reset' references (bnc#798050).

  - cleanup setting task state in scsi_error_handler()
    (bnc#798050).

  - dc395: Move 'last_reset' into internal host structure
    (bnc#798050).

  - dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050).

  - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset
    (bnc#798050). tmscsim: Move 'last_reset' into host
    structure (bnc#798050).

    scsi_dh: invoke callback if ->activate is not present
    (bnc#708296).

  - scsi_dh: return individual errors in scsi_dh_activate()
    (bnc#708296).

  - scsi_dh_alua: Decode EMC Clariion extended inquiry
    (bnc#708296).

  - scsi_dh_alua: Decode HP EVA array identifier
    (bnc#708296).

  - scsi_dh_alua: Evaluate state for all port groups
    (bnc#708296).

  - scsi_dh_alua: Fix missing close brace in
    alua_check_sense (bnc#843642).

  - scsi_dh_alua: Make stpg synchronous (bnc#708296).

  - scsi_dh_alua: Pass buffer as function argument
    (bnc#708296).

  - scsi_dh_alua: Re-evaluate port group states after STPG
    (bnc#708296).

  - scsi_dh_alua: Recheck state on transitioning
    (bnc#708296).

  - scsi_dh_alua: Rework rtpg workqueue (bnc#708296).

  - scsi_dh_alua: Use separate alua_port_group structure
    (bnc#708296).

  - scsi_dh_alua: Allow get_alua_data() to return NULL
    (bnc#839407).

  - scsi_dh_alua: asynchronous RTPG (bnc#708296).

  - scsi_dh_alua: correctly terminate target port strings
    (bnc#708296).

  - scsi_dh_alua: defer I/O while workqueue item is pending
    (bnc#708296).

  - scsi_dh_alua: Do not attach to RAID or enclosure devices
    (bnc#819979).

  - scsi_dh_alua: Do not attach to well-known LUNs
    (bnc#821980).

  - scsi_dh_alua: fine-grained locking in alua_rtpg_work()
    (bnc#708296).

  - scsi_dh_alua: invalid state information for 'optimized'
    paths (bnc#843445).

  - scsi_dh_alua: move RTPG to workqueue (bnc#708296).

  - scsi_dh_alua: move 'expiry' into PG structure
    (bnc#708296).

  - scsi_dh_alua: move some sense code handling into generic
    code (bnc#813245).

  - scsi_dh_alua: multipath failover fails with error 15
    (bnc#825696).

  - scsi_dh_alua: parse target device id (bnc#708296).

  - scsi_dh_alua: protect accesses to struct alua_port_group
    (bnc#708296).

  - scsi_dh_alua: put sense buffer on stack (bnc#708296).

  - scsi_dh_alua: reattaching device handler fails with
    'Error 15' (bnc#843429).

  - scsi_dh_alua: remove locking when checking state
    (bnc#708296).

  - scsi_dh_alua: remove stale variable (bnc#708296).

  - scsi_dh_alua: retry RTPG on UNIT ATTENTION (bnc#708296).

  - scsi_dh_alua: retry command on 'mode parameter changed'
    sense code (bnc#843645).

  - scsi_dh_alua: simplify alua_check_sense() (bnc#843642).

  - scsi_dh_alua: simplify state update (bnc#708296).

  - scsi_dh_alua: use delayed_work (bnc#708296).

  - scsi_dh_alua: use flag for RTPG extended header
    (bnc#708296).

  - scsi_dh_alua: use local buffer for VPD inquiry
    (bnc#708296). scsi_dh_alua: use spin_lock_irqsave for
    port group (bnc#708296).

    lpfc: Do not free original IOCB whenever ABTS fails
    (bnc#806988).

  - lpfc: Fix kernel warning on spinlock usage (bnc#806988).
    lpfc: Fixed system panic due to midlayer abort
    (bnc#806988).

    qla2xxx: Add module parameter to override the default
    request queue size (bnc#826756).

    qla2xxx: Module parameter 'ql2xasynclogin' (bnc#825896).

    bna: do not register ndo_set_rx_mode callback
    (bnc#847261).

