Vulnerabilities > CVE-2013-4515 - Information Exposure vulnerability in Linux Kernel
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Subverting Environment Variable Values The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
- Footprinting An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
- Exploiting Trust in Client (aka Make the Client Invisible) An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
- Browser Fingerprinting An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
- Session Credential Falsification through Prediction This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Nessus
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1533.NASL description According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw was found in the way the Linux kernel last seen 2020-03-19 modified 2019-05-14 plugin id 124986 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124986 title EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1533) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(124986); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19"); script_cve_id( "CVE-2013-4515", "CVE-2013-6378", "CVE-2014-0196", "CVE-2014-3673", "CVE-2014-3690", "CVE-2014-9715", "CVE-2014-9731", "CVE-2015-2672", "CVE-2015-6937", "CVE-2015-7613", "CVE-2015-8844", "CVE-2016-0821", "CVE-2016-2066", "CVE-2016-6156", "CVE-2017-1000251", "CVE-2017-18200", "CVE-2017-2671", "CVE-2018-10883", "CVE-2018-15594", "CVE-2018-5344" ); script_bugtraq_id( 63518, 63886, 67199, 67282, 70691, 70883, 73953, 75001 ); script_name(english:"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1533)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization for ARM 64 host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially crafted packets that would initiate the loading of a large number of extensions, causing the targeted system in that network to crash.(CVE-2014-9715i1/4%0 - A flaw was found in the Linux kernel which could cause a kernel panic when restoring machine specific registers on the PowerPC platform. Incorrect transactional memory state registers could inadvertently change the call path on return from userspace and cause the kernel to enter an unknown state and crash.(CVE-2015-8844i1/4%0 - A timing flaw was found in the Chrome EC driver in the Linux kernel. An attacker could abuse timing to skip validation checks to copy additional data from userspace possibly increasing privilege or crashing the system.(CVE-2016-6156i1/4%0 - A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to elevate their privileges on the system.(CVE-2015-7613i1/4%0 - A path length checking flaw was found in Linux kernels built with UDF file system (CONFIG_UDF_FS) support. An attacker able to mount a corrupted/malicious UDF file system image could use this flaw to leak kernel memory to user-space.(CVE-2014-9731i1/4%0 - A race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system.(CVE-2017-2671i1/4%0 - The f2fs implementation in the Linux kernel, before 4.14, mishandles reference counts associated with f2fs_wait_discard_bios calls. This allows local users to cause a denial of service (BUG), as demonstrated by fstrim.(CVE-2017-18200i1/4%0 - The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.(CVE-2016-0821i1/4%0 - The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection against instruction faulting, which allows local users to cause a denial of service (panic) by triggering a fault, as demonstrated by an unaligned memory operand or a non-canonical address memory operand.(CVE-2015-2672i1/4%0 - The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the 'LECHO i1/4+ !OPOST' case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.(CVE-2014-0196i1/4%0 - In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.(CVE-2018-5344i1/4%0 - The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation.(CVE-2013-6378i1/4%0 - A NULL-pointer dereference vulnerability was discovered in the Linux kernel. The kernel's Reliable Datagram Sockets (RDS) protocol implementation did not verify that an underlying transport existed before creating a connection to a remote server. A local system user could exploit this flaw to crash the system by creating sockets at specific times to trigger a NULL pointer dereference.(CVE-2015-6937i1/4%0 - A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64le), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64le the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges.(CVE-2017-1000251i1/4%0 - Integer signedness error in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application that makes an ioctl call.(CVE-2016-2066i1/4%0 - The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call.(CVE-2013-4515i1/4%0 - A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled malformed Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system.(CVE-2014-3673i1/4%0 - It was found that paravirt_patch_call/jump() functions in the arch/x86/kernel/paravirt.c in the Linux kernel mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtualized guests.(CVE-2018-15594i1/4%0 - It was found that the Linux kernel's KVM implementation did not ensure that the host CR4 control register value remained unchanged across VM entries on the same virtual CPU. A local, unprivileged user could use this flaw to cause a denial of service on the system.(CVE-2014-3690i1/4%0 - A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.(CVE-2018-10883i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1533 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b6ad58ff"); script_set_attribute(attribute:"solution", value: "Update the affected kernel packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu); flag = 0; pkgs = ["kernel-4.19.28-1.2.117", "kernel-devel-4.19.28-1.2.117", "kernel-headers-4.19.28-1.2.117", "kernel-tools-4.19.28-1.2.117", "kernel-tools-libs-4.19.28-1.2.117", "kernel-tools-libs-devel-4.19.28-1.2.117", "perf-4.19.28-1.2.117", "python-perf-4.19.28-1.2.117"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-113.NASL description The Linux kernel was updated to fix various bugs and security issues : - mm/page-writeback.c: do not count anon pages as dirtyable memory (reclaim stalls). - mm/page-writeback.c: fix dirty_balance_reserve subtraction from dirtyable memory (reclaim stalls). - compat_sys_recvmmsg X32 fix (bnc#860993 CVE-2014-0038). - hwmon: (coretemp) Fix truncated name of alarm attributes - net: fib: fib6_add: fix potential NULL pointer dereference (bnc#854173 CVE-2013-6431). - keys: fix race with concurrent install_user_keyrings() (bnc#808358)(CVE-2013-1792). - KVM: x86: Convert vapic synchronization to _cached functions (CVE-2013-6368) (bnc#853052 CVE-2013-6368). - wireless: radiotap: fix parsing buffer overrun (bnc#854634 CVE-2013-7027). - KVM: x86: fix guest-initiated crash with x2apic (CVE-2013-6376) (bnc#853053 CVE-2013-6376). - KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) (bnc#853051 CVE-2013-6367). - KVM: Improve create VCPU parameter (CVE-2013-4587) (bnc#853050 CVE-2013-4587). - staging: ozwpan: prevent overflow in oz_cdev_write() (bnc#849023 CVE-2013-4513). - perf/x86: Fix offcore_rsp valid mask for SNB/IVB (bnc#825006). - perf/x86: Add Intel IvyBridge event scheduling constraints (bnc#825006). - libertas: potential oops in debugfs (bnc#852559 CVE-2013-6378). - aacraid: prevent invalid pointer dereference (bnc#852373 CVE-2013-6380). - staging: wlags49_h2: buffer overflow setting station name (bnc#849029 CVE-2013-4514). - net: flow_dissector: fail on evil iph->ihl (bnc#848079 CVE-2013-4348). - Staging: bcm: info leak in ioctl (bnc#849034 CVE-2013-4515). - Refresh patches.fixes/net-rework-recvmsg-handler-msg_name-and-ms g_namelen-logic.patch. - ipv6: remove max_addresses check from ipv6_create_tempaddr (bnc#805226, CVE-2013-0343). - net: rework recvmsg handler msg_name and msg_namelen logic (bnc#854722). - crypto: ansi_cprng - Fix off by one error in non-block size request (bnc#840226). - x6: Fix reserve_initrd so that acpi_initrd_override is reached (bnc#831836). - Refresh other Xen patches. - aacraid: missing capable() check in compat ioctl (bnc#852558). - patches.fixes/gpio-ich-fix-ichx_gpio_check_available-ret urn.patch: Update upstream reference - perf/ftrace: Fix paranoid level for enabling function tracer (bnc#849362). - xhci: fix NULL pointer dereference on ring_doorbell_for_active_rings (bnc#848255). - xhci: Fix oops happening after address device timeout (bnc#848255). - xhci: Ensure a command structure points to the correct trb on the command ring (bnc#848255). - patches.arch/iommu-vt-d-remove-stack-trace-from-broken-i rq-remapping-warning.patch: Update upstream reference. - Allow NFSv4 username mapping to work properly (bnc#838024). - Refresh btrfs attribute publishing patchset to match openSUSE-13.1 No user-visible changes, but uses kobj_sysfs_ops and better kobject lifetime management. - Fix a few incorrectly checked [io_]remap_pfn_range() calls (bnc#849021, CVE-2013-4511). - drm/radeon: don last seen 2020-06-05 modified 2014-06-13 plugin id 75251 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75251 title openSUSE Security Update : kernel (openSUSE-SU-2014:0204-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2014-113. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75251); script_version("1.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-0343", "CVE-2013-1792", "CVE-2013-4348", "CVE-2013-4511", "CVE-2013-4513", "CVE-2013-4514", "CVE-2013-4515", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6378", "CVE-2013-6380", "CVE-2013-6431", "CVE-2013-7027", "CVE-2014-0038"); script_name(english:"openSUSE Security Update : kernel (openSUSE-SU-2014:0204-1)"); script_summary(english:"Check for the openSUSE-2014-113 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "The Linux kernel was updated to fix various bugs and security issues : - mm/page-writeback.c: do not count anon pages as dirtyable memory (reclaim stalls). - mm/page-writeback.c: fix dirty_balance_reserve subtraction from dirtyable memory (reclaim stalls). - compat_sys_recvmmsg X32 fix (bnc#860993 CVE-2014-0038). - hwmon: (coretemp) Fix truncated name of alarm attributes - net: fib: fib6_add: fix potential NULL pointer dereference (bnc#854173 CVE-2013-6431). - keys: fix race with concurrent install_user_keyrings() (bnc#808358)(CVE-2013-1792). - KVM: x86: Convert vapic synchronization to _cached functions (CVE-2013-6368) (bnc#853052 CVE-2013-6368). - wireless: radiotap: fix parsing buffer overrun (bnc#854634 CVE-2013-7027). - KVM: x86: fix guest-initiated crash with x2apic (CVE-2013-6376) (bnc#853053 CVE-2013-6376). - KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) (bnc#853051 CVE-2013-6367). - KVM: Improve create VCPU parameter (CVE-2013-4587) (bnc#853050 CVE-2013-4587). - staging: ozwpan: prevent overflow in oz_cdev_write() (bnc#849023 CVE-2013-4513). - perf/x86: Fix offcore_rsp valid mask for SNB/IVB (bnc#825006). - perf/x86: Add Intel IvyBridge event scheduling constraints (bnc#825006). - libertas: potential oops in debugfs (bnc#852559 CVE-2013-6378). - aacraid: prevent invalid pointer dereference (bnc#852373 CVE-2013-6380). - staging: wlags49_h2: buffer overflow setting station name (bnc#849029 CVE-2013-4514). - net: flow_dissector: fail on evil iph->ihl (bnc#848079 CVE-2013-4348). - Staging: bcm: info leak in ioctl (bnc#849034 CVE-2013-4515). - Refresh patches.fixes/net-rework-recvmsg-handler-msg_name-and-ms g_namelen-logic.patch. - ipv6: remove max_addresses check from ipv6_create_tempaddr (bnc#805226, CVE-2013-0343). - net: rework recvmsg handler msg_name and msg_namelen logic (bnc#854722). - crypto: ansi_cprng - Fix off by one error in non-block size request (bnc#840226). - x6: Fix reserve_initrd so that acpi_initrd_override is reached (bnc#831836). - Refresh other Xen patches. - aacraid: missing capable() check in compat ioctl (bnc#852558). - patches.fixes/gpio-ich-fix-ichx_gpio_check_available-ret urn.patch: Update upstream reference - perf/ftrace: Fix paranoid level for enabling function tracer (bnc#849362). - xhci: fix NULL pointer dereference on ring_doorbell_for_active_rings (bnc#848255). - xhci: Fix oops happening after address device timeout (bnc#848255). - xhci: Ensure a command structure points to the correct trb on the command ring (bnc#848255). - patches.arch/iommu-vt-d-remove-stack-trace-from-broken-i rq-remapping-warning.patch: Update upstream reference. - Allow NFSv4 username mapping to work properly (bnc#838024). - Refresh btrfs attribute publishing patchset to match openSUSE-13.1 No user-visible changes, but uses kobj_sysfs_ops and better kobject lifetime management. - Fix a few incorrectly checked [io_]remap_pfn_range() calls (bnc#849021, CVE-2013-4511). - drm/radeon: don't set hpd, afmt interrupts when interrupts are disabled. - patches.fixes/cifs-fill-TRANS2_QUERY_FILE_INFO-ByteCount -fields.patch: Fix TRANS2_QUERY_FILE_INFO ByteCount fields (bnc#804950). - iommu: Remove stack trace from broken irq remapping warning (bnc#844513). - Disable patches related to bnc#840656 patches.suse/btrfs-cleanup-don-t-check-the-same-thing-tw ice patches.suse/btrfs-0220-fix-for-patch-cleanup-don-t-chec k-the-same-thi.patch - btrfs: use feature attribute names to print better error messages. - btrfs: add ability to change features via sysfs. - btrfs: add publishing of unknown features in sysfs. - btrfs: publish per-super features to sysfs. - btrfs: add per-super attributes to sysfs. - btrfs: export supported featured to sysfs. - kobject: introduce kobj_completion. - btrfs: add ioctls to query/change feature bits online. - btrfs: use btrfs_commit_transaction when setting fslabel. - x86/iommu/vt-d: Expand interrupt remapping quirk to cover x58 chipset (bnc#844513). - NFSv4: Fix issues in nfs4_discover_server_trunking (bnc#811746). - iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets (bnc#844513)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=804950" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=805226" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=808358" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=811746" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=825006" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=831836" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=838024" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=840226" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=840656" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=844513" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=848079" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=848255" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849021" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849023" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849029" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849034" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849362" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=852373" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=852558" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=852559" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=853050" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=853051" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=853052" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=853053" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=854173" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=854634" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=854722" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=860993" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2014-02/msg00021.html" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel recvmmsg Privilege