Vulnerabilities > CVE-2017-14051 - Integer Overflow or Wraparound vulnerability in Linux Kernel

047910
CVSS 4.9 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
local
low complexity
linux
CWE-190
nessus

Summary

An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.

Vulnerable Configurations

Part Description Count
OS
Linux
2672

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-1062.NASL
    descriptionThe openSUSE Leap 42.2 kernel was updated to 4.4.87 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bnc#1057389). - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982). - CVE-2017-11472: The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table (bnc#1049580). - CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588). - CVE-2017-12134: The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790 1053919). The following non-security bugs were fixed : - acpi / scan: Prefer devices without _HID for _ADR matching (git-fixes). - alsa: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978) (bsc#1020657). - alsa: hda - Implement mic-mute LED mode enum (bsc#1055013). - alsa: hda/realtek - Add support headphone Mic for ALC221 of HP platform (bsc#1024405). - alsa: ice1712: Add support for STAudio ADCIII (bsc#1048934). - alsa: usb-audio: Apply sample rate quirk to Sennheiser headset (bsc#1052580). - Add
    last seen2020-06-05
    modified2017-09-18
    plugin id103287
    published2017-09-18
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103287
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2017-1062) (BlueBorne)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2017-1062.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(103287);
      script_version("3.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-1000251", "CVE-2017-11472", "CVE-2017-12134", "CVE-2017-14051", "CVE-2017-14106");
    
      script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2017-1062) (BlueBorne)");
      script_summary(english:"Check for the openSUSE-2017-1062 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The openSUSE Leap 42.2 kernel was updated to 4.4.87 to receive various
    security and bugfixes.
    
    The following security bugs were fixed :
    
      - CVE-2017-1000251: The native Bluetooth stack in the
        Linux Kernel (BlueZ) was vulnerable to a stack overflow
        vulnerability in the processing of L2CAP configuration
        responses resulting in Remote code execution in kernel
        space (bnc#1057389).
    
      - CVE-2017-14106: The tcp_disconnect function in
        net/ipv4/tcp.c in the Linux kernel allowed local users
        to cause a denial of service (__tcp_select_window
        divide-by-zero error and system crash) by triggering a
        disconnect within a certain tcp_recvmsg code path
        (bnc#1056982).
    
      - CVE-2017-11472: The acpi_ns_terminate() function in
        drivers/acpi/acpica/nsutils.c in the Linux kernel did
        not flush the operand cache and causes a kernel stack
        dump, which allowed local users to obtain sensitive
        information from kernel memory and bypass the KASLR
        protection mechanism (in the kernel through 4.9) via a
        crafted ACPI table (bnc#1049580).
    
      - CVE-2017-14051: An integer overflow in the
        qla2x00_sysfs_write_optrom_ctl function in
        drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel
        allowed local users to cause a denial of service (memory
        corruption and system crash) by leveraging root access
        (bnc#1056588).
    
      - CVE-2017-12134: The xen_biovec_phys_mergeable function
        in drivers/xen/biomerge.c in Xen might allow local OS
        guest users to corrupt block device data streams and
        consequently obtain sensitive memory information, cause
        a denial of service, or gain host OS privileges by
        leveraging incorrect block IO merge-ability calculation
        (bnc#1051790 1053919).
    
    The following non-security bugs were fixed :
    
      - acpi / scan: Prefer devices without _HID for _ADR
        matching (git-fixes).
    
      - alsa: hda - Add stereo mic quirk for Lenovo G50-70
        (17aa:3978) (bsc#1020657).
    
      - alsa: hda - Implement mic-mute LED mode enum
        (bsc#1055013).
    
      - alsa: hda/realtek - Add support headphone Mic for ALC221
        of HP platform (bsc#1024405).
    
      - alsa: ice1712: Add support for STAudio ADCIII
        (bsc#1048934).
    
      - alsa: usb-audio: Apply sample rate quirk to Sennheiser
        headset (bsc#1052580).
    
      - Add 'shutdown' to 'struct class' (bsc#1053117).
    
      - bluetooth: bnep: fix possible might sleep error in
        bnep_session (bsc#1031784).
    
      - bluetooth: cmtp: fix possible might sleep error in
        cmtp_session (bsc#1031784).
    
      - btrfs: fix early ENOSPC due to delalloc (bsc#1049226).
    
      - nfs: flush data when locking a file to ensure cache
        coherence for mmap (bsc#981309).
    
      - Revert '/proc/iomem: only expose physical resource
        addresses to privileged users' (kabi).
    
      - Revert 'Make file credentials available to the seqfile
        interfaces' (kabi).
    
      - usb: core: fix device node leak (bsc#1047487).
    
      - Update
        patches.drivers/tpm-141-fix-RC-value-check-in-tpm2_seal_
        trusted.patch (bsc#1020645, fate#321435, fate#321507,
        fate#321600, bsc#1034048, git-fixes 5ca4c20cfd37).
    
      - bnxt: add a missing rcu synchronization (bnc#1038583).
    
      - bnxt: do not busy-poll when link is down (bnc#1038583).
    
      - bnxt_en: Enable MRU enables bit when configuring VNIC
        MRU (bnc#1038583).
    
      - bnxt_en: Fix 'uninitialized variable' bug in TPA code
        path (bnc#1038583).
    
      - bnxt_en: Fix NULL pointer dereference in a failure path
        during open (bnc#1038583).
    
      - bnxt_en: Fix NULL pointer dereference in reopen failure
        path (bnc#1038583).
    
      - bnxt_en: Fix TX push operation on ARM64 (bnc#1038583).
    
      - bnxt_en: Fix VF virtual link state (bnc#1038583).
    
      - bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583).
    
      - bnxt_en: Fix and clarify link_info->advertising
        (bnc#1038583).
    
      - bnxt_en: Fix ring arithmetic in bnxt_setup_tc()
        (bnc#1038583).
    
      - bnxt_en: Pad TX packets below 52 bytes (bnc#1038583).
    
      - bnxt_en: Refactor TPA code path (bnc#1038583).
    
      - bnxt_en: fix pci cleanup in bnxt_init_one() failure path
        (bnc#1038583).
    
      - bnxt_en: initialize rc to zero to avoid returning
        garbage (bnc#1038583).
    
      - ceph: fix readpage from fscache (bsc#1057015).
    
      - cxgb4: Fix stack out-of-bounds read due to wrong size to
        t4_record_mbox() (bsc#1021424 bsc#1022743).
    
      - drivers: net: xgene: Fix wrong logical operation
        (bsc#1056827).
    
      - drm/vmwgfx: Limit max desktop dimensions to 8Kx8K
        (bsc#1048155).
    
      - fuse: initialize the flock flag in fuse_file on
        allocation (git-fixes).
    
      - gfs2: Do not clear SGID when inheriting ACLs
        (bsc#1012829).
    
      - ibmvnic: Clean up resources on probe failure
        (fate#323285, bsc#1058116).
    
      - iwlwifi: missing error code in iwl_trans_pcie_alloc()
        (bsc#1031717).
    
      - iwlwifi: mvm: do not send CTDP commands via debugfs if
        not supported (bsc#1031717).
    
      - kernel/*: switch to memdup_user_nul() (bsc#1048893).
    
      - lib: test_rhashtable: Fix KASAN warning (bsc#1055359).
    
      - lib: test_rhashtable: fix for large entry counts
        (bsc#1055359).
    
      - lightnvm: remove unused rq parameter of
        nvme_nvm_rqtocmd() to kill warning (FATE#319466).
    
      - md/raid5: fix a race condition in stripe batch
        (linux-stable).
    
      - mm, madvise: ensure poisoned pages are removed from
        per-cpu lists (VM hw poison -- git fixes).
    
      - mm/page_alloc.c: apply gfp_allowed_mask before the first
        allocation attempt (bnc#971975 VM -- git fixes).
    
      - mptsas: Fixup device hotplug for VMware ESXi
        (bsc#1030850).
    
      - netfilter: fix IS_ERR_VALUE usage (bsc#1052888).
    
      - netfilter: x_tables: pack percpu counter allocations
        (bsc#1052888).
    
      - netfilter: x_tables: pass xt_counters struct instead of
        packet counter (bsc#1052888).
    
      - netfilter: x_tables: pass xt_counters struct to counter
        allocator (bsc#1052888).
    
      - new helper: memdup_user_nul() (bsc#1048893).
    
      - of: fix '/cpus' reference leak in
        of_numa_parse_cpu_nodes() (bsc#1056827).
    
      - ovl: fix dentry leak for default_permissions
        (bsc#1054084).
    
      - percpu_ref: allow operation mode switching operations to
        be called concurrently (bsc#1055096).
    
      - percpu_ref: remove unnecessary RCU grace period for
        staggered atomic switching confirmation (bsc#1055096).
    
      - percpu_ref: reorganize __percpu_ref_switch_to_atomic()
        and relocate percpu_ref_switch_to_atomic()
        (bsc#1055096).
    
      - percpu_ref: restructure operation mode switching
        (bsc#1055096).
    
      - percpu_ref: unify staggered atomic switching wait
        behavior (bsc#1055096).
    
      - rtnetlink: fix rtnl_vfinfo_size (bsc#1056261).
    
      - s390: export symbols for crash-kmp (bsc#1053915).
    