  - hv: handle more than just WS2008 in KVP negotiation
    (bnc#850640). drm: do not add inferred modes for
    monitors that do not support them (bnc#849809).

    pci/quirks: Modify reset method for Chelsio T4
    (bnc#831168).

  - pci: fix truncation of resource size to 32 bits
    (bnc#843419).

  - pci: pciehp: Retrieve link speed after link is trained
    (bnc#820102).

  - pci: Separate pci_bus_read_dev_vendor_id from
    pci_scan_device (bnc#820102).

  - pci: pciehp: replace unconditional sleep with config
    space access check (bnc#820102).

  - pci: pciehp: make check_link_active more helpful
    (bnc#820102).

  - pci: pciehp: Add pcie_wait_link_not_active()
    (bnc#820102).

  - pci: pciehp: Add Disable/enable link functions
    (bnc#820102). pci: pciehp: Disable/enable link during
    slot power off/on (bnc#820102).

    mlx4: allocate just enough pages instead of always 4
    pages (bnc#835186 bnc#835074).

  - mlx4: allow order-0 memory allocations in RX path
    (bnc#835186 bnc#835074).

  - net/mlx4: use one page fragment per incoming frame
    (bnc#835186 bnc#835074). qeth: request length checking
    in snmp ioctl (bnc#849848, LTC#99511).

    cio: add message for timeouts on internal I/O
    (bnc#837739,LTC#97047).

  - s390/cio: dont abort verification after missing irq
    (bnc#837739,LTC#97047).

  - s390/cio: skip broken paths (bnc#837739,LTC#97047).

  - s390/cio: export vpm via sysfs (bnc#837739,LTC#97047).

  - s390/cio: handle unknown pgroup state
    (bnc#837739,LTC#97047).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # http://download.novell.com/patch/finder/?keywords=282330ca15c25c5d414afa797fd00055
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?868cf5d3"
  );
  # http://download.novell.com/patch/finder/?keywords=3d92bf18525263d6502455d7bb30778d
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?2a485ef5"
  );
  # http://download.novell.com/patch/finder/?keywords=457afa810386e3c89cbe7d34f2669ec6
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?ca5a28ab"
  );
  # http://download.novell.com/patch/finder/?keywords=67177844fdc4ad7928d0b72e827b1792
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?01806ec9"
  );
  # http://download.novell.com/patch/finder/?keywords=6d440d2c2b586181d099e77b38c3f10c
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6a85609c"
  );
  # http://download.novell.com/patch/finder/?keywords=7e6471ccc2fab115e43fdd4825b2703d
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?fa4ec765"
  );
  # http://download.novell.com/patch/finder/?keywords=8f7b9d1a1e950072493fafe9d3ce7b0b
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?778d6b1b"
  );
  # http://download.novell.com/patch/finder/?keywords=96c8b378c86a8c1970d130e0ca6c215e
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?708c45bc"
  );
  # http://download.novell.com/patch/finder/?keywords=9a3c3a81214dce764b5a30eb1137ff05
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?85e179a3"
  );
  # http://download.novell.com/patch/finder/?keywords=a3c4d33c79469ac8a1f49845dce098d2
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?9a65d93f"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4345.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4483.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4511.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4514.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4515.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4587.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4592.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6367.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6368.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6378.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6380.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6383.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6463.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-7027.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/708296"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/769644"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/787843"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/789359"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/798050"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/806988"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/807434"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/810323"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/813245"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/818545"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/819979"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/820102"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/820338"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/821980"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/823618"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/825696"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/825896"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/826602"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/826756"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/827767"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/828236"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/831168"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/834473"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/834708"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/834808"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/835074"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/835186"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/836718"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/837739"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/838623"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/839407"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/840226"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/841445"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/842239"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/843419"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/843429"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/843445"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/843642"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/843645"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/845621"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/845729"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/846036"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/846984"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/847261"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/848321"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/848336"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/848544"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/848652"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/849021"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/849029"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/849034"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/849404"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/849675"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/849809"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/849848"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/849950"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/850640"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/851066"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/851101"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/851314"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/852373"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/852558"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/852559"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/852624"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/853050"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/853051"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/853052"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/854546"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/854634"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/854722"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/855037"
  );
  # https://www.suse.com/support/update/announcement/2014/suse-su-20140140-1.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?ff8b4ee9"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 11 SP2 for VMware :

zypper in -t patch slessp2-kernel-8779 slessp2-kernel-8791

SUSE Linux Enterprise Server 11 SP2 :

zypper in -t patch slessp2-kernel-8779 slessp2-kernel-8780
slessp2-kernel-8781 slessp2-kernel-8791 slessp2-kernel-8792