Escalation'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-base-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-base-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-debugsource-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-devel-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-devel-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"kernel-devel-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"kernel-source-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"kernel-source-vanilla-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"kernel-syms-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-base-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-base-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-debugsource-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-devel-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-devel-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-base-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-base-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-debugsource-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-devel-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-devel-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-base-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-base-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-debugsource-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-devel-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-devel-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-base-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-base-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-debugsource-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-devel-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-devel-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-base-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-base-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-debugsource-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-devel-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-devel-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-vanilla-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-vanilla-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-vanilla-debugsource-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-vanilla-devel-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-vanilla-devel-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-base-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-base-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-debugsource-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-devel-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-devel-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-base-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-base-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-debugsource-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-devel-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-devel-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-base-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-base-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-debugsource-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-devel-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-devel-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-base-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-base-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-debugsource-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-devel-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-devel-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-base-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-base-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-debugsource-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-devel-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-devel-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-base-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-base-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-debugsource-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-devel-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-devel-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-vanilla-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-vanilla-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-vanilla-debugsource-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-vanilla-devel-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-vanilla-devel-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-base-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-debugsource-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-devel-3.7.10-1.28.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-devel-debuginfo-3.7.10-1.28.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-0189-1.NASL description The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added : - supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed : CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050) CVE-2013-4592: Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101) CVE-2013-6367: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051) CVE-2013-6368: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052) CVE-2013-6376: The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode. (bnc#853053) CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321) CVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021) CVE-2013-4514: Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029) CVE-2013-4515: The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034) CVE-2013-6378: The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559) CVE-2013-6380: The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373) CVE-2013-7027: The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634) CVE-2013-6463: Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722) CVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558) CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226) CVE-2013-2146: arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. (bnc#825006) CVE-2013-2930: The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. (bnc#849362) Also the following non-security bugs have been fixed : - kernel: correct tlb flush on page table upgrade (bnc#847660, LTC#99268). - kernel: fix floating-point-control register save and restore (bnc#847660, LTC#99000). kernel: correct handling of asce-type exceptions (bnc#851879, LTC#100293). watchdog: Get rid of MODULE_ALIAS_MISCDEV statements (bnc#827767). - random: fix accounting race condition with lockless irq entropy_count update (bnc#789359). - blktrace: Send BLK_TN_PROCESS events to all running traces (bnc#838623). - printk: forcibly flush nmi ringbuffer if oops is in progress (bnc#849675). - Introduce KABI exception for cpuidle_state->disable via #ifndef __GENKSYMS__ - Honor state disabling in the cpuidle ladder governor (bnc#845378). - cpuidle: add a sysfs entry to disable specific C state for debug purpose (bnc#845378). - net: Do not enable tx-nocache-copy by default (bnc#845378). - mm: reschedule to avoid RCU stall triggering during boot of large machines (bnc#820434,bnc#852153). rtc-cmos: Add an alarm disable quirk (bnc#805740). tty/hvc_iucv: Disconnect IUCV connection when lowering DTR (bnc#839973, LTC#97595). tty/hvc_console: Add DTR/RTS callback to handle HUPCL control (bnc#839973, LTC#97595). sched: Avoid throttle_cfs_rq() racing with period_timer stopping (bnc#848336). - sched/balancing: Periodically decay max cost of idle balance (bnc#849256). - sched: Consider max cost of idle balance per sched domain (bnc#849256). - sched: Reduce overestimating rq->avg_idle (bnc#849256). - sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining (bnc#848336). - sched: Fix hrtimer_cancel()/rq->lock deadlock (bnc#848336). - sched: Fix race on toggling cfs_bandwidth_used (bnc#848336). - sched: Guarantee new group-entities always have weight (bnc#848336). - sched: Use jump labels to reduce overhead when bandwidth control is inactive (bnc#848336). sched: Fix several races in CFS_BANDWIDTH (bnc#848336). futex: fix handling of read-only-mapped hugepages (VM Functionality). - futex: move user address verification up to common code (bnc#851603). - futexes: Clean up various details (bnc#851603). - futexes: Increase hash table size for better performance (bnc#851603). - futexes: Document multiprocessor ordering guarantees (bnc#851603). - futexes: Avoid taking the hb->lock if there is nothing to wake up (bnc#851603). - futexes: Fix futex_hashsize initialization (bnc#851603). mutex: Make more scalable by doing fewer atomic operations (bnc#849256). powerpc: Fix memory hotplug with sparse vmemmap (bnc#827527). - powerpc: Add System RAM to /proc/iomem (bnc#827527). - powerpc/mm: Mark Memory Resources as busy (bnc#827527). - powerpc: Fix fatal SLB miss when restoring PPR (bnc#853465). - powerpc: Make function that parses RTAS error logs global (bnc#852761). - powerpc/pseries: Parse and handle EPOW interrupts (bnc#852761). - powerpc/rtas_flash: Fix validate_flash buffer overflow issue (bnc#847842). powerpc/rtas_flash: Fix bad memory access (bnc#847842). x86: Update UV3 hub revision ID (bnc#846298 fate#314987). - x86: Remove some noise from boot log when starting cpus (bnc#770541). - x86/microcode/amd: Tone down printk(), do not treat a missing firmware file as an error (bnc#843654). - x86/dumpstack: Fix printk_address for direct addresses (bnc#845621). x86/PCI: reduce severity of host bridge window conflict warnings (bnc#858534). ipv6: fix race condition regarding dst->expires and dst->from (bnc#843185). - netback: bump tx queue length (bnc#849404). - xfrm: invalidate dst on policy insertion/deletion (bnc#842239). xfrm: prevent ipcomp scratch buffer race condition (bnc#842239). tcp: bind() fix autoselection to share ports (bnc#823618). - tcp: bind() use stronger condition for bind_conflict (bnc#823618). - tcp: ipv6: bind() use stronger condition for bind_conflict (bnc#823618). kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops (bnc#823618). macvlan: introduce IFF_MACVLAN flag and helper function (bnc#846984). - macvlan: introduce macvlan_dev_real_dev() helper function (bnc#846984). macvlan: disable LRO on lower device instead of macvlan (bnc#846984). fs: Avoid softlockup in shrink_dcache_for_umount_subtree (bnc#834473). - blkdev_max_block: make private to fs/buffer.c (bnc#820338). storage: SMI Corporation usb key added to READ_CAPACITY_10 quirk (bnc#850324). autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race (bnc#851314). - autofs4: catatonic_mode vs. notify_daemon race (bnc#851314). - autofs4: close the races around autofs4_notify_daemon() (bnc#851314). - autofs4: deal with autofs4_write/autofs4_write races (bnc#851314). - autofs4: dont clear DCACHE_NEED_AUTOMOUNT on rootless mount (bnc#851314). - autofs4: fix deal with autofs4_write races (bnc#851314). autofs4: use simple_empty() for empty directory check (bnc#851314). dlm: set zero linger time on sctp socket (bnc#787843). - SUNRPC: Fix a data corruption issue when retransmitting RPC calls (no bugzilla yet - netapp confirms problem and fix). - nfs: Change NFSv4 to not recover locks after they are lost (bnc#828236). nfs: Adapt readdirplus to application usage patterns (bnc#834708). xfs: Account log unmount transaction correctly (bnc#849950). - xfs: improve ioend error handling (bnc#846036). - xfs: reduce ioend latency (bnc#846036). - xfs: use per-filesystem I/O completion workqueues (bnc#846036). xfs: Hide additional entries in struct xfs_mount (bnc#846036 bnc#848544). Btrfs: do not BUG_ON() if we get an error walking backrefs (FATE#312888). vfs: avoid last seen 2020-06-05 modified 2015-05-20 plugin id 83609 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83609 title SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2014:0189-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2014:0189-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(83609); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-2146", "CVE-2013-2930", "CVE-2013-4345", "CVE-2013-4483", "CVE-2013-4511", "CVE-2013-4514", "CVE-2013-4515", "CVE-2013-4587", "CVE-2013-4592", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6378", "CVE-2013-6380", "CVE-2013-6383", "CVE-2013-6463", "CVE-2013-7027"); script_bugtraq_id(60324, 62740, 63445, 63509, 63512, 63518, 63790, 63886, 63887, 63888, 64013, 64270, 64291, 64318, 64319, 64328, 64669, 64739, 64741, 64742, 64743, 64744, 64746); script_name(english:"SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2014:0189-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added : - supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed : CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050) CVE-2013-4592: Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101) CVE-2013-6367: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051) CVE-2013-6368: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052) CVE-2013-6376: The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode. (bnc#853053) CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321) CVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021) CVE-2013-4514: Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029) CVE-2013-4515: The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034) CVE-2013-6378: The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559) CVE-2013-6380: The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373) CVE-2013-7027: The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634) CVE-2013-6463: Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722) CVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558) CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226) CVE-2013-2146: arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. (bnc#825006) CVE-2013-2930: The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. (bnc#849362) Also the following non-security bugs have been fixed : - kernel: correct tlb flush on page table upgrade (bnc#847660, LTC#99268). - kernel: fix floating-point-control register save and restore (bnc#847660, LTC#99000). kernel: correct handling of asce-type exceptions (bnc#851879, LTC#100293). watchdog: Get rid of MODULE_ALIAS_MISCDEV statements (bnc#827767). - random: fix accounting race condition with lockless irq entropy_count update (bnc#789359). - blktrace: Send BLK_TN_PROCESS events to all running traces (bnc#838623). - printk: forcibly flush nmi ringbuffer if oops is in progress (bnc#849675). - Introduce KABI exception for cpuidle_state->disable via #ifndef __GENKSYMS__ - Honor state disabling in the cpuidle ladder governor (bnc#845378). - cpuidle: add a sysfs entry to disable specific C state for debug purpose (bnc#845378). - net: Do not enable tx-nocache-copy by default (bnc#845378). - mm: reschedule to avoid RCU stall triggering during boot of large machines (bnc#820434,bnc#852153). rtc-cmos: Add an alarm disable quirk (bnc#805740). tty/hvc_iucv: Disconnect IUCV connection when lowering DTR (bnc#839973, LTC#97595). tty/hvc_console: Add DTR/RTS callback to handle HUPCL control (bnc#839973, LTC#97595). sched: Avoid throttle_cfs_rq() racing with period_timer stopping (bnc#848336). - sched/balancing: Periodically decay max cost of idle balance (bnc#849256). - sched: Consider max cost of idle balance per sched domain (bnc#849256). - sched: Reduce overestimating rq->avg_idle (bnc#849256). - sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining (bnc#848336). - sched: Fix hrtimer_cancel()/rq->lock deadlock (bnc#848336). - sched: Fix race on toggling cfs_bandwidth_used (bnc#848336). - sched: Guarantee new group-entities always have weight (bnc#848336). - sched: Use jump labels to reduce overhead when bandwidth control is inactive (bnc#848336). sched: Fix several races in CFS_BANDWIDTH (bnc#848336). futex: fix handling of read-only-mapped hugepages (VM Functionality). - futex: move user address verification up to common code (bnc#851603). - futexes: Clean up various details (bnc#851603). - futexes: Increase hash table size for better performance (bnc#851603). - futexes: Document multiprocessor ordering guarantees (bnc#851603). - futexes: Avoid taking the hb->lock if there is nothing to wake up (bnc#851603). - futexes: Fix futex_hashsize initialization (bnc#851603). mutex: Make more scalable by doing fewer atomic operations (bnc#849256). powerpc: Fix memory hotplug with sparse vmemmap (bnc#827527). - powerpc: Add System RAM to /proc/iomem (bnc#827527). - powerpc/mm: Mark Memory Resources as busy (bnc#827527). - powerpc: Fix fatal SLB miss when restoring PPR (bnc#853465). - powerpc: Make function that parses RTAS error logs global (bnc#852761). - powerpc/pseries: Parse and handle EPOW interrupts (bnc#852761). - powerpc/rtas_flash: Fix validate_flash buffer overflow issue (bnc#847842). powerpc/rtas_flash: Fix bad memory access (bnc#847842). x86: Update UV3 hub revision ID (bnc#846298 fate#314987). - x86: Remove some noise from boot log when starting cpus (bnc#770541). - x86/microcode/amd: Tone down printk(), do not treat a missing firmware file as an error (bnc#843654). - x86/dumpstack: Fix printk_address for direct addresses (bnc#845621). x86/PCI: reduce severity of host bridge window conflict warnings (bnc#858534). ipv6: fix race condition regarding dst->expires and dst->from (bnc#843185). - netback: bump tx queue length (bnc#849404). - xfrm: invalidate dst on policy insertion/deletion (bnc#842239). xfrm: prevent ipcomp scratch buffer race condition (bnc#842239). tcp: bind() fix autoselection to share ports (bnc#823618). - tcp: bind() use stronger condition for bind_conflict (bnc#823618). - tcp: ipv6: bind() use stronger condition for bind_conflict (bnc#823618). kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops (bnc#823618). macvlan: introduce IFF_MACVLAN flag and helper function (bnc#846984). - macvlan: introduce macvlan_dev_real_dev() helper function (bnc#846984). macvlan: disable LRO on lower device instead of macvlan (bnc#846984). fs: Avoid softlockup in shrink_dcache_for_umount_subtree (bnc#834473). - blkdev_max_block: make private to fs/buffer.c (bnc#820338). storage: SMI Corporation usb key added to READ_CAPACITY_10 quirk (bnc#850324). autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race (bnc#851314). - autofs4: catatonic_mode vs. notify_daemon race (bnc#851314). - autofs4: close the races around autofs4_notify_daemon() (bnc#851314). - autofs4: deal with autofs4_write/autofs4_write races (bnc#851314). - autofs4: dont clear DCACHE_NEED_AUTOMOUNT on rootless mount (bnc#851314). - autofs4: fix deal with autofs4_write races (bnc#851314). autofs4: use simple_empty() for empty directory check (bnc#851314). dlm: set zero linger time on sctp socket (bnc#787843). - SUNRPC: Fix a data corruption issue when retransmitting RPC calls (no bugzilla yet - netapp confirms problem and fix). - nfs: Change NFSv4 to not recover locks after they are lost (bnc#828236). nfs: Adapt readdirplus to application usage patterns (bnc#834708). xfs: Account log unmount transaction correctly (bnc#849950). - xfs: improve ioend error handling (bnc#846036). - xfs: reduce ioend latency (bnc#846036). - xfs: use per-filesystem I/O completion workqueues (bnc#846036). xfs: Hide additional entries in struct xfs_mount (bnc#846036 bnc#848544). Btrfs: do not BUG_ON() if we get an error walking backrefs (FATE#312888). vfs: avoid 'attempt to access beyond end of device' warnings (bnc#820338). - vfs: fix O_DIRECT read past end of block device (bnc#820338). - cifs: Improve performance of browsing directories with several files (bnc#810323). cifs: Ensure cifs directories do not show up as files (bnc#826602). dm-multipath: abort all requests when failing a path (bnc#798050). - scsi: Add 'eh_deadline' to limit SCSI EH runtime (bnc#798050). - scsi: Allow error handling timeout to be specified (bnc#798050). - scsi: Fixup compilation warning (bnc#798050). - scsi: Retry failfast commands after EH (bnc#798050). - scsi: Warn on invalid command completion (bnc#798050). - advansys: Remove 'last_reset' references (bnc#798050). - cleanup setting task state in scsi_error_handler() (bnc#798050). - dc395: Move 'last_reset' into internal host structure (bnc#798050). - dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050). - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset (bnc#798050). - scsi: kABI fixes (bnc#798050). - scsi: remove check for 'resetting' (bnc#798050). tmscsim: Move 'last_reset' into host structure (bnc#798050). SCSI & usb-storage: add try_rc_10_first flag (bnc#853428). - iscsi_target: race condition on shutdown (bnc#850072). - libfcoe: Make fcoe_sysfs optional / fix fnic NULL exception (bnc#837206). - lpfc 8.3.42: Fixed issue of task management commands having a fixed timeout (bnc#856481). - advansys: Remove 'last_reset' references (bnc#856481). - dc395: Move 'last_reset' into internal host structure (bnc#856481). - Add 'eh_deadline' to limit SCSI EH runtime (bnc#856481). - remove check for 'resetting' (bnc#856481). tmscsim: Move 'last_reset' into host structure (bnc#856481). scsi_dh_rdac: Add new IBM 1813 product id to rdac devlist (bnc#846654). md: Change handling of save_raid_disk and metadata update during recovery (bnc#849364). dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#856481). dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset (bnc#856481). crypto: unload of aes_s390 module causes kernel panic (bnc#847660, LTC#98706). - crypto: Fix aes-xts parameter corruption (bnc#854546, LTC#100718). crypto: gf128mul - fix call to memset() (obvious fix). X.509: Fix certificate gathering (bnc#805114). pcifront: Deal with toolstack missing 'XenbusStateClosing' state. - xencons: generalize use of add_preferred_console() (bnc#733022, bnc#852652). - netxen: fix off by one bug in netxen_release_tx_buffer() (bnc#845729). - xen: xen_spin_kick fixed crash/lock release (bnc#807434)(bnc#848652). xen: fixed USB passthrough issue (bnc#852624). igb: Fix get_fw_version function for all parts (bnc#848317). - igb: Refactor of init_nvm_params (bnc#848317). - r8169: check ALDPS bit and disable it if enabled for the 8168g (bnc#845352). - qeth: request length checking in snmp ioctl (bnc#847660, LTC#99511). bnx2x: remove false warning regarding interrupt number (bnc#769035). usb: Fix xHCI host issues on remote wakeup (bnc#846989). - xhci: Limit the spurious wakeup fix only to HP machines (bnc#833097). - Intel xhci: refactor EHCI/xHCI port switching (bnc#840116). - xhci-hub.c: preserved kABI (bnc#840116). xhci: Refactor port status into a new function (bnc#840116). HID: multitouch: Add support for NextWindow 0340 touchscreen (bnc#849855). - HID: multitouch: Add support for Qaunta 3027 touchscreen (bnc#854516). - HID: multitouch: add support for Atmel 212c touchscreen (bnc#793727). - HID: multitouch: partial support of win8 devices (bnc#854516,bnc#793727,bnc#849855). HID: hid-multitouch: add support for the IDEACOM 6650 chip (bnc#854516,bnc#793727,bnc#849855). ALSA: hda - Fix inconsistent mic-mute LED (bnc#848864). ALSA: hda - load EQ params into IDT codec on HP bNB13 systems (bnc#850493). lpfc: correct some issues with txcomplq processing (bnc#818064). lpfc: correct an issue with rrq processing (bnc#818064). block: factor out vector mergeable decision to a helper function (bnc#769644). block: modify __bio_add_page check to accept pages that do not start a new segment (bnc#769644). sd: avoid deadlocks when running under multipath (bnc#818545). - sd: fix crash when UA received on DIF enabled device (bnc#841445). sg: fix blk_get_queue usage (bnc#834808). lpfc: Do not free original IOCB whenever ABTS fails (bnc#806988). - lpfc: Fix kernel warning on spinlock usage (bnc#806988). lpfc: Fixed system panic due to midlayer abort (bnc#806988). qla2xxx: Add module parameter to override the default request queue size (bnc#826756). qla2xxx: Module parameter 'ql2xasynclogin' (bnc#825896). Pragmatic workaround for realtime class abuse induced latency issues. Provide realtime priority kthread and workqueue boot options (bnc#836718). mlx4: allocate just enough pages instead of always 4 pages (bnc#835186 bnc#835074). - mlx4: allow order-0 memory allocations in RX path (bnc#835186 bnc#835074). - net/mlx4: use one page fragment per incoming frame (bnc#835186 bnc#835074). bna: do not register ndo_set_rx_mode callback (bnc#847261). PCI: pciehp: Retrieve link speed after link is trained (bnc#820102). - PCI: Separate pci_bus_read_dev_vendor_id from pci_scan_device (bnc#820102). - PCI: pciehp: replace unconditional sleep with config space access check (bnc#820102). - PCI: pciehp: make check_link_active more helpful (bnc#820102). - PCI: pciehp: Add pcie_wait_link_not_active() (bnc#820102). - PCI: pciehp: Add Disable/enable link functions (bnc#820102). - PCI: pciehp: Disable/enable link during slot power off/on (bnc#820102). PCI: fix truncation of resource size to 32 bits (bnc#843419). hv: handle more than just WS2008 in KVP negotiation (bnc#850640). mei: ME hardware reset needs to be synchronized (bnc#821619). kabi: Restore struct irq_desc::timer_rand_state. fs3270: unloading module does not remove device (bnc#851879, LTC#100284). cio: add message for timeouts on internal I/O (bnc#837739,LTC#97047). isci: Fix a race condition in the SSP task management path (bnc#826978). ptp: dynamic allocation of PHC char devices (bnc#851290). efifb: prevent null-deref when iterating dmi_list (bnc#848055). dm-mpath: Fixup race condition in activate_path() (bnc#708296). - dm-mpath: do not detach stale hardware handler (bnc#708296). dm-multipath: Improve logging (bnc#708296). scsi_dh: invoke callback if ->activate is not present (bnc#708296). - scsi_dh: return individual errors in scsi_dh_activate() (bnc#708296). - scsi_dh_alua: Decode EMC Clariion extended inquiry (bnc#708296). - scsi_dh_alua: Decode HP EVA array identifier (bnc#708296). - scsi_dh_alua: Evaluate state for all port groups (bnc#708296). - scsi_dh_alua: Fix missing close brace in alua_check_sense (bnc#843642). - scsi_dh_alua: Make stpg synchronous (bnc#708296). - scsi_dh_alua: Pass buffer as function argument (bnc#708296). - scsi_dh_alua: Re-evaluate port group states after STPG (bnc#708296). - scsi_dh_alua: Recheck state on transitioning (bnc#708296). - scsi_dh_alua: Rework rtpg workqueue (bnc#708296). - scsi_dh_alua: Use separate alua_port_group structure (bnc#708296). - scsi_dh_alua: Allow get_alua_data() to return NULL (bnc#839407). - scsi_dh_alua: asynchronous RTPG (bnc#708296). - scsi_dh_alua: correctly terminate target port strings (bnc#708296). - scsi_dh_alua: defer I/O while workqueue item is pending (bnc#708296). - scsi_dh_alua: Do not attach to RAID or enclosure devices (bnc#819979). - scsi_dh_alua: Do not attach to well-known LUNs (bnc#821980). - scsi_dh_alua: fine-grained locking in alua_rtpg_work() (bnc#708296). - scsi_dh_alua: invalid state information for 'optimized' paths (bnc#843445). - scsi_dh_alua: move RTPG to workqueue (bnc#708296). - scsi_dh_alua: move 'expiry' into PG structure (bnc#708296). - scsi_dh_alua: move some sense code handling into generic code (bnc#813245). - scsi_dh_alua: multipath failover fails with error 15 (bnc#825696). - scsi_dh_alua: parse target device id (bnc#708296). - scsi_dh_alua: protect accesses to struct alua_port_group (bnc#708296). - scsi_dh_alua: put sense buffer on stack (bnc#708296). - scsi_dh_alua: reattaching device handler fails with 'Error 15' (bnc#843429). - scsi_dh_alua: remove locking when checking state (bnc#708296). - scsi_dh_alua: remove stale variable (bnc#708296). - scsi_dh_alua: retry RTPG on UNIT ATTENTION (bnc#708296). - scsi_dh_alua: retry command on 'mode parameter changed' sense code (bnc#843645). - scsi_dh_alua: simplify alua_check_sense() (bnc#843642). - scsi_dh_alua: simplify state update (bnc#708296). - scsi_dh_alua: use delayed_work (bnc#708296). - scsi_dh_alua: use flag for RTPG extended header (bnc#708296). - scsi_dh_alua: use local buffer for VPD inquiry (bnc#708296). - scsi_dh_alua: use spin_lock_irqsave for port group (bnc#708296). - scsi_dh_alua: defer I/O while workqueue item is pending (bnc#708296). - scsi_dh_alua: Rework rtpg workqueue (bnc#708296). - scsi_dh_alua: use delayed_work (bnc#708296). - scsi_dh_alua: move 'expiry' into PG structure (bnc#708296). - scsi_dh: invoke callback if ->activate is not present (bnc#708296). - scsi_dh_alua: correctly terminate target port strings (bnc#708296). - scsi_dh_alua: retry RTPG on UNIT ATTENTION (bnc#708296). - scsi_dh_alua: protect accesses to struct alua_port_group (bnc#708296). - scsi_dh_alua: fine-grained locking in alua_rtpg_work() (bnc#708296). - scsi_dh_alua: use spin_lock_irqsave for port group (bnc#708296). - scsi_dh_alua: remove locking when checking state (bnc#708296). - scsi_dh_alua: remove stale variable (bnc#708296). - scsi_dh: return individual errors in scsi_dh_activate() (bnc#708296). scsi_dh_alua: fixup misplaced brace in alua_initialize() (bnc#858831). drm/i915: add I915_PARAM_HAS_VEBOX to i915_getparam (bnc#831103,FATE#316109). - drm/i915: add I915_EXEC_VEBOX to i915_gem_do_execbuffer() (bnc#831103,FATE#316109). - drm/i915: add VEBOX into debugfs (bnc#831103,FATE#316109). - drm/i915: Enable vebox interrupts (bnc#831103,FATE#316109). - drm/i915: vebox interrupt get/put (bnc#831103,FATE#316109). - drm/i915: consolidate interrupt naming scheme (bnc#831103,FATE#316109). - drm/i915: Convert irq_refounct to struct (bnc#831103,FATE#316109). - drm/i915: make PM interrupt writes non-destructive (bnc#831103,FATE#316109). - drm/i915: Add PM regs to pre/post install (bnc#831103,FATE#316109). - drm/i915: Create an ivybridge_irq_preinstall (bnc#831103,FATE#316109). - drm/i915: Create a more generic pm handler for hsw+ (bnc#831103,FATE#316109). - drm/i915: Vebox ringbuffer init (bnc#831103,FATE#316109). - drm/i915: add HAS_VEBOX (bnc#831103,FATE#316109). - drm/i915: Rename ring flush functions (bnc#831103,FATE#316109). - drm/i915: Add VECS semaphore bits (bnc#831103,FATE#316109). - drm/i915: Introduce VECS: the 4th ring (bnc#831103,FATE#316109). - drm/i915: Semaphore MBOX update generalization (bnc#831103,FATE#316109). - drm/i915: Comments for semaphore clarification (bnc#831103,FATE#316109). - drm/i915: fix gen4 digital port hotplug definitions (bnc#850103). - drm/mgag200: Bug fix: Modified pll algorithm for EH project (bnc#841654). drm: do not add inferred modes for monitors that do not support them (bnc #849809). s390/cio: dont abort verification after missing irq (bnc#837739,LTC#97047). - s390/cio: skip broken paths (bnc#837739,LTC#97047). - s390/cio: export vpm via sysfs (bnc#837739,LTC#97047). - s390/cio: handle unknown pgroup state (bnc#837739,LTC#97047). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://download.novell.com/patch/finder/?keywords=155ef3b4e3ba6228ccaef2cbc31bebd9 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?508af80c" ); # http://download.novell.com/patch/finder/?keywords=5bc4480468b77bc708f1a53315eda1a5 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?41c59b1d" ); # http://download.novell.com/patch/finder/?keywords=5bf653f731ed3521053f5341cf36caed script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?81371f29" ); # http://download.novell.com/patch/finder/?keywords=80a0fe93ee599f6907148b6d57bc4386 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f2c10cd3" ); # http://download.novell.com/patch/finder/?keywords=84ede2844b021edeba8226469dc99257 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4fd89842" ); # http://download.novell.com/patch/finder/?keywords=8fce986182f7f5e181facfac1db4aae3 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?90e9ccc2" ); # http://download.novell.com/patch/finder/?keywords=a863e6ada238d9cd2f9e9150d31fefff script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?09a3fa7e" ); # http://download.novell.com/patch/finder/?keywords=b711e9a5616f248e3074a4b6c9570dc5 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a374681" ); # http://download.novell.com/patch/finder/?keywords=d80e8135e5fe036068f832766fc4cfb9 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?fe789f30" ); # http://download.novell.com/patch/finder/?keywords=ff3893b2e58671834b0dfa8fb9b43401 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2c79cf66" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2146.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2930.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4345.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4483.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4511.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4514.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4515.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4587.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4592.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6367.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6368.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6376.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6378.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6380.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6383.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6463.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-7027.html" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/708296" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/733022" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/769035" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/769644" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/770541" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/787843" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/789359" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/793727" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/798050" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/805114" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/805740" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/806988" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/807434" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/810323" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/813245" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/818064" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/818545" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/819979" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/820102" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/820338" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/820434" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/821619" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/821980" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/823618" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/825006" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/825696" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/825896" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/826602" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/826756" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/826978" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/827527" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/827767" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/828236" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/831103" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/833097" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/834473" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/834708" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/834808" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/835074" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/835186" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/836718" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/837206" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/837739" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/838623" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/839407" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/839973" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/840116" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/840226" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/841445" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/841654" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/842239" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/843185" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/843419" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/843429" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/843445" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/843642" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/843645" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/843654" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/845352" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/845378" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/845621" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/845729" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/846036" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/846298" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/846654" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/846984" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/846989" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/847261" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/847660" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/847842" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/848055" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/848317" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/848321" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/848335" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/848336" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/848544" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/848652" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/848864" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/849021" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/849029" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/849034" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/849256" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/849362" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/849364" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/849404" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/849675" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/849809" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/849855" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/849950" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/850072" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/850103" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/850324" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/850493" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/850640" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/851066" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/851101" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/851290" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/851314" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/851603" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/851879" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/852153" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/852373" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/852558" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/852559" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/852624" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/852652" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/852761" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/853050" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/853051" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/853052" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/853053" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/853428" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/853465" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/854516" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/854546" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/854634" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/854722" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/856307" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/856481" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/858534" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/858831" ); # https://www.suse.com/support/update/announcement/2014/suse-su-20140189-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b0cc1610" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 11 SP3 for VMware : zypper in -t patch slessp3-kernel-8823 slessp3-kernel-8827 SUSE Linux Enterprise Server 11 SP3 : zypper in -t patch slessp3-kernel-8823 slessp3-kernel-8824 slessp3-kernel-8825 slessp3-kernel-8826 slessp3-kernel-8827 SUSE Linux Enterprise High Availability Extension 11 SP3 : zypper in -t patch slehasp3-kernel-8823 slehasp3-kernel-8824 slehasp3-kernel-8825 slehasp3-kernel-8826 slehasp3-kernel-8827 SUSE Linux Enterprise Desktop 11 SP3 : zypper in -t patch sledsp3-kernel-8823 sledsp3-kernel-8827 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-pae"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = eregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! ereg(pattern:"^(SLED11|SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED11 / SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! ereg(pattern:"^3$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3", os_ver + " SP" + sp); if (os_ver == "SLED11" && (! ereg(pattern:"^3$", string:sp))) audit(AUDIT_OS_NOT, "SLED11 SP3", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-ec2-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-ec2-base-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-ec2-devel-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-xen-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-xen-base-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"xen-kmp-default-4.2.3_08_3.0.101_0.15-0.7.22")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-pae-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-pae-base-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-pae-devel-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"xen-kmp-pae-4.2.3_08_3.0.101_0.15-0.7.22")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"s390x", reference:"kernel-default-man-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-default-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-default-base-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-default-devel-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-source-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-syms-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-trace-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-trace-base-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-trace-devel-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-ec2-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-ec2-base-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-ec2-devel-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-xen-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-xen-base-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"xen-kmp-default-4.2.3_08_3.0.101_0.15-0.7.22")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-pae-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-pae-base-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"xen-kmp-pae-4.2.3_08_3.0.101_0.15-0.7.22")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-default-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-default-base-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-default-devel-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-default-extra-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-source-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-syms-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-trace-devel-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-xen-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-xen-base-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-xen-extra-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"xen-kmp-default-4.2.3_08_3.0.101_0.15-0.7.22")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-pae-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-pae-base-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-pae-devel-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-pae-extra-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"xen-kmp-pae-4.2.3_08_3.0.101_0.15-0.7.22")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-default-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-default-base-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-default-devel-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-default-extra-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-source-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-syms-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-trace-devel-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-xen-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-xen-base-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-xen-extra-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"xen-kmp-default-4.2.3_08_3.0.101_0.15-0.7.22")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-pae-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-pae-base-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-pae-extra-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"xen-kmp-pae-4.2.3_08_3.0.101_0.15-0.7.22")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2066-1.NASL description A flaw was discovered in the Linux kernel last seen 2020-03-18 modified 2014-01-05 plugin id 71793 published 2014-01-05 reporter Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71793 title Ubuntu 12.04 LTS : linux vulnerabilities (USN-2066-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2066-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(71793); script_version("1.14"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-4299", "CVE-2013-4470", "CVE-2013-4511", "CVE-2013-4514", "CVE-2013-4515", "CVE-2013-4592", "CVE-2013-6378", "CVE-2013-6383", "CVE-2013-6763", "CVE-2013-7027"); script_bugtraq_id(63183, 63359, 63509, 63512, 63518, 63707, 63790, 63886, 63888, 64013); script_xref(name:"USN", value:"2066-1"); script_name(english:"Ubuntu 12.04 LTS : linux vulnerabilities (USN-2066-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. (CVE-2013-4299) Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2013-4470) Multiple integer overflow flaws were discovered in the Alchemy LCD frame- buffer drivers in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges. (CVE-2013-4511) Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's driver for Agere Systems HERMES II Wireless PC Cards. A local user with the CAP_NET_ADMIN capability could exploit this flaw to cause a denial of service or possibly gain administrative priviliges. (CVE-2013-4514) Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's driver for Beceem WIMAX chipset based devices. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-4515) A flaw in the handling of memory regions of the kernel virtual machine (KVM) subsystem was discovered. A local user with the ability to assign a device could exploit this flaw to cause a denial of service (memory consumption). (CVE-2013-4592) Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's debugfs filesystem. An administrative local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2013-6378) A flaw was discovered in the Linux kernel's compat ioctls for Adaptec AACRAID scsi raid devices. An unprivileged local user could send administrative commands to these devices potentially compromising the data stored on the device. (CVE-2013-6383) Nico Golde reported a flaw in the Linux kernel's userspace IO (uio) driver. A local user could exploit this flaw to cause a denial of service (memory corruption) or possibly gain privileges. (CVE-2013-6763) Evan Huus reported a buffer overflow in the Linux kernel's radiotap header parsing. A remote attacker could cause a denial of service (buffer over- read) via a specially crafted header. (CVE-2013-7027). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2066-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/24"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2013-4299", "CVE-2013-4470", "CVE-2013-4511", "CVE-2013-4514", "CVE-2013-4515", "CVE-2013-4592", "CVE-2013-6378", "CVE-2013-6383", "CVE-2013-6763", "CVE-2013-7027"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2066-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-58-generic", pkgver:"3.2.0-58.88")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-58-generic-pae", pkgver:"3.2.0-58.88")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-58-highbank", pkgver:"3.2.0-58.88")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-58-virtual", pkgver:"3.2.0-58.88")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.2-generic / linux-image-3.2-generic-pae / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_11_KERNEL-140116.NASL description The SUSE Linux Enterprise 11 Service Pack 2 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added : - supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed : - Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050). (CVE-2013-4587) - The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052). (CVE-2013-6368) - The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051). (CVE-2013-6367) - Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101). (CVE-2013-4592) - The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559). (CVE-2013-6378) - Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029). (CVE-2013-4514) - The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034). (CVE-2013-4515) - The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634). (CVE-2013-7027) - The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321). (CVE-2013-4483) - Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021). (CVE-2013-4511) - The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373). (CVE-2013-6380) - Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722). (CVE-2013-6463) - The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558). (CVE-2013-6383) - Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226). (CVE-2013-4345) Also the following non-security bugs have been fixed : - kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops. (bnc#823618) - printk: forcibly flush nmi ringbuffer if oops is in progress. (bnc#849675) - blktrace: Send BLK_TN_PROCESS events to all running traces. (bnc#838623) - x86/dumpstack: Fix printk_address for direct addresses. (bnc#845621) - futex: fix handling of read-only-mapped hugepages (VM Functionality). - random: fix accounting race condition with lockless irq entropy_count update. (bnc#789359) - Provide realtime priority kthread and workqueue boot options. (bnc#836718) - sched: Fix several races in CFS_BANDWIDTH. (bnc#848336) - sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining. (bnc#848336) - sched: Fix hrtimer_cancel()/rq->lock deadlock. (bnc#848336) - sched: Fix race on toggling cfs_bandwidth_used. (bnc#848336) - sched: Fix buglet in return_cfs_rq_runtime(). - sched: Guarantee new group-entities always have weight. (bnc#848336) - sched: Use jump labels to reduce overhead when bandwidth control is inactive. (bnc#848336) - watchdog: Get rid of MODULE_ALIAS_MISCDEV statements. (bnc#827767) - tcp: bind() fix autoselection to share ports. (bnc#823618) - tcp: bind() use stronger condition for bind_conflict. (bnc#823618) - tcp: ipv6: bind() use stronger condition for bind_conflict. (bnc#823618) - macvlan: disable LRO on lower device instead of macvlan. (bnc#846984) - macvlan: introduce IFF_MACVLAN flag and helper function. (bnc#846984) - macvlan: introduce macvlan_dev_real_dev() helper function. (bnc#846984) - xen: netback: bump tx queue length. (bnc#849404) - xen: xen_spin_kick fixed crash/lock release (bnc#807434)(bnc#848652). - xen: fixed USB passthrough issue. (bnc#852624) - netxen: fix off by one bug in netxen_release_tx_buffer(). (bnc#845729) - xfrm: invalidate dst on policy insertion/deletion. (bnc#842239) - xfrm: prevent ipcomp scratch buffer race condition. (bnc#842239) - crypto: Fix aes-xts parameter corruption (bnc#854546, LTC#100718). - crypto: gf128mul - fix call to memset() (obvious fix). - autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race. (bnc#851314) - autofs4: catatonic_mode vs. notify_daemon race. (bnc#851314) - autofs4: close the races around autofs4_notify_daemon(). (bnc#851314) - autofs4: deal with autofs4_write/autofs4_write races. (bnc#851314) - autofs4 - dont clear DCACHE_NEED_AUTOMOUNT on rootless mount. (bnc#851314) - autofs4 - fix deal with autofs4_write races. (bnc#851314) - autofs4 - use simple_empty() for empty directory check. (bnc#851314) - blkdev_max_block: make private to fs/buffer.c. (bnc#820338) - Avoid softlockup in shrink_dcache_for_umount_subtree. (bnc#834473) - dlm: set zero linger time on sctp socket. (bnc#787843) - SUNRPC: Fix a data corruption issue when retransmitting RPC calls. (bnc#855037) - nfs: Change NFSv4 to not recover locks after they are lost. (bnc#828236) - nfs: Adapt readdirplus to application usage patterns. (bnc#834708) - xfs: Account log unmount transaction correctly. (bnc#849950) - xfs: improve ioend error handling. (bnc#846036) - xfs: reduce ioend latency. (bnc#846036) - xfs: use per-filesystem I/O completion workqueues. (bnc#846036) - xfs: Hide additional entries in struct xfs_mount. (bnc#846036 / bnc#848544) - vfs: avoid last seen 2020-06-05 modified 2014-01-28 plugin id 72163 published 2014-01-28 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72163 title SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 8779 / 8791 / 8792) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(72163); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-4345", "CVE-2013-4483", "CVE-2013-4511", "CVE-2013-4514", "CVE-2013-4515", "CVE-2013-4587", "CVE-2013-4592", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6378", "CVE-2013-6380", "CVE-2013-6383", "CVE-2013-7027", "CVE-2013-7266", "CVE-2013-7267", "CVE-2013-7268", "CVE-2013-7269", "CVE-2013-7270", "CVE-2013-7271"); script_name(english:"SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 8779 / 8791 / 8792)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The SUSE Linux Enterprise 11 Service Pack 2 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added : - supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed : - Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050). (CVE-2013-4587) - The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052). (CVE-2013-6368) - The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051). (CVE-2013-6367) - Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101). (CVE-2013-4592) - The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559). (CVE-2013-6378) - Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029). (CVE-2013-4514) - The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034). (CVE-2013-4515) - The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634). (CVE-2013-7027) - The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321). (CVE-2013-4483) - Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021). (CVE-2013-4511) - The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373). (CVE-2013-6380) - Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722). (CVE-2013-6463) - The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558). (CVE-2013-6383) - Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226). (CVE-2013-4345) Also the following non-security bugs have been fixed : - kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops. (bnc#823618) - printk: forcibly flush nmi ringbuffer if oops is in progress. (bnc#849675) - blktrace: Send BLK_TN_PROCESS events to all running traces. (bnc#838623) - x86/dumpstack: Fix printk_address for direct addresses. (bnc#845621) - futex: fix handling of read-only-mapped hugepages (VM Functionality). - random: fix accounting race condition with lockless irq entropy_count update. (bnc#789359) - Provide realtime priority kthread and workqueue boot options. (bnc#836718) - sched: Fix several races in CFS_BANDWIDTH. (bnc#848336) - sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining. (bnc#848336) - sched: Fix hrtimer_cancel()/rq->lock deadlock. (bnc#848336) - sched: Fix race on toggling cfs_bandwidth_used. (bnc#848336) - sched: Fix buglet in return_cfs_rq_runtime(). - sched: Guarantee new group-entities always have weight. (bnc#848336) - sched: Use jump labels to reduce overhead when bandwidth control is inactive. (bnc#848336) - watchdog: Get rid of MODULE_ALIAS_MISCDEV statements. (bnc#827767) - tcp: bind() fix autoselection to share ports. (bnc#823618) - tcp: bind() use stronger condition for bind_conflict. (bnc#823618) - tcp: ipv6: bind() use stronger condition for bind_conflict. (bnc#823618) - macvlan: disable LRO on lower device instead of macvlan. (bnc#846984) - macvlan: introduce IFF_MACVLAN flag and helper function. (bnc#846984) - macvlan: introduce macvlan_dev_real_dev() helper function. (bnc#846984) - xen: netback: bump tx queue length. (bnc#849404) - xen: xen_spin_kick fixed crash/lock release (bnc#807434)(bnc#848652). - xen: fixed USB passthrough issue. (bnc#852624) - netxen: fix off by one bug in netxen_release_tx_buffer(). (bnc#845729) - xfrm: invalidate dst on policy insertion/deletion. (bnc#842239) - xfrm: prevent ipcomp scratch buffer race condition. (bnc#842239) - crypto: Fix aes-xts parameter corruption (bnc#854546, LTC#100718). - crypto: gf128mul - fix call to memset() (obvious fix). - autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race. (bnc#851314) - autofs4: catatonic_mode vs. notify_daemon race. (bnc#851314) - autofs4: close the races around autofs4_notify_daemon(). (bnc#851314) - autofs4: deal with autofs4_write/autofs4_write races. (bnc#851314) - autofs4 - dont clear DCACHE_NEED_AUTOMOUNT on rootless mount. (bnc#851314) - autofs4 - fix deal with autofs4_write races. (bnc#851314) - autofs4 - use simple_empty() for empty directory check. (bnc#851314) - blkdev_max_block: make private to fs/buffer.c. (bnc#820338) - Avoid softlockup in shrink_dcache_for_umount_subtree. (bnc#834473) - dlm: set zero linger time on sctp socket. (bnc#787843) - SUNRPC: Fix a data corruption issue when retransmitting RPC calls. (bnc#855037) - nfs: Change NFSv4 to not recover locks after they are lost. (bnc#828236) - nfs: Adapt readdirplus to application usage patterns. (bnc#834708) - xfs: Account log unmount transaction correctly. (bnc#849950) - xfs: improve ioend error handling. (bnc#846036) - xfs: reduce ioend latency. (bnc#846036) - xfs: use per-filesystem I/O completion workqueues. (bnc#846036) - xfs: Hide additional entries in struct xfs_mount. (bnc#846036 / bnc#848544) - vfs: avoid 'attempt to access beyond end of device' warnings. (bnc#820338) - vfs: fix O_DIRECT read past end of block device. (bnc#820338) - cifs: Improve performance of browsing directories with several files. (bnc#810323) - cifs: Ensure cifs directories do not show up as files. (bnc#826602) - sd: avoid deadlocks when running under multipath. (bnc#818545) - sd: fix crash when UA received on DIF enabled device. (bnc#841445) - sg: fix blk_get_queue usage. (bnc#834808) - block: factor out vector mergeable decision to a helper function. (bnc#769644) - block: modify __bio_add_page check to accept pages that do not start a new segment. (bnc#769644) - dm-multipath: abort all requests when failing a path. (bnc#798050) - scsi: Add 'eh_deadline' to limit SCSI EH runtime. (bnc#798050) - scsi: Allow error handling timeout to be specified. (bnc#798050) - scsi: Fixup compilation warning. (bnc#798050) - scsi: Retry failfast commands after EH. (bnc#798050) - scsi: Warn on invalid command completion. (bnc#798050) - scsi: kABI fixes. (bnc#798050) - scsi: remove check for 'resetting'. (bnc#798050) - advansys: Remove 'last_reset' references. (bnc#798050) - cleanup setting task state in scsi_error_handler(). (bnc#798050) - dc395: Move 'last_reset' into internal host structure. (bnc#798050) - dpt_i2o: Remove DPTI_STATE_IOCTL. (bnc#798050) - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset. (bnc#798050) - tmscsim: Move 'last_reset' into host structure. (bnc#798050) - scsi_dh: invoke callback if ->activate is not present. (bnc#708296) - scsi_dh: return individual errors in scsi_dh_activate(). (bnc#708296) - scsi_dh_alua: Decode EMC Clariion extended inquiry. (bnc#708296) - scsi_dh_alua: Decode HP EVA array identifier. (bnc#708296) - scsi_dh_alua: Evaluate state for all port groups. (bnc#708296) - scsi_dh_alua: Fix missing close brace in alua_check_sense. (bnc#843642) - scsi_dh_alua: Make stpg synchronous. (bnc#708296) - scsi_dh_alua: Pass buffer as function argument. (bnc#708296) - scsi_dh_alua: Re-evaluate port group states after STPG. (bnc#708296) - scsi_dh_alua: Recheck state on transitioning. (bnc#708296) - scsi_dh_alua: Rework rtpg workqueue. (bnc#708296) - scsi_dh_alua: Use separate alua_port_group structure. (bnc#708296) - scsi_dh_alua: Allow get_alua_data() to return NULL. (bnc#839407) - scsi_dh_alua: asynchronous RTPG. (bnc#708296) - scsi_dh_alua: correctly terminate target port strings. (bnc#708296) - scsi_dh_alua: defer I/O while workqueue item is pending. (bnc#708296) - scsi_dh_alua: Do not attach to RAID or enclosure devices. (bnc#819979) - scsi_dh_alua: Do not attach to well-known LUNs. (bnc#821980) - scsi_dh_alua: fine-grained locking in alua_rtpg_work(). (bnc#708296) - scsi_dh_alua: invalid state information for 'optimized' paths. (bnc#843445) - scsi_dh_alua: move RTPG to workqueue. (bnc#708296) - scsi_dh_alua: move 'expiry' into PG structure. (bnc#708296) - scsi_dh_alua: move some sense code handling into generic code. (bnc#813245) - scsi_dh_alua: multipath failover fails with error 15. (bnc#825696) - scsi_dh_alua: parse target device id. (bnc#708296) - scsi_dh_alua: protect accesses to struct alua_port_group. (bnc#708296) - scsi_dh_alua: put sense buffer on stack. (bnc#708296) - scsi_dh_alua: reattaching device handler fails with 'Error 15'. (bnc#843429) - scsi_dh_alua: remove locking when checking state. (bnc#708296) - scsi_dh_alua: remove stale variable. (bnc#708296) - scsi_dh_alua: retry RTPG on UNIT ATTENTION. (bnc#708296) - scsi_dh_alua: retry command on 'mode parameter changed' sense code. (bnc#843645) - scsi_dh_alua: simplify alua_check_sense(). (bnc#843642) - scsi_dh_alua: simplify state update. (bnc#708296) - scsi_dh_alua: use delayed_work. (bnc#708296) - scsi_dh_alua: use flag for RTPG extended header. (bnc#708296) - scsi_dh_alua: use local buffer for VPD inquiry. (bnc#708296) - scsi_dh_alua: use spin_lock_irqsave for port group. (bnc#708296) - lpfc: Do not free original IOCB whenever ABTS fails. (bnc#806988) - lpfc: Fix kernel warning on spinlock usage. (bnc#806988) - lpfc: Fixed system panic due to midlayer abort. (bnc#806988) - qla2xxx: Add module parameter to override the default request queue size. (bnc#826756) - qla2xxx: Module parameter 'ql2xasynclogin'. (bnc#825896) - bna: do not register ndo_set_rx_mode callback. (bnc#847261) - hv: handle more than just WS2008 in KVP negotiation. (bnc#850640) - drm: do not add inferred modes for monitors that do not support them. (bnc#849809) - pci/quirks: Modify reset method for Chelsio T4. (bnc#831168) - pci: fix truncation of resource size to 32 bits. (bnc#843419) - pci: pciehp: Retrieve link speed after link is trained. (bnc#820102) - pci: Separate pci_bus_read_dev_vendor_id from pci_scan_device. (bnc#820102) - pci: pciehp: replace unconditional sleep with config space access check. (bnc#820102) - pci: pciehp: make check_link_active more helpful. (bnc#820102) - pci: pciehp: Add pcie_wait_link_not_active(). (bnc#820102) - pci: pciehp: Add Disable/enable link functions. (bnc#820102) - pci: pciehp: Disable/enable link during slot power off/on. (bnc#820102) - mlx4: allocate just enough pages instead of always 4 pages. (bnc#835186 / bnc#835074) - mlx4: allow order-0 memory allocations in RX path. (bnc#835186 / bnc#835074) - net/mlx4: use one page fragment per incoming frame. (bnc#835186 / bnc#835074) - qeth: request length checking in snmp ioctl (bnc#849848, LTC#99511). - cio: add message for timeouts on internal I/O (bnc#837739,LTC#97047). - s390/cio: dont abort verification after missing irq (bnc#837739,LTC#97047). - s390/cio: skip broken paths (bnc#837739,LTC#97047). - s390/cio: export vpm via sysfs (bnc#837739,LTC#97047). - s390/cio: handle unknown pgroup state (bnc#837739,LTC#97047)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=708296" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=769644" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=787843" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=789359" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=798050" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=806988" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=807434" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=810323" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=813245" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=818545" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=819979" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=820102" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=820338" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=821980" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=823618" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=825696" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=825896" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=826602" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=826756" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=827767" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=828236" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=831168" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=834473" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=834708" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=834808" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=835074" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=835186" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=836718" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=837739" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=838623" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=839407" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=840226" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=841445" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=842239" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=843419" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=843429" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=843445" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=843642" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=843645" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=845621" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=845729" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=846036" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=846984" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=847261" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=848321" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=848336" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=848544" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=848652" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849021" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849029" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849034" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849404" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849675" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849809" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849848" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849950" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=850640" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=851066" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=851101" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=851314" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=852373" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=852558" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=852559" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=852624" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=853050" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=853051" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=853052" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=854546" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=854634" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=854722" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=855037" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4345.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4483.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4511.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4514.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4515.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4587.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4592.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6367.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6368.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6378.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6380.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6383.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6463.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-7027.html" ); script_set_attribute( attribute:"solution", value:"Apply SAT patch number 8779 / 8791 / 8792 as appropriate." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-man"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-syms"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-trace"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2"); flag = 0; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-base-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-devel-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-extra-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-base-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-extra-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-source-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-syms-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-base-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-devel-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-extra-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-base-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-extra-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-kmp-default-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-kmp-pae-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-kmp-trace-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-base-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-devel-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-extra-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-source-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-syms-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-base-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-devel-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-extra-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-base-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-extra-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-kmp-default-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-kmp-trace-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"kernel-default-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"kernel-default-base-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"kernel-default-devel-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"kernel-source-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"kernel-syms-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"kernel-trace-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"kernel-trace-base-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"kernel-trace-devel-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-ec2-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-ec2-base-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-ec2-devel-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-pae-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-pae-base-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-xen-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-xen-base-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-kmp-default-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-kmp-pae-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-kmp-trace-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"kernel-default-man-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-base-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-devel-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-base-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-0.7.15.