      - supported.conf: clear mistaken external support flag for
        cifs.ko (bsc#1053802).
    
      - sysctl: fix lax sysctl_check_table() sanity check
        (bsc#1048893).
    
      - sysctl: fold sysctl_writes_strict checks into helper
        (bsc#1048893).
    
      - sysctl: kdoc'ify sysctl_writes_strict (bsc#1048893).
    
      - sysctl: simplify unsigned int support (bsc#1048893).
    
      - tpm: Issue a TPM2_Shutdown for TPM2 devices
        (bsc#1053117).
    
      - tpm: KABI fix (bsc#1053117).
    
      - tpm: fix: return rc when devm_add_action() fails
        (bsc#1020645, fate#321435, fate#321507, fate#321600,
        bsc#1034048, git-fixes 8e0ee3c9faed).
    
      - tpm: read burstcount from TPM_STS in one 32-bit
        transaction (bsc#1020645, fate#321435, fate#321507,
        fate#321600, bsc#1034048, git-fixes 27084efee0c3).
    
      - tpm_tis_core: Choose appropriate timeout for reading
        burstcount (bsc#1020645, fate#321435, fate#321507,
        fate#321600, bsc#1034048, git-fixes aec04cbdf723).
    
      - tpm_tis_core: convert max timeouts from msec to jiffies
        (bsc#1020645, fate#321435, fate#321507, fate#321600,
        bsc#1034048, git-fixes aec04cbdf723).
    
      - tty: serial: msm: Support more bauds (git-fixes).
    
      - ubifs: Correctly evict xattr inodes (bsc#1012829).
    
      - ubifs: Do not leak kernel memory to the MTD
        (bsc#1012829).
    
      - xfs: fix inobt inode allocation search optimization
        (bsc#1012829)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1012829"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1020645"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1020657"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021424"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1022743"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1024405"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1030850"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1031717"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1031784"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1034048"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1038583"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1047487"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048155"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048893"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048934"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049226"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049580"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051790"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1052580"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1052888"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053117"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053802"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053915"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053919"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1054084"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1055013"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1055096"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1055359"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056261"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056588"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056827"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056982"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1057015"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1057389"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1058116"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=971975"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=981309"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected the Linux Kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-pdf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/09/15");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-debug-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-debug-base-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-debug-base-debuginfo-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-debug-debuginfo-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-debug-debugsource-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-debug-devel-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-debug-devel-debuginfo-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-default-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-default-base-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-default-base-debuginfo-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-default-debuginfo-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-default-debugsource-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-default-devel-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-devel-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-docs-html-4.4.87-18.29.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-docs-pdf-4.4.87-18.29.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-macros-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-obs-build-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-obs-build-debugsource-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-obs-qa-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-source-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-source-vanilla-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-syms-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-vanilla-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-vanilla-base-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-vanilla-base-debuginfo-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-vanilla-debuginfo-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-vanilla-debugsource-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-vanilla-devel-4.4.87-18.29.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-docs-html / kernel-docs-pdf / kernel-devel / kernel-macros / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3469-1.NASL
    descriptionAnthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. (CVE-2017-10911) Bo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service (system crash). (CVE-2017-12153) It was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service (system crash). It was discovered that the key management subsystem in the Linux kernel did not properly restrict key reads on negatively instantiated keys. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-12192) It was discovered that an integer overflow existed in the sysfs interface for the QLogic 24xx+ series SCSI driver in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2017-14051) It was discovered that the ATI Radeon framebuffer driver in the Linux kernel did not properly initialize a data structure returned to user space. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14156) Dave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340) ChunYu Wang discovered that the iSCSI transport implementation in the Linux kernel did not properly validate data structures. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14489) It was discovered that the generic SCSI driver in the Linux kernel did not properly initialize data returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14991) Dmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem in the Linux kernel did not properly handle attempts to set reserved bits in a task
    last seen2020-06-01
    modified2020-06-02
    plugin id104320
    published2017-11-01
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104320
    titleUbuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3469-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3469-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(104320);
      script_version("3.8");
      script_cvs_date("Date: 2019/09/18 12:31:47");
    
      script_cve_id("CVE-2017-10911", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12192", "CVE-2017-14051", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-14489", "CVE-2017-14991", "CVE-2017-15537", "CVE-2017-9984", "CVE-2017-9985");
      script_xref(name:"USN", value:"3469-1");
    
      script_name(english:"Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3469-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Anthony Perard discovered that the Xen virtual block driver did not
    properly initialize some data structures before passing them to user
    space. A local attacker in a guest VM could use this to expose
    sensitive information from the host OS or other guest VMs.
    (CVE-2017-10911)
    
    Bo Zhang discovered that the netlink wireless configuration interface
    in the Linux kernel did not properly validate attributes when handling
    certain requests. A local attacker with the CAP_NET_ADMIN could use
    this to cause a denial of service (system crash). (CVE-2017-12153)
    
    It was discovered that the nested KVM implementation in the Linux
    kernel in some situations did not properly prevent second level guests
    from reading and writing the hardware CR8 register. A local attacker
    in a guest could use this to cause a denial of service (system crash).
    
    It was discovered that the key management subsystem in the Linux
    kernel did not properly restrict key reads on negatively instantiated
    keys. A local attacker could use this to cause a denial of service
    (system crash). (CVE-2017-12192)
    
    It was discovered that an integer overflow existed in the sysfs
    interface for the QLogic 24xx+ series SCSI driver in the Linux kernel.
    A local privileged attacker could use this to cause a denial of
    service (system crash). (CVE-2017-14051)
    
    It was discovered that the ATI Radeon framebuffer driver in the Linux
    kernel did not properly initialize a data structure returned to user
    space. A local attacker could use this to expose sensitive information
    (kernel memory). (CVE-2017-14156)
    
    Dave Chinner discovered that the XFS filesystem did not enforce that
    the realtime inode flag was settable only on filesystems on a realtime
    device. A local attacker could use this to cause a denial of service
    (system crash). (CVE-2017-14340)
    
    ChunYu Wang discovered that the iSCSI transport implementation in the
    Linux kernel did not properly validate data structures. A local
    attacker could use this to cause a denial of service (system crash).
    (CVE-2017-14489)
    
    It was discovered that the generic SCSI driver in the Linux kernel did
    not properly initialize data returned to user space in some
    situations. A local attacker could use this to expose sensitive
    information (kernel memory). (CVE-2017-14991)
    
    Dmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem
    in the Linux kernel did not properly handle attempts to set reserved
    bits in a task's extended state (xstate) area. A local attacker could
    use this to cause a denial of service (system crash). (CVE-2017-15537)
    
    Pengfei Wang discovered that the Turtle Beach MultiSound audio device
    driver in the Linux kernel contained race conditions when fetching
    from the ring-buffer. A local attacker could use this to cause a
    denial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3469-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-gke");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/10/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2017-10911", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12192", "CVE-2017-14051", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-14489", "CVE-2017-14991", "CVE-2017-15537", "CVE-2017-9984", "CVE-2017-9985");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-3469-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1009-kvm", pkgver:"4.4.0-1009.14")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1033-gke", pkgver:"4.4.0-1033.33")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1039-aws", pkgver:"4.4.0-1039.48")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1076-raspi2", pkgver:"4.4.0-1076.84")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1078-snapdragon", pkgver:"4.4.0-1078.83")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-98-generic", pkgver:"4.4.0-98.121")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-98-generic-lpae", pkgver:"4.4.0-98.121")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-98-lowlatency", pkgver:"4.4.0-98.121")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-aws", pkgver:"4.4.0.1039.41")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic", pkgver:"4.4.0.98.103")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic-lpae", pkgver:"4.4.0.98.103")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-gke", pkgver:"4.4.0.1033.34")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-kvm", pkgver:"4.4.0.1009.9")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-lowlatency", pkgver:"4.4.0.98.103")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-raspi2", pkgver:"4.4.0.1076.76")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-snapdragon", pkgver:"4.4.0.1078.70")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.4-aws / linux-image-4.4-generic / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2847-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.92 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038). - CVE-2017-11472: The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table (bnc#1049580). - CVE-2017-12134: The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790 bsc#1053919). - CVE-2017-12153: A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel This function did not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash (bnc#1058410). - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel did not ensure that the
    last seen2020-06-01
    modified2020-06-02
    plugin id104171
    published2017-10-26
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104171
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2847-1) (KRACK)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:2847-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(104171);
      script_version("3.14");
      script_cvs_date("Date: 2019/09/11 11:22:16");
    
      script_cve_id("CVE-2017-1000252", "CVE-2017-11472", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-13080", "CVE-2017-14051", "CVE-2017-14106", "CVE-2017-14489", "CVE-2017-15265", "CVE-2017-15649", "CVE-2017-6346");
      script_xref(name:"IAVA", value:"2017-A-0310");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2847-1) (KRACK)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.92 to
    receive various security and bugfixes. The following security bugs
    were fixed :
    
      - CVE-2017-1000252: The KVM subsystem in the Linux kernel
        allowed guest OS users to cause a denial of service
        (assertion failure, and hypervisor hang or crash) via an
        out-of bounds guest_irq value, related to
        arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).
    