SUSE Linux Enterprise High Availability Extension 11 SP2 :

zypper in -t patch sleshasp2-kernel-8779 sleshasp2-kernel-8780
sleshasp2-kernel-8781 sleshasp2-kernel-8791 sleshasp2-kernel-8792

SUSE Linux Enterprise Desktop 11 SP2 :

zypper in -t patch sledsp2-kernel-8779 sledsp2-kernel-8791

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-trace");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/01/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = eregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! ereg(pattern:"^(SLED11|SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED11 / SLES11", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES11" && (! ereg(pattern:"^2$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP2", os_ver + " SP" + sp);
if (os_ver == "SLED11" && (! ereg(pattern:"^2$", string:sp))) audit(AUDIT_OS_NOT, "SLED11 SP2", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"kernel-ec2-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"kernel-ec2-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"kernel-ec2-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"kernel-xen-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"kernel-xen-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"xen-kmp-default-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"xen-kmp-trace-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"kernel-pae-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"kernel-pae-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"kernel-pae-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"xen-kmp-pae-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"kernel-default-man-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"kernel-default-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"kernel-default-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"kernel-default-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"kernel-source-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"kernel-syms-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"kernel-trace-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"kernel-trace-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"kernel-trace-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", cpu:"i586", reference:"kernel-ec2-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", cpu:"i586", reference:"kernel-ec2-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", cpu:"i586", reference:"kernel-ec2-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", cpu:"i586", reference:"kernel-xen-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", cpu:"i586", reference:"kernel-xen-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", cpu:"i586", reference:"xen-kmp-default-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
if (rpm_check(release:"SLES11", sp:"2", cpu:"i586", reference:"xen-kmp-trace-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
if (rpm_check(release:"SLES11", sp:"2", cpu:"i586", reference:"kernel-pae-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", cpu:"i586", reference:"kernel-pae-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", cpu:"i586", reference:"xen-kmp-pae-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"x86_64", reference:"kernel-default-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"x86_64", reference:"kernel-default-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"x86_64", reference:"kernel-default-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"x86_64", reference:"kernel-default-extra-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"x86_64", reference:"kernel-source-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"x86_64", reference:"kernel-syms-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"x86_64", reference:"kernel-trace-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"x86_64", reference:"kernel-trace-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"x86_64", reference:"kernel-trace-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"x86_64", reference:"kernel-trace-extra-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"x86_64", reference:"kernel-xen-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"x86_64", reference:"kernel-xen-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"x86_64", reference:"kernel-xen-extra-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"x86_64", reference:"xen-kmp-default-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"x86_64", reference:"xen-kmp-trace-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"x86_64", reference:"kernel-pae-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"x86_64", reference:"kernel-pae-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"x86_64", reference:"kernel-pae-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"x86_64", reference:"kernel-pae-extra-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"x86_64", reference:"xen-kmp-pae-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"i586", reference:"kernel-default-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"i586", reference:"kernel-default-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"i586", reference:"kernel-default-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"i586", reference:"kernel-default-extra-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"i586", reference:"kernel-source-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"i586", reference:"kernel-syms-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"i586", reference:"kernel-trace-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"i586", reference:"kernel-trace-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"i586", reference:"kernel-trace-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"i586", reference:"kernel-trace-extra-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"i586", reference:"kernel-xen-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"i586", reference:"kernel-xen-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"i586", reference:"kernel-xen-extra-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"i586", reference:"xen-kmp-default-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"i586", reference:"xen-kmp-trace-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"i586", reference:"kernel-pae-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"i586", reference:"kernel-pae-base-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"i586", reference:"kernel-pae-extra-3.0.101-0.7.15.1")) flag++;
if (rpm_check(release:"SLED11", sp:"2", cpu:"i586", reference:"xen-kmp-pae-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}