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-kmp-default-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-kmp-trace-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_11_KERNEL-140124.NASL description The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added : - supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed : - Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050). (CVE-2013-4587) - Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101). (CVE-2013-4592) - The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051). (CVE-2013-6367) - The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052). (CVE-2013-6368) - The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode. (bnc#853053). (CVE-2013-6376) - The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321). (CVE-2013-4483) - Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021). (CVE-2013-4511) - Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029). (CVE-2013-4514) - The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034). (CVE-2013-4515) - The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559). (CVE-2013-6378) - The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373). (CVE-2013-6380) - The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634). (CVE-2013-7027) - Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722). (CVE-2013-6463) - The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558). (CVE-2013-6383) - Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226). (CVE-2013-4345) - arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. (bnc#825006). (CVE-2013-2146) - The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. (bnc#849362). (CVE-2013-2930) Also the following non-security bugs have been fixed : - kernel: correct tlb flush on page table upgrade (bnc#847660, LTC#99268). - kernel: fix floating-point-control register save and restore (bnc#847660, LTC#99000). - kernel: correct handling of asce-type exceptions (bnc#851879, LTC#100293). - watchdog: Get rid of MODULE_ALIAS_MISCDEV statements. (bnc#827767) - random: fix accounting race condition with lockless irq entropy_count update. (bnc#789359) - blktrace: Send BLK_TN_PROCESS events to all running traces. (bnc#838623) - printk: forcibly flush nmi ringbuffer if oops is in progress. (bnc#849675) - Introduce KABI exception for cpuidle_state->disable via #ifndef __GENKSYMS__ - Honor state disabling in the cpuidle ladder governor. (bnc#845378) - cpuidle: add a sysfs entry to disable specific C state for debug purpose. (bnc#845378) - net: Do not enable tx-nocache-copy by default. (bnc#845378) - mm: reschedule to avoid RCU stall triggering during boot of large machines. (bnc#820434,bnc#852153) - rtc-cmos: Add an alarm disable quirk. (bnc#805740) - tty/hvc_iucv: Disconnect IUCV connection when lowering DTR (bnc#839973, LTC#97595). - tty/hvc_console: Add DTR/RTS callback to handle HUPCL control (bnc#839973, LTC#97595). - sched: Avoid throttle_cfs_rq() racing with period_timer stopping. (bnc#848336) - sched/balancing: Periodically decay max cost of idle balance. (bnc#849256) - sched: Consider max cost of idle balance per sched domain. (bnc#849256) - sched: Reduce overestimating rq->avg_idle. (bnc#849256) - sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining. (bnc#848336) - sched: Fix hrtimer_cancel()/rq->lock deadlock. (bnc#848336) - sched: Fix race on toggling cfs_bandwidth_used. (bnc#848336) - sched: Guarantee new group-entities always have weight. (bnc#848336) - sched: Use jump labels to reduce overhead when bandwidth control is inactive. (bnc#848336) - sched: Fix several races in CFS_BANDWIDTH. (bnc#848336) - futex: fix handling of read-only-mapped hugepages (VM Functionality). - futex: move user address verification up to common code. (bnc#851603) - futexes: Clean up various details. (bnc#851603) - futexes: Increase hash table size for better performance. (bnc#851603) - futexes: Document multiprocessor ordering guarantees. (bnc#851603) - futexes: Avoid taking the hb->lock if there is nothing to wake up. (bnc#851603) - futexes: Fix futex_hashsize initialization. (bnc#851603) - mutex: Make more scalable by doing fewer atomic operations. (bnc#849256) - powerpc: Fix memory hotplug with sparse vmemmap. (bnc#827527) - powerpc: Add System RAM to /proc/iomem. (bnc#827527) - powerpc/mm: Mark Memory Resources as busy. (bnc#827527) - powerpc: Fix fatal SLB miss when restoring PPR. (bnc#853465) - powerpc: Make function that parses RTAS error logs global. (bnc#852761) - powerpc/pseries: Parse and handle EPOW interrupts. (bnc#852761) - powerpc/rtas_flash: Fix validate_flash buffer overflow issue. (bnc#847842) - powerpc/rtas_flash: Fix bad memory access. (bnc#847842) - x86: Update UV3 hub revision ID (bnc#846298 fate#314987). - x86: Remove some noise from boot log when starting cpus. (bnc#770541) - x86/microcode/amd: Tone down printk(), do not treat a missing firmware file as an error. (bnc#843654) - x86/dumpstack: Fix printk_address for direct addresses. (bnc#845621) - x86/PCI: reduce severity of host bridge window conflict warnings. (bnc#858534) - ipv6: fix race condition regarding dst->expires and dst->from. (bnc#843185) - netback: bump tx queue length. (bnc#849404) - xfrm: invalidate dst on policy insertion/deletion. (bnc#842239) - xfrm: prevent ipcomp scratch buffer race condition. (bnc#842239) - tcp: bind() fix autoselection to share ports. (bnc#823618) - tcp: bind() use stronger condition for bind_conflict. (bnc#823618) - tcp: ipv6: bind() use stronger condition for bind_conflict. (bnc#823618) - kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops. (bnc#823618) - macvlan: introduce IFF_MACVLAN flag and helper function. (bnc#846984) - macvlan: introduce macvlan_dev_real_dev() helper function. (bnc#846984) - macvlan: disable LRO on lower device instead of macvlan. (bnc#846984) - fs: Avoid softlockup in shrink_dcache_for_umount_subtree. (bnc#834473) - blkdev_max_block: make private to fs/buffer.c. (bnc#820338) - storage: SMI Corporation usb key added to READ_CAPACITY_10 quirk. (bnc#850324) - autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race. (bnc#851314) - autofs4: catatonic_mode vs. notify_daemon race. (bnc#851314) - autofs4: close the races around autofs4_notify_daemon(). (bnc#851314) - autofs4: deal with autofs4_write/autofs4_write races. (bnc#851314) - autofs4: dont clear DCACHE_NEED_AUTOMOUNT on rootless mount. (bnc#851314) - autofs4: fix deal with autofs4_write races. (bnc#851314) - autofs4: use simple_empty() for empty directory check. (bnc#851314) - dlm: set zero linger time on sctp socket. (bnc#787843) - SUNRPC: Fix a data corruption issue when retransmitting RPC calls (no bugzilla yet - netapp confirms problem and fix). - nfs: Change NFSv4 to not recover locks after they are lost. (bnc#828236) - nfs: Adapt readdirplus to application usage patterns. (bnc#834708) - xfs: Account log unmount transaction correctly. (bnc#849950) - xfs: improve ioend error handling. (bnc#846036) - xfs: reduce ioend latency. (bnc#846036) - xfs: use per-filesystem I/O completion workqueues. (bnc#846036) - xfs: Hide additional entries in struct xfs_mount. (bnc#846036 / bnc#848544) - Btrfs: do not BUG_ON() if we get an error walking backrefs (FATE#312888). - vfs: avoid last seen 2020-06-05 modified 2014-02-05 plugin id 72324 published 2014-02-05 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72324 title SuSE 11.3 Security Update : Linux kernel (SAT Patch Number 8826) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(72324); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-2146", "CVE-2013-2930", "CVE-2013-4345", "CVE-2013-4483", "CVE-2013-4511", "CVE-2013-4514", "CVE-2013-4515", "CVE-2013-4587", "CVE-2013-4592", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6378", "CVE-2013-6380", "CVE-2013-6383", "CVE-2013-7027", "CVE-2013-7266", "CVE-2013-7267", "CVE-2013-7268", "CVE-2013-7269", "CVE-2013-7270", "CVE-2013-7271"); script_name(english:"SuSE 11.3 Security Update : Linux kernel (SAT Patch Number 8826)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added : - supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed : - Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050). (CVE-2013-4587) - Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101). (CVE-2013-4592) - The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051). (CVE-2013-6367) - The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052). (CVE-2013-6368) - The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode. (bnc#853053). (CVE-2013-6376) - The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321). (CVE-2013-4483) - Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021). (CVE-2013-4511) - Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029). (CVE-2013-4514) - The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034). (CVE-2013-4515) - The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559). (CVE-2013-6378) - The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373). (CVE-2013-6380) - The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634). (CVE-2013-7027) - Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722). (CVE-2013-6463) - The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558). (CVE-2013-6383) - Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226). (CVE-2013-4345) - arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. (bnc#825006). (CVE-2013-2146) - The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. (bnc#849362). (CVE-2013-2930) Also the following non-security bugs have been fixed : - kernel: correct tlb flush on page table upgrade (bnc#847660, LTC#99268). - kernel: fix floating-point-control register save and restore (bnc#847660, LTC#99000). - kernel: correct handling of asce-type exceptions (bnc#851879, LTC#100293). - watchdog: Get rid of MODULE_ALIAS_MISCDEV statements. (bnc#827767) - random: fix accounting race condition with lockless irq entropy_count update. (bnc#789359) - blktrace: Send BLK_TN_PROCESS events to all running traces. (bnc#838623) - printk: forcibly flush nmi ringbuffer if oops is in progress. (bnc#849675) - Introduce KABI exception for cpuidle_state->disable via #ifndef __GENKSYMS__ - Honor state disabling in the cpuidle ladder governor. (bnc#845378) - cpuidle: add a sysfs entry to disable specific C state for debug purpose. (bnc#845378) - net: Do not enable tx-nocache-copy by default. (bnc#845378) - mm: reschedule to avoid RCU stall triggering during boot of large machines. (bnc#820434,bnc#852153) - rtc-cmos: Add an alarm disable quirk. (bnc#805740) - tty/hvc_iucv: Disconnect IUCV connection when lowering DTR (bnc#839973, LTC#97595). - tty/hvc_console: Add DTR/RTS callback to handle HUPCL control (bnc#839973, LTC#97595). - sched: Avoid throttle_cfs_rq() racing with period_timer stopping. (bnc#848336) - sched/balancing: Periodically decay max cost of idle balance. (bnc#849256) - sched: Consider max cost of idle balance per sched domain. (bnc#849256) - sched: Reduce overestimating rq->avg_idle. (bnc#849256) - sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining. (bnc#848336) - sched: Fix hrtimer_cancel()/rq->lock deadlock. (bnc#848336) - sched: Fix race on toggling cfs_bandwidth_used. (bnc#848336) - sched: Guarantee new group-entities always have weight. (bnc#848336) - sched: Use jump labels to reduce overhead when bandwidth control is inactive. (bnc#848336) - sched: Fix several races in CFS_BANDWIDTH. (bnc#848336) - futex: fix handling of read-only-mapped hugepages (VM Functionality). - futex: move user address verification up to common code. (bnc#851603) - futexes: Clean up various details. (bnc#851603) - futexes: Increase hash table size for better performance. (bnc#851603) - futexes: Document multiprocessor ordering guarantees. (bnc#851603) - futexes: Avoid taking the hb->lock if there is nothing to wake up. (bnc#851603) - futexes: Fix futex_hashsize initialization. (bnc#851603) - mutex: Make more scalable by doing fewer atomic operations. (bnc#849256) - powerpc: Fix memory hotplug with sparse vmemmap. (bnc#827527) - powerpc: Add System RAM to /proc/iomem. (bnc#827527) - powerpc/mm: Mark Memory Resources as busy. (bnc#827527) - powerpc: Fix fatal SLB miss when restoring PPR. (bnc#853465) - powerpc: Make function that parses RTAS error logs global. (bnc#852761) - powerpc/pseries: Parse and handle EPOW interrupts. (bnc#852761) - powerpc/rtas_flash: Fix validate_flash buffer overflow issue. (bnc#847842) - powerpc/rtas_flash: Fix bad memory access. (bnc#847842) - x86: Update UV3 hub revision ID (bnc#846298 fate#314987). - x86: Remove some noise from boot log when starting cpus. (bnc#770541) - x86/microcode/amd: Tone down printk(), do not treat a missing firmware file as an error. (bnc#843654) - x86/dumpstack: Fix printk_address for direct addresses. (bnc#845621) - x86/PCI: reduce severity of host bridge window conflict warnings. (bnc#858534) - ipv6: fix race condition regarding dst->expires and dst->from. (bnc#843185) - netback: bump tx queue length. (bnc#849404) - xfrm: invalidate dst on policy insertion/deletion. (bnc#842239) - xfrm: prevent ipcomp scratch buffer race condition. (bnc#842239) - tcp: bind() fix autoselection to share ports. (bnc#823618) - tcp: bind() use stronger condition for bind_conflict. (bnc#823618) - tcp: ipv6: bind() use stronger condition for bind_conflict. (bnc#823618) - kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops. (bnc#823618) - macvlan: introduce IFF_MACVLAN flag and helper function. (bnc#846984) - macvlan: introduce macvlan_dev_real_dev() helper function. (bnc#846984) - macvlan: disable LRO on lower device instead of macvlan. (bnc#846984) - fs: Avoid softlockup in shrink_dcache_for_umount_subtree. (bnc#834473) - blkdev_max_block: make private to fs/buffer.c. (bnc#820338) - storage: SMI Corporation usb key added to READ_CAPACITY_10 quirk. (bnc#850324) - autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race. (bnc#851314) - autofs4: catatonic_mode vs. notify_daemon race. (bnc#851314) - autofs4: close the races around autofs4_notify_daemon(). (bnc#851314) - autofs4: deal with autofs4_write/autofs4_write races. (bnc#851314) - autofs4: dont clear DCACHE_NEED_AUTOMOUNT on rootless mount. (bnc#851314) - autofs4: fix deal with autofs4_write races. (bnc#851314) - autofs4: use simple_empty() for empty directory check. (bnc#851314) - dlm: set zero linger time on sctp socket. (bnc#787843) - SUNRPC: Fix a data corruption issue when retransmitting RPC calls (no bugzilla yet - netapp confirms problem and fix). - nfs: Change NFSv4 to not recover locks after they are lost. (bnc#828236) - nfs: Adapt readdirplus to application usage patterns. (bnc#834708) - xfs: Account log unmount transaction correctly. (bnc#849950) - xfs: improve ioend error handling. (bnc#846036) - xfs: reduce ioend latency. (bnc#846036) - xfs: use per-filesystem I/O completion workqueues. (bnc#846036) - xfs: Hide additional entries in struct xfs_mount. (bnc#846036 / bnc#848544) - Btrfs: do not BUG_ON() if we get an error walking backrefs (FATE#312888). - vfs: avoid 'attempt to access beyond end of device' warnings. (bnc#820338) - vfs: fix O_DIRECT read past end of block device. (bnc#820338) - cifs: Improve performance of browsing directories with several files. (bnc#810323) - cifs: Ensure cifs directories do not show up as files. (bnc#826602) - dm-multipath: abort all requests when failing a path. (bnc#798050) - scsi: Add 'eh_deadline' to limit SCSI EH runtime. (bnc#798050) - scsi: Allow error handling timeout to be specified. (bnc#798050) - scsi: Fixup compilation warning. (bnc#798050) - scsi: Retry failfast commands after EH. (bnc#798050) - scsi: Warn on invalid command completion. (bnc#798050) - advansys: Remove 'last_reset' references. (bnc#798050) - cleanup setting task state in scsi_error_handler(). (bnc#798050) - dc395: Move 'last_reset' into internal host structure. (bnc#798050) - dpt_i2o: Remove DPTI_STATE_IOCTL. (bnc#798050) - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset. (bnc#798050) - scsi: kABI fixes. (bnc#798050) - scsi: remove check for 'resetting'. (bnc#798050) - tmscsim: Move 'last_reset' into host structure. (bnc#798050) - SCSI & usb-storage: add try_rc_10_first flag. (bnc#853428) - iscsi_target: race condition on shutdown. (bnc#850072) - libfcoe: Make fcoe_sysfs optional / fix fnic NULL exception. (bnc#837206) - lpfc 8.3.42: Fixed issue of task management commands having a fixed timeout. (bnc#856481) - advansys: Remove 'last_reset' references. (bnc#856481) - dc395: Move 'last_reset' into internal host structure. (bnc#856481) - Add 'eh_deadline' to limit SCSI EH runtime. (bnc#856481) - remove check for 