      - CVE-2017-11472: The acpi_ns_terminate() function in
        drivers/acpi/acpica/nsutils.c in the Linux kernel did
        not flush the operand cache and causes a kernel stack
        dump, which allowed local users to obtain sensitive
        information from kernel memory and bypass the KASLR
        protection mechanism (in the kernel through 4.9) via a
        crafted ACPI table (bnc#1049580).
    
      - CVE-2017-12134: The xen_biovec_phys_mergeable function
        in drivers/xen/biomerge.c in Xen might allow local OS
        guest users to corrupt block device data streams and
        consequently obtain sensitive memory information, cause
        a denial of service, or gain host OS privileges by
        leveraging incorrect block IO merge-ability calculation
        (bnc#1051790 bsc#1053919).
    
      - CVE-2017-12153: A security flaw was discovered in the
        nl80211_set_rekey_data() function in
        net/wireless/nl80211.c in the Linux kernel This function
        did not check whether the required attributes are
        present in a Netlink request. This request can be issued
        by a user with the CAP_NET_ADMIN capability and may
        result in a NULL pointer dereference and system crash
        (bnc#1058410).
    
      - CVE-2017-12154: The prepare_vmcs02 function in
        arch/x86/kvm/vmx.c in the Linux kernel did not ensure
        that the 'CR8-load exiting' and 'CR8-store exiting' L0
        vmcs02 controls exist in cases where L1 omits the 'use
        TPR shadow' vmcs12 control, which allowed KVM L2 guest
        OS users to obtain read and write access to the hardware
        CR8 register (bnc#1058507).
    
      - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2)
        allowed reinstallation of the Group Temporal Key (GTK)
        during the group key handshake, allowing an attacker
        within radio range to replay frames from access points
        to clients (bnc#1056061 1063479 1063667 1063671).
    
      - CVE-2017-14051: An integer overflow in the
        qla2x00_sysfs_write_optrom_ctl function in
        drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel
        allowed local users to cause a denial of service (memory
        corruption and system crash) by leveraging root access
        (bnc#1056588).
    
      - CVE-2017-14106: The tcp_disconnect function in
        net/ipv4/tcp.c in the Linux kernel allowed local users
        to cause a denial of service (__tcp_select_window
        divide-by-zero error and system crash) by triggering a
        disconnect within a certain tcp_recvmsg code path
        (bnc#1056982).
    
      - CVE-2017-14489: The iscsi_if_rx function in
        drivers/scsi/scsi_transport_iscsi.c in the Linux kernel
        allowed local users to cause a denial of service (panic)
        by leveraging incorrect length validation (bnc#1059051).
    
      - CVE-2017-15265: Use-after-free vulnerability in the
        Linux kernel before 4.14-rc5 allowed local users to have
        unspecified impact via vectors related to /dev/snd/seq
        (bnc#1062520).
    
      - CVE-2017-15649: net/packet/af_packet.c in the Linux
        kernel allowed local users to gain privileges via
        crafted system calls that trigger mishandling of
        packet_fanout data structures, because of a race
        condition (involving fanout_add and packet_do_bind) that
        leads to a use-after-free, a different vulnerability
        than CVE-2017-6346 (bnc#1064388).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1004527"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005776"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005778"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005780"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005781"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1012382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1012829"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1015342"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1015343"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1019675"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1019680"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1019695"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1019699"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1020412"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1020645"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1020657"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1020989"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1021424"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022595"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022604"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022743"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022912"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022967"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1024346"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1024373"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1024405"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1025461"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1030850"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1031717"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1031784"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1032150"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1034048"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1034075"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1035479"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1036060"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1036215"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1036737"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1037579"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1037838"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1037890"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1038583"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1040813"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1042847"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1043598"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1044503"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1046529"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047238"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047487"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047989"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048155"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048228"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048325"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048327"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048356"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048501"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048893"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048912"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048934"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049226"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049272"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049291"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049336"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049361"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049580"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050471"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050742"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051790"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051987"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052093"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052094"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052095"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052360"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052384"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052580"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052593"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052888"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053043"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053309"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053472"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053627"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053629"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053633"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053681"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053685"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053802"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053915"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053919"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1054082"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1054084"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1054654"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055013"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055096"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055272"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055290"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055359"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055493"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055567"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055709"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055755"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055896"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055935"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055963"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056061"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056185"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056230"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056261"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056427"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056587"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056588"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056596"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056686"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056827"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056849"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056982"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1057015"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1057031"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1057035"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1057038"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1057047"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1057067"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1057383"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1057498"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1057849"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1058038"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1058116"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1058135"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1058410"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1058507"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1058512"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1058550"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1059051"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1059465"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1059500"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1059863"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1060197"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1060229"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1060249"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1060400"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1060985"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061017"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061046"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061064"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061067"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061172"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061451"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061721"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061775"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061831"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061872"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1062279"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1062520"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1062962"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063102"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063349"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063460"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063475"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063479"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063501"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063509"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063520"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063570"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063667"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063671"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063695"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1064064"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1064206"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1064388"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1064436"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=963575"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=964944"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=966170"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=966172"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=966186"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=966191"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=966316"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=966318"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=969476"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=969477"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=969756"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=971975"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=981309"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-1000252/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-11472/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-12134/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-12153/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-12154/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-13080/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-14051/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-14106/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-14489/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-15265/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-15649/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20172847-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?353e456c"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch
    SUSE-SLE-WE-12-SP3-2017-1770=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
    patch SUSE-SLE-SDK-12-SP3-2017-1770=1
    
    SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2017-1770=1
    
    SUSE Linux Enterprise Live Patching 12-SP3:zypper in -t patch
    SUSE-SLE-Live-Patching-12-SP3-2017-1770=1
    
    SUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch
    SUSE-SLE-HA-12-SP3-2017-1770=1
    
    SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP3-2017-1770=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/03/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/10/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/26");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"II");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"s390x", reference:"kernel-default-man-4.4.92-6.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-4.4.92-6.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-base-4.4.92-6.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-base-debuginfo-4.4.92-6.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-debuginfo-4.4.92-6.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-debugsource-4.4.92-6.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-devel-4.4.92-6.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-syms-4.4.92-6.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-4.4.92-6.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-debuginfo-4.4.92-6.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-debugsource-4.4.92-6.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-devel-4.4.92-6.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-extra-4.4.92-6.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-extra-debuginfo-4.4.92-6.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-syms-4.4.92-6.18.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3265-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-16649: The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel allowed local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067085). - CVE-2017-16535: The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066700). - CVE-2017-15102: The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel allowed local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference (bnc#1066705). - CVE-2017-16531: drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor (bnc#1066671). - CVE-2017-16529: The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066650). - CVE-2017-16525: The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup (bnc#1066618). - CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066573). - CVE-2017-16536: The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066606). - CVE-2017-16527: sound/usb/mixer.c in the Linux kernel allowed local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066625). - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667). - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192 (bnc#1045327). - CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c (bnc#1062520). - CVE-2017-14489: The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local users to cause a denial of service (panic) by leveraging incorrect length validation (bnc#1059051). - CVE-2017-14340: The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel did not verify that a filesystem has a realtime device, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory (bnc#1058524). - CVE-2017-14140: The move_pages system call in mm/migrate.c in the Linux kernel doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id105172
    published2017-12-12
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105172
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2017:3265-1) (KRACK)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:3265-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105172);
      script_version("3.15");
      script_cvs_date("Date: 2019/09/11 11:22:16");
    
      script_cve_id("CVE-2017-1000112", "CVE-2017-10661", "CVE-2017-12192", "CVE-2017-12762", "CVE-2017-13080", "CVE-2017-14051", "CVE-2017-14140", "CVE-2017-14340", "CVE-2017-14489", "CVE-2017-15102", "CVE-2017-15265", "CVE-2017-15274", "CVE-2017-16525", "CVE-2017-16527", "CVE-2017-16529", "CVE-2017-16531", "CVE-2017-16535", "CVE-2017-16536", "CVE-2017-16537", "CVE-2017-16649", "CVE-2017-8831");
      script_xref(name:"IAVA", value:"2017-A-0310");
    
      script_name(english:"SUSE SLES11 Security Update : kernel (SUSE-SU-2017:3265-1) (KRACK)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
    security and bugfixes. The following security bugs were fixed :
    
      - CVE-2017-16649: The usbnet_generic_cdc_bind function in
        drivers/net/usb/cdc_ether.c in the Linux kernel allowed
        local users to cause a denial of service (divide-by-zero
        error and system crash) or possibly have unspecified
        other impact via a crafted USB device (bnc#1067085).
    
      - CVE-2017-16535: The usb_get_bos_descriptor function in
        drivers/usb/core/config.c in the Linux kernel allowed
        local users to cause a denial of service (out-of-bounds
        read and system crash) or possibly have unspecified
        other impact via a crafted USB device (bnc#1066700).
    
      - CVE-2017-15102: The tower_probe function in
        drivers/usb/misc/legousbtower.c in the Linux kernel
        allowed local users (who are physically proximate for
        inserting a crafted USB device) to gain privileges by
        leveraging a write-what-where condition that occurs
        after a race condition and a NULL pointer dereference
        (bnc#1066705).
    
      - CVE-2017-16531: drivers/usb/core/config.c in the Linux
        kernel allowed local users to cause a denial of service
        (out-of-bounds read and system crash) or possibly have
        unspecified other impact via a crafted USB device,
        related to the USB_DT_INTERFACE_ASSOCIATION descriptor
        (bnc#1066671).
    
      - CVE-2017-16529: The snd_usb_create_streams function in
        sound/usb/card.c in the Linux kernel allowed local users
        to cause a denial of service (out-of-bounds read and
        system crash) or possibly have unspecified other impact
        via a crafted USB device (bnc#1066650).
    
      - CVE-2017-16525: The usb_serial_console_disconnect
        function in drivers/usb/serial/console.c in the Linux
        kernel allowed local users to cause a denial of service
        (use-after-free and system crash) or possibly have
        unspecified other impact via a crafted USB device,
        related to disconnection and failed setup (bnc#1066618).
    
      - CVE-2017-16537: The imon_probe function in
        drivers/media/rc/imon.c in the Linux kernel allowed
        local users to cause a denial of service (NULL pointer
        dereference and system crash) or possibly have
        unspecified other impact via a crafted USB device
        (bnc#1066573).
    
      - CVE-2017-16536: The cx231xx_usb_probe function in
        drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux
        kernel allowed local users to cause a denial of service
        (NULL pointer dereference and system crash) or possibly
        have unspecified other impact via a crafted USB device
        (bnc#1066606).
    
      - CVE-2017-16527: sound/usb/mixer.c in the Linux kernel
        allowed local users to cause a denial of service
        (snd_usb_mixer_interrupt use-after-free and system
        crash) or possibly have unspecified other impact via a
        crafted USB device (bnc#1066625).
    
      - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2)
        allowed reinstallation of the Group Temporal Key (GTK)
        during the group key handshake, allowing an attacker
        within radio range to replay frames from access points
        to clients (bnc#1063667).
    
      - CVE-2017-15274: security/keys/keyctl.c in the Linux
        kernel did not consider the case of a NULL payload in
        conjunction with a nonzero length value, which allowed
        local users to cause a denial of service (NULL pointer
        dereference and OOPS) via a crafted add_key or keyctl
        system call, a different vulnerability than
        CVE-2017-12192 (bnc#1045327).
    
      - CVE-2017-15265: Race condition in the ALSA subsystem in
        the Linux kernel allowed local users to cause a denial
        of service (use-after-free) or possibly have unspecified
        other impact via crafted /dev/snd/seq ioctl calls,
        related to sound/core/seq/seq_clientmgr.c and
        sound/core/seq/seq_ports.c (bnc#1062520).
    
      - CVE-2017-14489: The iscsi_if_rx function in
        drivers/scsi/scsi_transport_iscsi.c in the Linux kernel
        allowed local users to cause a denial of service (panic)
        by leveraging incorrect length validation (bnc#1059051).
    
      - CVE-2017-14340: The XFS_IS_REALTIME_INODE macro in
        fs/xfs/xfs_linux.h in the Linux kernel did not verify
        that a filesystem has a realtime device, which allowed
        local users to cause a denial of service (NULL pointer
        dereference and OOPS) via vectors related to setting an
        RHINHERIT flag on a directory (bnc#1058524).
    
      - CVE-2017-14140: The move_pages system call in
        mm/migrate.c in the Linux kernel doesn't check the
        effective uid of the target process, enabling a local
        attacker to learn the memory layout of a setuid
        executable despite ASLR (bnc#1057179).
    
      - CVE-2017-14051: An integer overflow in the
        qla2x00_sysfs_write_optrom_ctl function in
        drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel
        allowed local users to cause a denial of service (memory
        corruption and system crash) by leveraging root access
        (bnc#1056588).
    
      - CVE-2017-10661: Race condition in fs/timerfd.c in the
        Linux kernel allowed local users to gain privileges or
        cause a denial of service (list corruption or
        use-after-free) via simultaneous file-descriptor
        operations that leverage improper might_cancel queueing
        (bnc#1053152).
    
      - CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c: A
        user-controlled buffer is copied into a local buffer of
        constant size using strcpy without a length check which
        can cause a buffer overflow. (bnc#1053148).
    
      - CVE-2017-8831: The saa7164_bus_get function in
        drivers/media/pci/saa7164/saa7164-bus.c in the Linux
        kernel allowed local users to cause a denial of service
        (out-of-bounds array access) or possibly have
        unspecified other impact by changing a certain
        sequence-number value, aka a 'double fetch'
        vulnerability (bnc#1037994).
    
      - CVE-2017-1000112: An exploitable memory corruption due
        to UFO to non-UFO path switch was fixed. (bnc#1052311
        bnc#1052365).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1012917"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1013018"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022967"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1024450"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1031358"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1036286"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1036629"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1037441"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1037667"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1037669"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1037994"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1039803"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1040609"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1042863"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045154"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045205"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045327"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045538"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047523"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050381"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050431"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051133"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051932"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052311"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052365"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052370"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052593"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053148"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053152"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053317"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053802"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053933"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1054070"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1054076"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1054093"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1054247"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1054305"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1054706"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056230"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056504"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056588"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1057179"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1057796"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1058524"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1059051"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1060245"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1060665"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061017"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061180"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1062520"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1062842"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063301"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063544"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063667"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1064803"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1064861"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1065180"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066471"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066472"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066573"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066606"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066618"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066625"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066650"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066671"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066700"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066705"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1067085"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1067816"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1067888"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=909484"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=984530"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=996376"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-1000112/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-10661/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-12762/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-13080/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-14051/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-14140/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-14340/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-14489/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-15102/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-15265/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-15274/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16525/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16527/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16529/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16531/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16535/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16536/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16537/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16649/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-8831/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20173265-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f1e5f1fa"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t
    patch sdksp4-kernel-20171124-13375=1
    
    SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
    slessp4-kernel-20171124-13375=1
    
    SUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch
    slexsp3-kernel-20171124-13375=1
    
    SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
    dbgsp4-kernel-20171124-13375=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/12/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/12");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"II");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-ec2-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-ec2-base-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-ec2-devel-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-xen-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-xen-base-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-pae-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-pae-base-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-pae-devel-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"kernel-default-man-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-default-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-default-base-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-default-devel-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-source-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-syms-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-trace-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-trace-base-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-trace-devel-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-ec2-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-ec2-base-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-ec2-devel-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-xen-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-xen-base-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-xen-devel-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-pae-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-pae-base-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-pae-devel-3.0.101-108.18.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2525-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP3 LTSS kernel was updated receive various security and bugfixes. The following security bugs were fixed : - CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212) - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415) - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c (bsc#1030593). - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel was too late in obtaining a certain lock and consequently could not ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003) - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914) - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1024938) - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bsc#1025235) - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024) - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722) - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178) - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066) - CVE-2017-6951: The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the
    last seen2020-06-01
    modified2020-06-02
    plugin id103354
    published2017-09-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103354
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2017:2525-1) (Stack Clash)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:2525-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(103354);
      script_version("3.8");
      script_cvs_date("Date: 2019/09/11 11:22:16");
    
      script_cve_id("CVE-2016-10200", "CVE-2016-5243", "CVE-2017-1000112", "CVE-2017-1000363", "CVE-2017-1000365", "CVE-2017-1000380", "CVE-2017-10661", "CVE-2017-11176", "CVE-2017-11473", "CVE-2017-12762", "CVE-2017-14051", "CVE-2017-2647", "CVE-2017-2671", "CVE-2017-5669", "CVE-2017-5970", "CVE-2017-5986", "CVE-2017-6074", "CVE-2017-6214", "CVE-2017-6348", "CVE-2017-6353", "CVE-2017-6951", "CVE-2017-7184", "CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7294", "CVE-2017-7308", "CVE-2017-7482", "CVE-2017-7487", "CVE-2017-7533", "CVE-2017-7542", "CVE-2017-7616", "CVE-2017-8831", "CVE-2017-8890", "CVE-2017-8924", "CVE-2017-8925", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242");
    
      script_name(english:"SUSE SLES11 Security Update : kernel (SUSE-SU-2017:2525-1) (Stack Clash)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated receive
    various security and bugfixes. The following security bugs were 
    fixed :
    
      - CVE-2016-5243: The tipc_nl_compat_link_dump function in
        net/tipc/netlink_compat.c in the Linux kernel did not
        properly copy a certain string, which allowed local
        users to obtain sensitive information from kernel stack
        memory by reading a Netlink message (bnc#983212)
    
      - CVE-2016-10200: Race condition in the L2TPv3 IP
        Encapsulation feature in the Linux kernel allowed local
        users to gain privileges or cause a denial of service
        (use-after-free) by making multiple bind system calls
        without properly ascertaining whether a socket has the
        SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and
        net/l2tp/l2tp_ip6.c (bnc#1028415)
    
      - CVE-2017-2647: The KEYS subsystem in the Linux kernel
        allowed local users to gain privileges or cause a denial
        of service (NULL pointer dereference and system crash)
        via vectors involving a NULL value for a certain match
        field, related to the keyring_search_iterator function
        in keyring.c (bsc#1030593).
    