'resetting'. (bnc#856481) - tmscsim: Move 'last_reset' into host structure. (bnc#856481) - scsi_dh_rdac: Add new IBM 1813 product id to rdac devlist. (bnc#846654) - md: Change handling of save_raid_disk and metadata update during recovery. (bnc#849364) - dpt_i2o: Remove DPTI_STATE_IOCTL. (bnc#856481) - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset. (bnc#856481) - crypto: unload of aes_s390 module causes kernel panic (bnc#847660, LTC#98706). - crypto: Fix aes-xts parameter corruption (bnc#854546, LTC#100718). - crypto: gf128mul - fix call to memset() (obvious fix). - X.509: Fix certificate gathering. (bnc#805114) - pcifront: Deal with toolstack missing 'XenbusStateClosing' state. - xencons: generalize use of add_preferred_console(). (bnc#733022, bnc#852652) - netxen: fix off by one bug in netxen_release_tx_buffer(). (bnc#845729) - xen: xen_spin_kick fixed crash/lock release (bnc#807434)(bnc#848652). - xen: fixed USB passthrough issue. (bnc#852624) - igb: Fix get_fw_version function for all parts. (bnc#848317) - igb: Refactor of init_nvm_params. (bnc#848317) - r8169: check ALDPS bit and disable it if enabled for the 8168g. (bnc#845352) - qeth: request length checking in snmp ioctl (bnc#847660, LTC#99511). - bnx2x: remove false warning regarding interrupt number. (bnc#769035) - usb: Fix xHCI host issues on remote wakeup. (bnc#846989) - xhci: Limit the spurious wakeup fix only to HP machines. (bnc#833097) - Intel xhci: refactor EHCI/xHCI port switching. (bnc#840116) - xhci-hub.c: preserved kABI. (bnc#840116) - xhci: Refactor port status into a new function. (bnc#840116) - HID: multitouch: Add support for NextWindow 0340 touchscreen. (bnc#849855) - HID: multitouch: Add support for Qaunta 3027 touchscreen. (bnc#854516) - HID: multitouch: add support for Atmel 212c touchscreen. (bnc#793727) - HID: multitouch: partial support of win8 devices. (bnc#854516,bnc#793727,bnc#849855) - HID: hid-multitouch: add support for the IDEACOM 6650 chip. (bnc#854516,bnc#793727,bnc#849855) - ALSA: hda - Fix inconsistent mic-mute LED. (bnc#848864) - ALSA: hda - load EQ params into IDT codec on HP bNB13 systems. (bnc#850493) - lpfc: correct some issues with txcomplq processing. (bnc#818064) - lpfc: correct an issue with rrq processing. (bnc#818064) - block: factor out vector mergeable decision to a helper function. (bnc#769644) - block: modify __bio_add_page check to accept pages that do not start a new segment. (bnc#769644) - sd: avoid deadlocks when running under multipath. (bnc#818545) - sd: fix crash when UA received on DIF enabled device. (bnc#841445) - sg: fix blk_get_queue usage. (bnc#834808) - lpfc: Do not free original IOCB whenever ABTS fails. (bnc#806988) - lpfc: Fix kernel warning on spinlock usage. (bnc#806988) - lpfc: Fixed system panic due to midlayer abort. (bnc#806988) - qla2xxx: Add module parameter to override the default request queue size. (bnc#826756) - qla2xxx: Module parameter 'ql2xasynclogin'. (bnc#825896) - Pragmatic workaround for realtime class abuse induced latency issues. - Provide realtime priority kthread and workqueue boot options. (bnc#836718) - mlx4: allocate just enough pages instead of always 4 pages. (bnc#835186 / bnc#835074) - mlx4: allow order-0 memory allocations in RX path. (bnc#835186 / bnc#835074) - net/mlx4: use one page fragment per incoming frame. (bnc#835186 / bnc#835074) - bna: do not register ndo_set_rx_mode callback. (bnc#847261) - PCI: pciehp: Retrieve link speed after link is trained. (bnc#820102) - PCI: Separate pci_bus_read_dev_vendor_id from pci_scan_device. (bnc#820102) - PCI: pciehp: replace unconditional sleep with config space access check. (bnc#820102) - PCI: pciehp: make check_link_active more helpful. (bnc#820102) - PCI: pciehp: Add pcie_wait_link_not_active(). (bnc#820102) - PCI: pciehp: Add Disable/enable link functions. (bnc#820102) - PCI: pciehp: Disable/enable link during slot power off/on. (bnc#820102) - PCI: fix truncation of resource size to 32 bits. (bnc#843419) - hv: handle more than just WS2008 in KVP negotiation. (bnc#850640) - mei: ME hardware reset needs to be synchronized. (bnc#821619) - kabi: Restore struct irq_desc::timer_rand_state. - fs3270: unloading module does not remove device (bnc#851879, LTC#100284). - cio: add message for timeouts on internal I/O (bnc#837739,LTC#97047). - isci: Fix a race condition in the SSP task management path. (bnc#826978) - ptp: dynamic allocation of PHC char devices. (bnc#851290) - efifb: prevent null-deref when iterating dmi_list. (bnc#848055) - dm-mpath: Fixup race condition in activate_path(). (bnc#708296) - dm-mpath: do not detach stale hardware handler. (bnc#708296) - dm-multipath: Improve logging. (bnc#708296) - scsi_dh: invoke callback if ->activate is not present. (bnc#708296) - scsi_dh: return individual errors in scsi_dh_activate(). (bnc#708296) - scsi_dh_alua: Decode EMC Clariion extended inquiry. (bnc#708296) - scsi_dh_alua: Decode HP EVA array identifier. (bnc#708296) - scsi_dh_alua: Evaluate state for all port groups. (bnc#708296) - scsi_dh_alua: Fix missing close brace in alua_check_sense. (bnc#843642) - scsi_dh_alua: Make stpg synchronous. (bnc#708296) - scsi_dh_alua: Pass buffer as function argument. (bnc#708296) - scsi_dh_alua: Re-evaluate port group states after STPG. (bnc#708296) - scsi_dh_alua: Recheck state on transitioning. (bnc#708296) - scsi_dh_alua: Rework rtpg workqueue. (bnc#708296) - scsi_dh_alua: Use separate alua_port_group structure. (bnc#708296) - scsi_dh_alua: Allow get_alua_data() to return NULL. (bnc#839407) - scsi_dh_alua: asynchronous RTPG. (bnc#708296) - scsi_dh_alua: correctly terminate target port strings. (bnc#708296) - scsi_dh_alua: defer I/O while workqueue item is pending. (bnc#708296) - scsi_dh_alua: Do not attach to RAID or enclosure devices. (bnc#819979) - scsi_dh_alua: Do not attach to well-known LUNs. (bnc#821980) - scsi_dh_alua: fine-grained locking in alua_rtpg_work(). (bnc#708296) - scsi_dh_alua: invalid state information for 'optimized' paths. (bnc#843445) - scsi_dh_alua: move RTPG to workqueue. (bnc#708296) - scsi_dh_alua: move 'expiry' into PG structure. (bnc#708296) - scsi_dh_alua: move some sense code handling into generic code. (bnc#813245) - scsi_dh_alua: multipath failover fails with error 15. (bnc#825696) - scsi_dh_alua: parse target device id. (bnc#708296) - scsi_dh_alua: protect accesses to struct alua_port_group. (bnc#708296) - scsi_dh_alua: put sense buffer on stack. (bnc#708296) - scsi_dh_alua: reattaching device handler fails with 'Error 15'. (bnc#843429) - scsi_dh_alua: remove locking when checking state. (bnc#708296) - scsi_dh_alua: remove stale variable. (bnc#708296) - scsi_dh_alua: retry RTPG on UNIT ATTENTION. (bnc#708296) - scsi_dh_alua: retry command on 'mode parameter changed' sense code. (bnc#843645) - scsi_dh_alua: simplify alua_check_sense(). (bnc#843642) - scsi_dh_alua: simplify state update. (bnc#708296) - scsi_dh_alua: use delayed_work. (bnc#708296) - scsi_dh_alua: use flag for RTPG extended header. (bnc#708296) - scsi_dh_alua: use local buffer for VPD inquiry. (bnc#708296) - scsi_dh_alua: use spin_lock_irqsave for port group. (bnc#708296) - scsi_dh_alua: defer I/O while workqueue item is pending. (bnc#708296) - scsi_dh_alua: Rework rtpg workqueue. (bnc#708296) - scsi_dh_alua: use delayed_work. (bnc#708296) - scsi_dh_alua: move 'expiry' into PG structure. (bnc#708296) - scsi_dh: invoke callback if ->activate is not present. (bnc#708296) - scsi_dh_alua: correctly terminate target port strings. (bnc#708296) - scsi_dh_alua: retry RTPG on UNIT ATTENTION. (bnc#708296) - scsi_dh_alua: protect accesses to struct alua_port_group. (bnc#708296) - scsi_dh_alua: fine-grained locking in alua_rtpg_work(). (bnc#708296) - scsi_dh_alua: use spin_lock_irqsave for port group. (bnc#708296) - scsi_dh_alua: remove locking when checking state. (bnc#708296) - scsi_dh_alua: remove stale variable. (bnc#708296) - scsi_dh: return individual errors in scsi_dh_activate(). (bnc#708296) - scsi_dh_alua: fixup misplaced brace in alua_initialize(). (bnc#858831) - drm/i915: add I915_PARAM_HAS_VEBOX to i915_getparam (bnc#831103,FATE#316109). - drm/i915: add I915_EXEC_VEBOX to i915_gem_do_execbuffer() (bnc#831103,FATE#316109). - drm/i915: add VEBOX into debugfs (bnc#831103,FATE#316109). - drm/i915: Enable vebox interrupts (bnc#831103,FATE#316109). - drm/i915: vebox interrupt get/put (bnc#831103,FATE#316109). - drm/i915: consolidate interrupt naming scheme (bnc#831103,FATE#316109). - drm/i915: Convert irq_refounct to struct (bnc#831103,FATE#316109). - drm/i915: make PM interrupt writes non-destructive (bnc#831103,FATE#316109). - drm/i915: Add PM regs to pre/post install (bnc#831103,FATE#316109). - drm/i915: Create an ivybridge_irq_preinstall (bnc#831103,FATE#316109). - drm/i915: Create a more generic pm handler for hsw+ (bnc#831103,FATE#316109). - drm/i915: Vebox ringbuffer init (bnc#831103,FATE#316109). - drm/i915: add HAS_VEBOX (bnc#831103,FATE#316109). - drm/i915: Rename ring flush functions (bnc#831103,FATE#316109). - drm/i915: Add VECS semaphore bits (bnc#831103,FATE#316109). - drm/i915: Introduce VECS: the 4th ring (bnc#831103,FATE#316109). - drm/i915: Semaphore MBOX update generalization (bnc#831103,FATE#316109). - drm/i915: Comments for semaphore clarification (bnc#831103,FATE#316109). - drm/i915: fix gen4 digital port hotplug definitions. (bnc#850103) - drm/mgag200: Bug fix: Modified pll algorithm for EH project. (bnc#841654) - drm: do not add inferred modes for monitors that do not support them. (bnc#849809) - s390/cio: dont abort verification after missing irq (bnc#837739,LTC#97047). - s390/cio: skip broken paths (bnc#837739,LTC#97047). - s390/cio: export vpm via sysfs (bnc#837739,LTC#97047). - s390/cio: handle unknown pgroup state (bnc#837739,LTC#97047)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=708296" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=733022" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=769035" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=769644" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=770541" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=787843" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=789359" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=793727" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=798050" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=805114" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=805740" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=806988" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=807434" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=810323" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=813245" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=818064" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=818545" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=819979" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=820102" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=820338" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=820434" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=821619" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=821980" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=823618" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=825006" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=825696" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=825896" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=826602" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=826756" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=826978" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=827527" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=827767" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=828236" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=831103" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=833097" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=834473" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=834708" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=834808" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=835074" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=835186" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=836718" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=837206" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=837739" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=838623" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=839407" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=839973" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=840116" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=840226" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=841445" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=841654" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=842239" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=843185" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=843419" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=843429" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=843445" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=843642" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=843645" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=843654" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=845352" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=845378" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=845621" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=845729" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=846036" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=846298" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=846654" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=846984" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=846989" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=847261" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=847660" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=847842" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=848055" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=848317" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=848321" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=848335" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=848336" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=848544" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=848652" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=848864" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849021" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849029" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849034" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849256" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849362" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849364" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849404" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849675" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849809" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849855" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849950" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=850072" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=850103" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=850324" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=850493" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=850640" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=851066" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=851101" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=851290" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=851314" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=851603" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=851879" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=852153" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=852373" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=852558" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=852559" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=852624" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=852652" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=852761" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=853050" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=853051" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=853052" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=853053" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=853428" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=853465" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=854516" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=854546" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=854634" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=854722" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=856307" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=856481" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=858534" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=858831" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2146.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2930.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4345.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4483.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4511.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4514.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4515.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4587.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4592.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6367.