      - CVE-2017-2671: The ping_unhash function in
        net/ipv4/ping.c in the Linux kernel was too late in
        obtaining a certain lock and consequently could not
        ensure that disconnect function calls are safe, which
        allowed local users to cause a denial of service (panic)
        by leveraging access to the protocol value of
        IPPROTO_ICMP in a socket system call (bnc#1031003)
    
      - CVE-2017-5669: The do_shmat function in ipc/shm.c in the
        Linux kernel did not restrict the address calculated by
        a certain rounding operation, which allowed local users
        to map page zero, and consequently bypass a protection
        mechanism that exists for the mmap system call, by
        making crafted shmget and shmat system calls in a
        privileged context (bnc#1026914)
    
      - CVE-2017-5970: The ipv4_pktinfo_prepare function in
        net/ipv4/ip_sockglue.c in the Linux kernel allowed
        attackers to cause a denial of service (system crash)
        via (1) an application that made crafted system calls or
        possibly (2) IPv4 traffic with invalid IP options
        (bsc#1024938)
    
      - CVE-2017-5986: Race condition in the
        sctp_wait_for_sndbuf function in net/sctp/socket.c in
        the Linux kernel allowed local users to cause a denial
        of service (assertion failure and panic) via a
        multithreaded application that peels off an association
        in a certain buffer-full state (bsc#1025235)
    
      - CVE-2017-6074: The dccp_rcv_state_process function in
        net/dccp/input.c in the Linux kernel mishandled
        DCCP_PKT_REQUEST packet data structures in the LISTEN
        state, which allowed local users to obtain root
        privileges or cause a denial of service (double free)
        via an application that made an IPV6_RECVPKTINFO
        setsockopt system call (bnc#1026024)
    
      - CVE-2017-6214: The tcp_splice_read function in
        net/ipv4/tcp.c in the Linux kernel allowed remote
        attackers to cause a denial of service (infinite loop
        and soft lockup) via vectors involving a TCP packet with
        the URG flag (bnc#1026722)
    
      - CVE-2017-6348: The hashbin_delete function in
        net/irda/irqueue.c in the Linux kernel improperly
        managed lock dropping, which allowed local users to
        cause a denial of service (deadlock) via crafted
        operations on IrDA devices (bnc#1027178)
    
      - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did
        not properly restrict association peel-off operations
        during certain wait states, which allowed local users to
        cause a denial of service (invalid unlock and double
        free) via a multithreaded application. NOTE: this
        vulnerability exists because of an incorrect fix for
        CVE-2017-5986 (bnc#1027066)
    
      - CVE-2017-6951: The keyring_search_aux function in
        security/keys/keyring.c in the Linux kernel allowed
        local users to cause a denial of service (NULL pointer
        dereference and OOPS) via a request_key system call for
        the 'dead' type (bsc#1029850).
    
      - CVE-2017-7184: The xfrm_replay_verify_len function in
        net/xfrm/xfrm_user.c in the Linux kernel did not
        validate certain size data after an XFRM_MSG_NEWAE
        update, which allowed local users to obtain root
        privileges or cause a denial of service (heap-based
        out-of-bounds access) by leveraging the CAP_NET_ADMIN
        capability (bsc#1030573)
    
      - CVE-2017-7187: The sg_ioctl function in
        drivers/scsi/sg.c in the Linux kernel allowed local
        users to cause a denial of service (stack-based buffer
        overflow) or possibly have unspecified other impact via
        a large command size in an SG_NEXT_CMD_LEN ioctl call,
        leading to out-of-bounds write access in the sg_write
        function (bnc#1030213)
    
      - CVE-2017-7261: The vmw_surface_define_ioctl function in
        drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux
        kernel did not check for a zero value of certain levels
        data, which allowed local users to cause a denial of
        service (ZERO_SIZE_PTR dereference, and GPF and possibly
        panic) via a crafted ioctl call for a /dev/dri/renderD*
        device (bnc#1031052)
    
      - CVE-2017-7294: The vmw_surface_define_ioctl function in
        drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux
        kernel did not validate addition of certain levels data,
        which allowed local users to trigger an integer overflow
        and out-of-bounds write, and cause a denial of service
        (system hang or crash) or possibly gain privileges, via
        a crafted ioctl call for a /dev/dri/renderD* device
        (bnc#1031440)
    
      - CVE-2017-7308: The packet_set_ring function in
        net/packet/af_packet.c in the Linux kernel did not
        properly validate certain block-size data, which allowed
        local users to cause a denial of service (overflow) or
        possibly have unspecified other impact via crafted
        system calls (bnc#1031579)
    
      - CVE-2017-7482: Several missing length checks ticket
        decode allowing for information leak or potentially code
        execution (bsc#1046107).
    
      - CVE-2017-7487: The ipxitf_ioctl function in
        net/ipx/af_ipx.c in the Linux kernel mishandled
        reference counts, which allowed local users to cause a
        denial of service (use-after-free) or possibly have
        unspecified other impact via a failed SIOCGIFADDR ioctl
        call for an IPX interface (bsc#1038879).
    
      - CVE-2017-7533: Race condition in the fsnotify
        implementation in the Linux kernel allowed local users
        to gain privileges or cause a denial of service (memory
        corruption) via a crafted application that leverages
        simultaneous execution of the inotify_handle_event and
        vfs_rename functions (bnc#1049483 1050677 ).
    
      - CVE-2017-7542: The ip6_find_1stfragopt function in
        net/ipv6/output_core.c in the Linux kernel allowed local
        users to cause a denial of service (integer overflow and
        infinite loop) by leveraging the ability to open a raw
        socket (bnc#1049882).
    
      - CVE-2017-7616: Incorrect error handling in the
        set_mempolicy and mbind compat syscalls in
        mm/mempolicy.c in the Linux kernel allowed local users
        to obtain sensitive information from uninitialized stack
        data by triggering failure of a certain bitmap operation
        (bsc#1033336)
    
      - CVE-2017-8831: The saa7164_bus_get function in
        drivers/media/pci/saa7164/saa7164-bus.c in the Linux
        kernel allowed local users to cause a denial of service
        (out-of-bounds array access) or possibly have
        unspecified other impact by changing a certain
        sequence-number value, aka a 'double fetch'
        vulnerability. This requires a malicious PCI Card.
        (bnc#1037994).
    
      - CVE-2017-8890: The inet_csk_clone_lock function in
        net/ipv4/inet_connection_sock.c in the Linux kernel
        allowed attackers to cause a denial of service (double
        free) or possibly have unspecified other impact by
        leveraging use of the accept system call (bsc#1038544).
    
      - CVE-2017-8924: The edge_bulk_in_callback function in
        drivers/usb/serial/io_ti.c in the Linux kernel allowed
        local users to obtain sensitive information (in the
        dmesg ringbuffer and syslog) from uninitialized kernel
        memory by using a crafted USB device (posing as an io_ti
        USB serial device) to trigger an integer underflow
        (bnc#1037182).
    
      - CVE-2017-8925: The omninet_open function in
        drivers/usb/serial/omninet.c in the Linux kernel allowed
        local users to cause a denial of service (tty
        exhaustion) by leveraging reference count mishandling
        (bnc#1038981).
    
      - CVE-2017-9074: The IPv6 fragmentation implementation in
        the Linux kernel did not consider that the nexthdr field
        may be associated with an invalid option, which allowed
        local users to cause a denial of service (out-of-bounds
        read and BUG) or possibly have unspecified other impact
        via crafted socket and send system calls (bnc#1039882).
    
      - CVE-2017-9075: The sctp_v6_create_accept_sk function in
        net/sctp/ipv6.c in the Linux kernel mishandled
        inheritance, which allowed local users to cause a denial
        of service or possibly have unspecified other impact via
        crafted system calls, a related issue to CVE-2017-8890
        (bsc#1039883).
    
      - CVE-2017-9076: The dccp_v6_request_recv_sock function in
        net/dccp/ipv6.c in the Linux kernel mishandled
        inheritance, which allowed local users to cause a denial
        of service or possibly have unspecified other impact via
        crafted system calls, a related issue to CVE-2017-8890
        (bnc#1039885).
    
      - CVE-2017-9077: The tcp_v6_syn_recv_sock function in
        net/ipv6/tcp_ipv6.c in the Linux kernel mishandled
        inheritance, which allowed local users to cause a denial
        of service or possibly have unspecified other impact via
        crafted system calls, a related issue to CVE-2017-8890
        (bsc#1040069).
    
      - CVE-2017-9242: The __ip6_append_data function in
        net/ipv6/ip6_output.c in the Linux kernel was too late
        in checking whether an overwrite of an skb data
        structure may occur, which allowed local users to cause
        a denial of service (system crash) via crafted system
        calls (bnc#1041431).
    
      - CVE-2017-10661: Race condition in fs/timerfd.c in the
        Linux kernel allowed local users to gain privileges or
        cause a denial of service (list corruption or
        use-after-free) via simultaneous file-descriptor
        operations that leverage improper might_cancel queueing
        (bnc#1053152).
    
      - CVE-2017-11176: The mq_notify function in the Linux
        kernel did not set the sock pointer to NULL upon entry
        into the retry logic. During a user-space close of a
        Netlink socket, it allowed attackers to cause a denial
        of service (use-after-free) or possibly have unspecified
        other impact (bnc#1048275).
    
      - CVE-2017-11473: Buffer overflow in the
        mp_override_legacy_irq() function in
        arch/x86/kernel/acpi/boot.c in the Linux kernel allowed
        local users to gain privileges via a crafted ACPI table
        (bnc#1049603).
    
      - CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c: A
        user-controlled buffer is copied into a local buffer of
        constant size using strcpy without a length check which
        can cause a buffer overflow. (bnc#1053148).
    
      - CVE-2017-14051: An integer overflow in the
        qla2x00_sysfs_write_optrom_ctl function in
        drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel
        allowed local users to cause a denial of service (memory
        corruption and system crash) by leveraging root access
        (bnc#1056588).
    
      - CVE-2017-1000112: Fixed a race condition in net-packet
        code that could have been exploited by unprivileged
        users to gain root access. (bsc#1052311).
    
      - CVE-2017-1000363: Linux drivers/char/lp.c Out-of-Bounds
        Write. Due to a missing bounds check, and the fact that
        parport_ptr integer is static, a 'secure boot' kernel
        command line adversary could have overflowed the
        parport_nr array in the following code (bnc#1039456).
    
      - CVE-2017-1000365: The Linux Kernel imposes a size
        restriction on the arguments and environmental strings
        passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the
        size), but did not take the argument and environment
        pointers into account, which allowed attackers to bypass
        this limitation (bnc#1039354).
    
      - CVE-2017-1000380: sound/core/timer.c in the Linux kernel
        was vulnerable to a data race in the ALSA /dev/snd/timer
        driver resulting in local users being able to read
        information belonging to other users, i.e.,
        uninitialized memory contents may be disclosed when a
        read and an ioctl happen at the same time (bnc#1044125).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1006919"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1012422"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1013862"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1017143"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1020229"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1021256"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1023051"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1024938"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1025013"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1025235"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1026024"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1026722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1026914"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1027066"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1027101"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1027178"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1027179"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1027406"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1028415"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1028880"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1029212"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1029850"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1030213"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1030573"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1030575"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1030593"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1031003"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1031052"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1031440"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1031481"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1031579"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1031660"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1033287"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1033336"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1034670"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1034838"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1035576"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1037182"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1037183"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1037994"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1038544"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1038564"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1038879"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1038883"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1038981"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1038982"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1039349"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1039354"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1039456"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1039594"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1039882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1039883"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1039885"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1040069"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1041431"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1042364"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1042863"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1042892"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1044125"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045416"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045487"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1046107"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048232"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048275"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049483"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049603"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050677"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052311"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053148"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053152"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053760"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056588"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=870618"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=948562"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=957988"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=957990"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=963655"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=972891"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=979681"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=983212"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=986924"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=989896"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=999245"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10200/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5243/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-1000112/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-1000363/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-1000365/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-1000380/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-10661/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-11176/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-11473/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-12762/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-14051/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-2647/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-2671/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-5669/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-5970/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-5986/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-6074/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-6214/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-6348/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-6353/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-6951/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7184/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7187/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7261/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7294/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7308/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7482/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7487/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7533/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7542/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7616/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-8831/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-8890/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-8924/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-8925/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-9074/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-9075/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-9076/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-9077/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-9242/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20172525-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0c969444"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch
    slessp3-kernel-source-13284=1
    
    SUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch
    slexsp3-kernel-source-13284=1
    
    SUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch
    sleposp3-kernel-source-13284=1
    
    SUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch
    dbgsp3-kernel-source-13284=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'AF_PACKET packet_set_ring Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-bigsmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-bigsmp-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/09/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/20");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-ec2-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-ec2-base-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-ec2-devel-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-xen-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-xen-base-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-bigsmp-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-bigsmp-base-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-bigsmp-devel-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-pae-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-pae-base-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-pae-devel-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"s390x", reference:"kernel-default-man-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-default-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-default-base-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-default-devel-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-source-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-syms-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-trace-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-trace-base-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-trace-devel-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-ec2-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-ec2-base-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-ec2-devel-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-xen-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-xen-base-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-pae-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-pae-base-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.47.106.5.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3469-2.NASL
    descriptionUSN-3469-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. (CVE-2017-10911) Bo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service (system crash). (CVE-2017-12153) It was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service (system crash). It was discovered that the key management subsystem in the Linux kernel did not properly restrict key reads on negatively instantiated keys. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-12192) It was discovered that an integer overflow existed in the sysfs interface for the QLogic 24xx+ series SCSI driver in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2017-14051) It was discovered that the ATI Radeon framebuffer driver in the Linux kernel did not properly initialize a data structure returned to user space. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14156) Dave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340) ChunYu Wang discovered that the iSCSI transport implementation in the Linux kernel did not properly validate data structures. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14489) It was discovered that the generic SCSI driver in the Linux kernel did not properly initialize data returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14991) Dmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem in the Linux kernel did not properly handle attempts to set reserved bits in a task
    last seen2020-06-01
    modified2020-06-02
    plugin id104321
    published2017-11-01
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104321
    titleUbuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3469-2)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3469-2. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(104321);
      script_version("3.8");
      script_cvs_date("Date: 2019/09/18 12:31:47");
    
      script_cve_id("CVE-2017-10911", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12192", "CVE-2017-14051", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-14489", "CVE-2017-14991", "CVE-2017-15537", "CVE-2017-9984", "CVE-2017-9985");
      script_xref(name:"USN", value:"3469-2");
    
      script_name(english:"Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3469-2)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-3469-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
    LTS. This update provides the corresponding updates for the Linux
    Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
    14.04 LTS.
    
    Anthony Perard discovered that the Xen virtual block driver did not
    properly initialize some data structures before passing them to user
    space. A local attacker in a guest VM could use this to expose
    sensitive information from the host OS or other guest VMs.
    (CVE-2017-10911)
    
    Bo Zhang discovered that the netlink wireless configuration interface
    in the Linux kernel did not properly validate attributes when handling
    certain requests. A local attacker with the CAP_NET_ADMIN could use
    this to cause a denial of service (system crash). (CVE-2017-12153)
    
    It was discovered that the nested KVM implementation in the Linux
    kernel in some situations did not properly prevent second level guests
    from reading and writing the hardware CR8 register. A local attacker
    in a guest could use this to cause a denial of service (system crash).
    
    It was discovered that the key management subsystem in the Linux
    kernel did not properly restrict key reads on negatively instantiated
    keys. A local attacker could use this to cause a denial of service
    (system crash). (CVE-2017-12192)
    
    It was discovered that an integer overflow existed in the sysfs
    interface for the QLogic 24xx+ series SCSI driver in the Linux kernel.
    A local privileged attacker could use this to cause a denial of
    service (system crash). (CVE-2017-14051)
    
    It was discovered that the ATI Radeon framebuffer driver in the Linux
    kernel did not properly initialize a data structure returned to user
    space. A local attacker could use this to expose sensitive information
    (kernel memory). (CVE-2017-14156)
    
    Dave Chinner discovered that the XFS filesystem did not enforce that
    the realtime inode flag was settable only on filesystems on a realtime
    device. A local attacker could use this to cause a denial of service
    (system crash). (CVE-2017-14340)
    
    ChunYu Wang discovered that the iSCSI transport implementation in the
    Linux kernel did not properly validate data structures. A local
    attacker could use this to cause a denial of service (system crash).
    (CVE-2017-14489)
    
    It was discovered that the generic SCSI driver in the Linux kernel did
    not properly initialize data returned to user space in some
    situations. A local attacker could use this to expose sensitive
    information (kernel memory). (CVE-2017-14991)
    
    Dmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem
    in the Linux kernel did not properly handle attempts to set reserved
    bits in a task's extended state (xstate) area. A local attacker could
    use this to cause a denial of service (system crash). (CVE-2017-15537)
    
    Pengfei Wang discovered that the Turtle Beach MultiSound audio device
    driver in the Linux kernel contained race conditions when fetching
    from the ring-buffer. A local attacker could use this to cause a
    denial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3469-2/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/10/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2017-10911", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12192", "CVE-2017-14051", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-14489", "CVE-2017-14991", "CVE-2017-15537", "CVE-2017-9984", "CVE-2017-9985");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-3469-2");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-4.4.0-98-generic", pkgver:"4.4.0-98.121~14.04.1")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-4.4.0-98-generic-lpae", pkgver:"4.4.0-98.121~14.04.1")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-4.4.0-98-lowlatency", pkgver:"4.4.0-98.121~14.04.1")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-generic-lpae-lts-xenial", pkgver:"4.4.0.98.82")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-generic-lts-xenial", pkgver:"4.4.0.98.82")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-lowlatency-lts-xenial", pkgver:"4.4.0.98.82")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-1017.NASL
    descriptionThe openSUSE Leap 42.3 kernel was updated to 4.4.85 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588). - CVE-2017-12134: The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790 bnc#1053919). The following non-security bugs were fixed : - acpi: apd: Add clock frequency for Hisilicon Hip07/08 I2C controller (bsc#1049291). - acpi: apd: Fix HID for Hisilicon Hip07/08 (bsc#1049291). - acpi: APEI: Enable APEI multiple GHES source to share a single external IRQ (bsc#1053627). - acpi: irq: Fix return code of acpi_gsi_to_irq() (bsc#1053627). - acpi: pci: fix GIC irq model default PCI IRQ polarity (bsc#1053629). - acpi: scan: Prefer devices without _HID for _ADR matching (git-fixes). - Add
    last seen2020-06-05
    modified2017-09-13
    plugin id103155
    published2017-09-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103155
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2017-1017)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2017-1017.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(103155);
      script_version("3.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-12134", "CVE-2017-14051");
    
      script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2017-1017)");
      script_summary(english:"Check for the openSUSE-2017-1017 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The openSUSE Leap 42.3 kernel was updated to 4.4.85 to receive various
    security and bugfixes.
    