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6368.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6376.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6378.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6380.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6383.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6463.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-7027.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 8826."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-man"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-syms"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3"); flag = 0; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-default-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-default-base-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-default-devel-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-default-man-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-source-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-syms-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-trace-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-trace-base-3.0.101-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-trace-devel-3.0.101-0.15.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2075-1.NASL description Vasily Kulikov reported a flaw in the Linux kernel last seen 2020-03-18 modified 2014-01-05 plugin id 71799 published 2014-01-05 reporter Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71799 title Ubuntu 13.10 : linux vulnerabilities (USN-2075-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2070-1.NASL description Vasily Kulikov reported a flaw in the Linux kernel last seen 2020-03-18 modified 2014-01-05 plugin id 71796 published 2014-01-05 reporter Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71796 title Ubuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2070-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-291.NASL description Multiple vulnerabilities has been found and corrected in the Linux kernel : The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h (CVE-2013-2929). The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application (CVE-2013-2930). Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c (CVE-2013-4511). Buffer overflow in the exitcode_proc_write function in arch/um/kernel/exitcode.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging root privileges for a write operation (CVE-2013-4512). Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions (CVE-2013-4514). The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call (CVE-2013-4515). Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots (CVE-2013-4592). The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation (CVE-2013-6378). The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command (CVE-2013-6380). Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a length value that is incompatible with the command-buffer size (CVE-2013-6381). The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call (CVE-2013-6383). The uio_mmap_physical function in drivers/uio/uio.c in the Linux kernel before 3.12 does not validate the size of a memory block, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted mmap operations, a different vulnerability than CVE-2013-4511 (CVE-2013-6763). The updated packages provides a solution for these security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 71511 published 2013-12-18 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71511 title Mandriva Linux Security Advisory : kernel (MDVSA-2013:291) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2068-1.NASL description Dave Jones and Vince Weaver reported a flaw in the Linux kernel last seen 2020-03-18 modified 2014-01-05 plugin id 71794 published 2014-01-05 reporter Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71794 title Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-2068-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2069-1.NASL description Hannes Frederic Sowa discovered a flaw in the Linux kernel last seen 2020-03-18 modified 2014-01-05 plugin id 71795 published 2014-01-05 reporter Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71795 title Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2069-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2073-1.NASL description Hannes Frederic Sowa discovered a flaw in the Linux kernel last seen 2020-03-18 modified 2014-01-05 plugin id 71798 published 2014-01-05 reporter Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71798 title Ubuntu 13.04 : linux vulnerabilities (USN-2073-1) NASL family SuSE Local Security Checks NASL id SUSE_11_KERNEL-140125.NASL description The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added : - supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed : - Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050). (CVE-2013-4587) - Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101). (CVE-2013-4592) - The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051). (CVE-2013-6367) - The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052). (CVE-2013-6368) - The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode. (bnc#853053). (CVE-2013-6376) - The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321). (CVE-2013-4483) - Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021). (CVE-2013-4511) - Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029). (CVE-2013-4514) - The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034). (CVE-2013-4515) - The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559). (CVE-2013-6378) - The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373). (CVE-2013-6380) - The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634). (CVE-2013-7027) - Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722). (CVE-2013-6463) - The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558). (CVE-2013-6383) - Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226). (CVE-2013-4345) - arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. (bnc#825006). (CVE-2013-2146) - The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. (bnc#849362). (CVE-2013-2930) Also the following non-security bugs have been fixed : - kernel: correct tlb flush on page table upgrade (bnc#847660, LTC#99268). - kernel: fix floating-point-control register save and restore (bnc#847660, LTC#99000). - kernel: correct handling of asce-type exceptions (bnc#851879, LTC#100293). - watchdog: Get rid of MODULE_ALIAS_MISCDEV statements. (bnc#827767) - random: fix accounting race condition with lockless irq entropy_count update. (bnc#789359) - blktrace: Send BLK_TN_PROCESS events to all running traces. (bnc#838623) - printk: forcibly flush nmi ringbuffer if oops is in progress. (bnc#849675) - Introduce KABI exception for cpuidle_state->disable via #ifndef __GENKSYMS__ - Honor state disabling in the cpuidle ladder governor. (bnc#845378) - cpuidle: add a sysfs entry to disable specific C state for debug purpose. (bnc#845378) - net: Do not enable tx-nocache-copy by default. (bnc#845378) - mm: reschedule to avoid RCU stall triggering during boot of large machines. (bnc#820434,bnc#852153) - rtc-cmos: Add an alarm disable quirk. (bnc#805740) - tty/hvc_iucv: Disconnect IUCV connection when lowering DTR (bnc#839973, LTC#97595). - tty/hvc_console: Add DTR/RTS callback to handle HUPCL control (bnc#839973, LTC#97595). - sched: Avoid throttle_cfs_rq() racing with period_timer stopping. (bnc#848336) - sched/balancing: Periodically decay max cost of idle balance. (bnc#849256) - sched: Consider max cost of idle balance per sched domain. (bnc#849256) - sched: Reduce overestimating rq->avg_idle. (bnc#849256) - sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining. (bnc#848336) - sched: Fix hrtimer_cancel()/rq->lock deadlock. (bnc#848336) - sched: Fix race on toggling cfs_bandwidth_used. (bnc#848336) - sched: Guarantee new group-entities always have weight. (bnc#848336) - sched: Use jump labels to reduce overhead when bandwidth control is inactive. (bnc#848336) - sched: Fix several races in CFS_BANDWIDTH. (bnc#848336) - futex: fix handling of read-only-mapped hugepages (VM Functionality). - futex: move user address verification up to common code. (bnc#851603) - futexes: Clean up various details. (bnc#851603) - futexes: Increase hash table size for better performance. (bnc#851603) - futexes: Document multiprocessor ordering guarantees. (bnc#851603) - futexes: Avoid taking the hb->lock if there is nothing to wake up. (bnc#851603) - futexes: Fix futex_hashsize initialization. (bnc#851603) - mutex: Make more scalable by doing fewer atomic operations. (bnc#849256) - powerpc: Fix memory hotplug with sparse vmemmap. (bnc#827527) - powerpc: Add System RAM to /proc/iomem. (bnc#827527) - powerpc/mm: Mark Memory Resources as busy. (bnc#827527) - powerpc: Fix fatal SLB miss when restoring PPR. (bnc#853465) - powerpc: Make function that parses RTAS error logs global. (bnc#852761) - powerpc/pseries: Parse and handle EPOW interrupts. (bnc#852761) - powerpc/rtas_flash: Fix validate_flash buffer overflow issue. (bnc#847842) - powerpc/rtas_flash: Fix bad memory access. (bnc#847842) - x86: Update UV3 hub revision ID (bnc#846298 fate#314987). - x86: Remove some noise from boot log when starting cpus. (bnc#770541) - x86/microcode/amd: Tone down printk(), do not treat a missing firmware file as an error. (bnc#843654) - x86/dumpstack: Fix printk_address for direct addresses. (bnc#845621) - x86/PCI: reduce severity of host bridge window conflict warnings. (bnc#858534) - ipv6: fix race condition regarding dst->expires and dst->from. (bnc#843185) - netback: bump tx queue length. (bnc#849404) - xfrm: invalidate dst on policy insertion/deletion. (bnc#842239) - xfrm: prevent ipcomp scratch buffer race condition. (bnc#842239) - tcp: bind() fix autoselection to share ports. (bnc#823618) - tcp: bind() use stronger condition for bind_conflict. (bnc#823618) - tcp: ipv6: bind() use stronger condition for bind_conflict. (bnc#823618) - kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops. (bnc#823618) - macvlan: introduce IFF_MACVLAN flag and helper function. (bnc#846984) - macvlan: introduce macvlan_dev_real_dev() helper function. (bnc#846984) - macvlan: disable LRO on lower device instead of macvlan. (bnc#846984) - fs: Avoid softlockup in shrink_dcache_for_umount_subtree. (bnc#834473) - blkdev_max_block: make private to fs/buffer.c. (bnc#820338) - storage: SMI Corporation usb key added to READ_CAPACITY_10 quirk. (bnc#850324) - autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race. (bnc#851314) - autofs4: catatonic_mode vs. notify_daemon race. (bnc#851314) - autofs4: close the races around autofs4_notify_daemon(). (bnc#851314) - autofs4: deal with autofs4_write/autofs4_write races. (bnc#851314) - autofs4: dont clear DCACHE_NEED_AUTOMOUNT on rootless mount. (bnc#851314) - autofs4: fix deal with autofs4_write races. (bnc#851314) - autofs4: use simple_empty() for empty directory check. (bnc#851314) - dlm: set zero linger time on sctp socket. (bnc#787843) - SUNRPC: Fix a data corruption issue when retransmitting RPC calls (no bugzilla yet - netapp confirms problem and fix). - nfs: Change NFSv4 to not recover locks after they are lost. (bnc#828236) - nfs: Adapt readdirplus to application usage patterns. (bnc#834708) - xfs: Account log unmount transaction correctly. (bnc#849950) - xfs: improve ioend error handling. (bnc#846036) - xfs: reduce ioend latency. (bnc#846036) - xfs: use per-filesystem I/O completion workqueues. (bnc#846036) - xfs: Hide additional entries in struct xfs_mount. (bnc#846036 / bnc#848544) - Btrfs: do not BUG_ON() if we get an error walking backrefs (FATE#312888). - vfs: avoid last seen 2020-06-05 modified 2014-02-05 plugin id 72325 published 2014-02-05 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72325 title SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 8823 / 8827) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2071-1.NASL description Dave Jones and Vince Weaver reported a flaw in the Linux kernel last seen 2020-03-18 modified 2014-01-05 plugin id 71797 published 2014-01-05 reporter Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71797 title Ubuntu 12.10 : linux vulnerabilities (USN-2071-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-0140-1.NASL description The SUSE Linux Enterprise 11 Service Pack 2 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added : - supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed : CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050) CVE-2013-6368: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052) CVE-2013-6367: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051) CVE-2013-4592: Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101) CVE-2013-6378: The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559) CVE-2013-4514: Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029) CVE-2013-4515: The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034) CVE-2013-7027: The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634) CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321) CVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021) CVE-2013-6380: The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373) CVE-2013-6463: Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722) CVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558) CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226) Also the following non-security bugs have been fixed : - kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops (bnc#823618). - printk: forcibly flush nmi ringbuffer if oops is in progress (bnc#849675). - blktrace: Send BLK_TN_PROCESS events to all running traces (bnc#838623). - x86/dumpstack: Fix printk_address for direct addresses (bnc#845621). - futex: fix handling of read-only-mapped hugepages (VM Functionality). - random: fix accounting race condition with lockless irq entropy_count update (bnc#789359). - Provide realtime priority kthread and workqueue boot options (bnc#836718). - sched: Fix several races in CFS_BANDWIDTH (bnc#848336). - sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining (bnc#848336). - sched: Fix hrtimer_cancel()/rq->lock deadlock (bnc#848336). - sched: Fix race on toggling cfs_bandwidth_used (bnc#848336). - sched: Fix buglet in return_cfs_rq_runtime(). - sched: Guarantee new group-entities always have weight (bnc#848336). - sched: Use jump labels to reduce overhead when bandwidth control is inactive (bnc#848336). watchdog: Get rid of MODULE_ALIAS_MISCDEV statements (bnc#827767). tcp: bind() fix autoselection to share ports (bnc#823618). - tcp: bind() use stronger condition for bind_conflict (bnc#823618). - tcp: ipv6: bind() use stronger condition for bind_conflict (bnc#823618). - macvlan: disable LRO on lower device instead of macvlan (bnc#846984). - macvlan: introduce IFF_MACVLAN flag and helper function (bnc#846984). - macvlan: introduce macvlan_dev_real_dev() helper function (bnc#846984). - xen: netback: bump tx queue length (bnc#849404). - xen: xen_spin_kick fixed crash/lock release (bnc#807434)(bnc#848652). - xen: fixed USB passthrough issue (bnc#852624). - netxen: fix off by one bug in netxen_release_tx_buffer() (bnc#845729). - xfrm: invalidate dst on policy insertion/deletion (bnc#842239). xfrm: prevent ipcomp scratch buffer race condition (bnc#842239). crypto: Fix aes-xts parameter corruption (bnc#854546, LTC#100718). crypto: gf128mul - fix call to memset() (obvious fix). autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race (bnc#851314). - autofs4: catatonic_mode vs. notify_daemon race (bnc#851314). - autofs4: close the races around autofs4_notify_daemon() (bnc#851314). - autofs4: deal with autofs4_write/autofs4_write races (bnc#851314). - autofs4 - dont clear DCACHE_NEED_AUTOMOUNT on rootless mount (bnc#851314). - autofs4 - fix deal with autofs4_write races (bnc#851314). autofs4 - use simple_empty() for empty directory check (bnc#851314). blkdev_max_block: make private to fs/buffer.c (bnc#820338). Avoid softlockup in shrink_dcache_for_umount_subtree (bnc#834473). dlm: set zero linger time on sctp socket (bnc#787843). - SUNRPC: Fix a data corruption issue when retransmitting RPC calls (bnc#855037) - nfs: Change NFSv4 to not recover locks after they are lost (bnc#828236). nfs: Adapt readdirplus to application usage patterns (bnc#834708). xfs: Account log unmount transaction correctly (bnc#849950). - xfs: improve ioend error handling (bnc#846036). - xfs: reduce ioend latency (bnc#846036). - xfs: use per-filesystem I/O completion workqueues (bnc#846036). xfs: Hide additional entries in struct xfs_mount (bnc#846036 bnc#848544). vfs: avoid last seen 2020-06-05 modified 2015-05-20 plugin id 83608 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83608 title SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2014:0140-1)
References
- https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.12.bz2
- https://github.com/torvalds/linux/commit/8d1e72250c847fa96498ec029891de4dc638a5ba
- http://www.openwall.com/lists/oss-security/2013/11/04/22
- http://www.ubuntu.com/usn/USN-2069-1
- http://www.ubuntu.com/usn/USN-2071-1
- http://www.ubuntu.com/usn/USN-2066-1
- http://www.ubuntu.com/usn/USN-2075-1
- http://www.ubuntu.com/usn/USN-2068-1
- http://www.ubuntu.com/usn/USN-2070-1
- http://www.ubuntu.com/usn/USN-2067-1
- http://www.ubuntu.com/usn/USN-2076-1
- http://www.ubuntu.com/usn/USN-2074-1
- http://www.ubuntu.com/usn/USN-2072-1
- http://www.ubuntu.com/usn/USN-2073-1
- http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d1e72250c847fa96498ec029891de4dc638a5ba