    The following security bugs were fixed :
    
      - CVE-2017-14051: An integer overflow in the
        qla2x00_sysfs_write_optrom_ctl function in
        drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel
        allowed local users to cause a denial of service (memory
        corruption and system crash) by leveraging root access
        (bnc#1056588).
    
      - CVE-2017-12134: The xen_biovec_phys_mergeable function
        in drivers/xen/biomerge.c in Xen might allow local OS
        guest users to corrupt block device data streams and
        consequently obtain sensitive memory information, cause
        a denial of service, or gain host OS privileges by
        leveraging incorrect block IO merge-ability calculation
        (bnc#1051790 bnc#1053919).
    
    The following non-security bugs were fixed :
    
      - acpi: apd: Add clock frequency for Hisilicon Hip07/08
        I2C controller (bsc#1049291).
    
      - acpi: apd: Fix HID for Hisilicon Hip07/08 (bsc#1049291).
    
      - acpi: APEI: Enable APEI multiple GHES source to share a
        single external IRQ (bsc#1053627).
    
      - acpi: irq: Fix return code of acpi_gsi_to_irq()
        (bsc#1053627).
    
      - acpi: pci: fix GIC irq model default PCI IRQ polarity
        (bsc#1053629).
    
      - acpi: scan: Prefer devices without _HID for _ADR
        matching (git-fixes).
    
      - Add 'shutdown' to 'struct class' (bsc#1053117).
    
      - alsa: hda - Add stereo mic quirk for Lenovo G50-70
        (17aa:3978) (bsc#1020657).
    
      - alsa: hda - Implement mic-mute LED mode enum
        (bsc#1055013).
    
      - alsa: hda - Workaround for i915 KBL breakage
        (bsc#1048356,bsc#1047989,bsc#1055272).
    
      - alsa: ice1712: Add support for STAudio ADCIII
        (bsc#1048934).
    
      - alsa: usb-audio: Apply sample rate quirk to Sennheiser
        headset (bsc#1052580).
    
      - arm64: do not trace atomic operations (bsc#1055290).
    
      - block: add kblock_mod_delayed_work_on() (bsc#1050211).
    
      - block: Make blk_mq_delay_kick_requeue_list() rerun the
        queue at a quiet time (bsc#1050211).
    
      - block: provide bio_uninit() free freeing integrity/task
        associations (bsc#1050211).
    
      - block: return on congested block device (FATE#321994).
    
      - bluetooth: bnep: fix possible might sleep error in
        bnep_session (bsc#1031784).
    
      - bluetooth: cmtp: fix possible might sleep error in
        cmtp_session (bsc#1031784).
    
      - bnxt_en: Add a callback to inform RDMA driver during PCI
        shutdown (bsc#1053309).
    
      - bnxt_en: Add additional chip ID definitions
        (bsc#1053309).
    
      - bnxt_en: Add bnxt_get_num_stats() to centrally get the
        number of ethtool stats (bsc#1053309).
    
      - bnxt_en: Add missing logic to handle TPA end error
        conditions (bsc#1053309).
    
      - bnxt_en: Add PCI IDs for BCM57454 VF devices
        (bsc#1053309).
    
      - bnxt_en: Allow the user to set ethtool stats-block-usecs
        to 0 (bsc#1053309).
    
      - bnxt_en: Call bnxt_dcb_init() after getting firmware
        DCBX configuration (bsc#1053309).
    
      - bnxt_en: Check status of firmware DCBX agent before
        setting DCB_CAP_DCBX_HOST (bsc#1053309).
    
      - bnxt_en: Fix bug in ethtool -L (bsc#1053309).
    
      - bnxt_en: Fix netpoll handling (bsc#1053309).
    
      - bnxt_en: Fix race conditions in .ndo_get_stats64()
        (bsc#1053309).
    
      - bnxt_en: Fix SRIOV on big-endian architecture
        (bsc#1053309).
    
      - bnxt_en: Fix xmit_more with BQL (bsc#1053309).
    
      - bnxt_en: Implement ndo_bridge_(get|set)link methods
        (bsc#1053309).
    
      - bnxt_en: Implement xmit_more (bsc#1053309).
    
      - bnxt_en: Optimize doorbell write operations for newer
        chips (bsc#1053309).
    
      - bnxt_en: Pass in sh parameter to bnxt_set_dflt_rings()
        (bsc#1053309).
    
      - bnxt_en: Report firmware DCBX agent (bsc#1053309).
    
      - bnxt_en: Retrieve the hardware bridge mode from the
        firmware (bsc#1053309).
    
      - bnxt_en: Set ETS min_bw parameter for older firmware
        (bsc#1053309).
    
      - bnxt_en: Support for Short Firmware Message
        (bsc#1053309).
    
      - bnxt_en: Update firmware interface spec to 1.8.0
        (bsc#1053309).
    
      - bnxt: fix unsigned comparsion with 0 (bsc#1053309).
    
      - bnxt: fix unused variable warnings (bsc#1053309).
    
      - btrfs: fix early ENOSPC due to delalloc (bsc#1049226).
    
      - btrfs: nowait aio: Correct assignment of pos
        (FATE#321994).
    
      - btrfs: nowait aio support (FATE#321994).
    
      - ceph: avoid accessing freeing inode in
        ceph_check_delayed_caps() (bsc#1048228).
    
      - ceph: avoid invalid memory dereference in the middle of
        umount (bsc#1048228).
    
      - ceph: cleanup writepage_nounlock() (bsc#1048228).
    
      - ceph: do not re-send interrupted flock request
        (bsc#1048228).
    
      - ceph: getattr before read on ceph.* xattrs
        (bsc#1048228).
    
      - ceph: handle epoch barriers in cap messages
        (bsc#1048228).
    
      - ceph: new mount option that specifies fscache uniquifier
        (bsc#1048228).
    
      - ceph: redirty page when writepage_nounlock() skips
        unwritable page (bsc#1048228).
    
      - ceph: remove special ack vs commit behavior
        (bsc#1048228).
    
      - ceph: remove useless page->mapping check in
        writepage_nounlock() (bsc#1048228).
    
      - ceph: re-request max size after importing caps
        (bsc#1048228).
    
      - ceph: update ceph_dentry_info::lease_session when
        necessary (bsc#1048228).
    
      - ceph: update the 'approaching max_size' code
        (bsc#1048228).
    
      - ceph: when seeing write errors on an inode, switch to
        sync writes (bsc#1048228).
    
      - cifs: Fix maximum SMB2 header size (bsc#1056185).
    
      - clocksource/drivers/arm_arch_timer: Fix mem frame loop
        initialization (bsc#1055709).
    
      - crush: assume weight_set != null imples weight_set_size
        > 0 (bsc#1048228).
    
      - crush: crush_init_workspace starts with struct
        crush_work (bsc#1048228).
    
      - crush: implement weight and id overrides for straw2
        (bsc#1048228).
    
      - crush: remove an obsolete comment (bsc#1048228).
    
      - crypto: chcr - Add ctr mode and process large sg entries
        for cipher (bsc#1048325).
    
      - crypto: chcr - Avoid changing request structure
        (bsc#1048325).
    
      - crypto: chcr - Ensure Destination sg entry size less
        than 2k (bsc#1048325).
    
      - crypto: chcr - Fix fallback key setting (bsc#1048325).
    
      - crypto: chcr - Pass lcb bit setting to firmware
        (bsc#1048325).
    
      - crypto: chcr - Return correct error code (bsc#1048325).
    
      - cxgb4: update latest firmware version supported
        (bsc#1048327).
    
      - cxgbit: add missing __kfree_skb() (bsc#1052095).
    
      - cxgbit: fix sg_nents calculation (bsc#1052095).
    
      - Disable patch
        0017-nvmet_fc-Simplify-sg-list-handling.patch
        (bsc#1052384)
    
      - dm: make flush bios explicitly sync (bsc#1050211).
    
      - dm mpath: do not lock up a CPU with requeuing activity
        (bsc#1048912).
    
      - drivers: net: xgene: Fix wrong logical operation
        (bsc#1056827).
    
      - drm/vmwgfx: Limit max desktop dimensions to 8Kx8K
        (bsc#1048155).
    
      - ext4: nowait aio support (FATE#321994).
    
      - fs: Introduce filemap_range_has_page() (FATE#321994).
    
      - fs: Introduce RWF_NOWAIT and FMODE_AIO_NOWAIT
        (FATE#321994).
    
      - fs: pass on flags in compat_writev (bsc#1050211).
    
      - fs: return if direct I/O will trigger writeback
        (FATE#321994).
    
      - fs: Separate out kiocb flags setup based on RWF_* flags
        (FATE#321994).
    
      - fs: Use RWF_* flags for AIO operations (FATE#321994).
    
      - fuse: initialize the flock flag in fuse_file on
        allocation (git-fixes).
    
      - i2c: designware: Add ACPI HID for Hisilicon Hip07/08 I2C
        controller (bsc#1049291).
    
      - i2c: designware: Convert to use unified device property
        API (bsc#1049291).
    
      - i2c: xgene: Set ACPI_COMPANION_I2C (bsc#1053633).
    
      - i2c: xgene-slimpro: Add ACPI support by using PCC
        mailbox (bsc#1053633).
    
      - i2c: xgene-slimpro: include linux/io.h for memremap
        (bsc#1053633).
    
      - i2c: xgene-slimpro: Use a single function to send
        command message (bsc#1053633).
    
      - i40e/i40evf: fix out-of-bounds read of cpumask
        (bsc#1053685).
    
      - ib/iser: Fix connection teardown race condition
        (bsc#1050211).
    
      - iscsi-target: fix invalid flags in text response
        (bsc#1052095).
    
      - iwlwifi: missing error code in iwl_trans_pcie_alloc()
        (bsc#1031717).
    
      - kabi: arm64: compatibility workaround for lse atomics
        (bsc#1055290).
    
      - kABI: protect enum pid_type (kabi).
    
      - kABI: protect struct iscsi_np (kabi).
    
      - kABI: protect struct se_lun (kabi).
    
      - kabi/severities: add fs/ceph to kabi severities
        (bsc#1048228).
    
      - kabi/severities: Ignore drivers/scsi/cxgbi (bsc#1052094)
    
      - kabi/severities: Ignore kABI changes due to last
        patchset (bnc#1053472)
    
      - kABI: uninline task_tgid_nr_nr (kabi).
    
      - kvm: arm64: Restore host physical timer access on
        hyp_panic() (bsc#1054082).
    
      - kvm: arm/arm64: Fix bug in advertising KVM_CAP_MSI_DEVID
        capability (bsc#1054082).
    
      - kvm, pkeys: do not use PKRU value in
        vcpu->arch.guest_fpu.state (bsc#1055935).
    
      - kvm: x86: block guest protection keys unless the host
        has them enabled (bsc#1055935).
    
      - kvm: x86: kABI workaround for PKRU fixes (bsc#1055935).
    
      - kvm: x86: simplify handling of PKRU (bsc#1055935).
    
      - libceph: abort already submitted but abortable requests
        when map or pool goes full (bsc#1048228).
    
      - libceph: add an epoch_barrier field to struct
        ceph_osd_client (bsc#1048228).
    
      - libceph: advertise support for NEW_OSDOP_ENCODING and
        SERVER_LUMINOUS (bsc#1048228).
    
      - libceph: advertise support for OSD_POOLRESEND
        (bsc#1048228).
    
      - libceph: allow requests to return immediately on full
        conditions if caller wishes (bsc#1048228).
    
      - libceph: always populate t->target_(oid,oloc) in
        calc_target() (bsc#1048228).
    
      - libceph: always signal completion when done
        (bsc#1048228).
    
      - libceph: apply_upmap() (bsc#1048228).
    
      - libceph: avoid unnecessary pi lookups in calc_target()
        (bsc#1048228).
    
      - libceph: ceph_connection_operations::reencode_message()
        method (bsc#1048228).
    
      - libceph: ceph_decode_skip_* helpers (bsc#1048228).
    
      - libceph: compute actual pgid in
        ceph_pg_to_up_acting_osds() (bsc#1048228).
    
      - libceph, crush: per-pool crush_choose_arg_map for
        crush_do_rule() (bsc#1048228).
    
      - libceph: delete from need_resend_linger before
        check_linger_pool_dne() (bsc#1048228).
    
      - libceph: do not call encode_request_finish() on
        MOSDBackoff messages (bsc#1048228).
    
      - libceph: do not call ->reencode_message() more than once
        per message (bsc#1048228).
    
      - libceph: do not pass pgid by value (bsc#1048228).
    
      - libceph: drop need_resend from calc_target()
        (bsc#1048228).
    
      - libceph: encode_(pgid,oloc)() helpers (bsc#1048228).
    
      - libceph: fallback for when there isn't a pool-specific
        choose_arg (bsc#1048228).
    
      - libceph: fix old style declaration warnings
        (bsc#1048228).
    
      - libceph: foldreq->last_force_resend into
        ceph_osd_request_target (bsc#1048228).
    
      - libceph: get rid of ack vs commit (bsc#1048228).
    
      - libceph: handle non-empty dest in ceph_(oloc,oid)_copy()
        (bsc#1048228).
    
      - libceph: initialize last_linger_id with a large integer
        (bsc#1048228).
    
      - libceph: introduce and switch to decode_pg_mapping()
        (bsc#1048228).
    
      - libceph: introduce ceph_spg, ceph_pg_to_primary_shard()
        (bsc#1048228).
    
      - libceph: kill __(insert,lookup,remove)_pg_mapping()
        (bsc#1048228).
    
      - libceph: make DEFINE_RB_* helpers more general
        (bsc#1048228).
    
      - libceph: make encode_request_*() work with r_mempool
        requests (bsc#1048228).
    
      - libceph: make RECOVERY_DELETES feature create a new
        interval (bsc#1048228).
    
      - libceph: make sure need_resend targets reflect latest
        map (bsc#1048228).
    
      - libceph: MOSDOp v8 encoding (actual spgid + full hash)
        (bsc#1048228).
    
      - libceph: new features macros (bsc#1048228).
    
      - libceph: new pi->last_force_request_resend
        (bsc#1048228).
    
      - libceph: NULL deref on osdmap_apply_incremental() error
        path (bsc#1048228).
    
      - libceph: osd_request_timeout option (bsc#1048228).
    
      - libceph: osd_state is 32 bits wide in luminous
        (bsc#1048228).
    
      - libceph: pg_upmap[_items] infrastructure (bsc#1048228).
    
      - libceph: pool deletion detection (bsc#1048228).
    
      - libceph: potential NULL dereference in
        ceph_msg_data_create() (bsc#1048228).
    
      - libceph: remove ceph_sanitize_features() workaround
        (bsc#1048228).
    
      - libceph: remove now unused finish_request() wrapper
        (bsc#1048228).
    
      - libceph: remove req->r_replay_version (bsc#1048228).
    
      - libceph: resend on PG splits if OSD has RESEND_ON_SPLIT
        (bsc#1048228).
    
      - libceph: respect RADOS_BACKOFF backoffs (bsc#1048228).
    
      - libceph: set -EINVAL in one place in crush_decode()
        (bsc#1048228).
    
      - libceph: support SERVER_JEWEL feature bits
        (bsc#1048228).
    
      - libceph: take osdc->lock in osdmap_show() and dump flags
        in hex (bsc#1048228).
    
      - libceph: upmap semantic changes (bsc#1048228).
    
      - libceph: use alloc_pg_mapping() in
        __decode_pg_upmap_items() (bsc#1048228).
    
      - libceph: use target pi for calc_target() calculations
        (bsc#1048228).
    
      - lib: test_rhashtable: fix for large entry counts
        (bsc#1055359).
    
      - lib: test_rhashtable: Fix KASAN warning (bsc#1055359).
    
      - locking/rwsem: Fix down_write_killable() for
        CONFIG_RWSEM_GENERIC_SPINLOCK=y (bsc#969756).
    
      - locking/rwsem-spinlock: Fix EINTR branch in
        __down_write_common() (bsc#969756).
    
      - lpfc: Add Buffer to Buffer credit recovery support
        (bsc#1052384).
    
      - lpfc: convert info messages to standard messages
        (bsc#1052384).
    
      - lpfc: Correct issues with FAWWN and FDISCs
        (bsc#1052384).
    
      - lpfc: Correct return error codes to align with nvme_fc
        transport (bsc#1052384).
    
      - lpfc: Fix bad sgl reposting after 2nd adapter reset
        (bsc#1052384).
    
      - lpfc: Fix crash in lpfc nvmet when fc port is reset
        (bsc#1052384).
    
      - lpfc: Fix duplicate NVME rport entries and namespaces
        (bsc#1052384).
    
      - lpfc: Fix handling of FCP and NVME FC4 types in Pt2Pt
        topology (bsc#1052384).
    
      - lpfc: fix 'integer constant too large' error on 32bit
        archs (bsc#1052384).
    
      - lpfc: Fix loop mode target discovery (bsc#1052384).
    
      - lpfc: Fix MRQ > 1 context list handling (bsc#1052384).
    
      - lpfc: Fix NVME PRLI handling during RSCN (bsc#1052384).
    
      - lpfc: Fix nvme target failure after 2nd adapter reset
        (bsc#1052384).
    
      - lpfc: Fix oops when NVME Target is discovered in a
        nonNVME environment (bsc#1052384).
    
      - lpfc: Fix plogi collision that causes illegal state
        transition (bsc#1052384).
    
      - lpfc: Fix rediscovery on switch blade pull
        (bsc#1052384).
    
      - lpfc: Fix relative offset error on large nvmet target
        ios (bsc#1052384).
    
      - lpfc: fixup crash during storage failover operations
        (bsc#1042847).
    
      - lpfc: Limit amount of work processed in IRQ
        (bsc#1052384).
    
      - lpfc: lpfc version bump 11.4.0.3 (bsc#1052384).
    
      - lpfc: remove console log clutter (bsc#1052384).
    
      - lpfc: support nvmet_fc defer_rcv callback (bsc#1052384).
    
      - megaraid_sas: Fix probing cards without io port
        (bsc#1053681).
    
      - mmc: mmc: correct the logic for setting HS400ES signal
        voltage (bsc#1054082).
    
      - mm, madvise: ensure poisoned pages are removed from
        per-cpu lists (VM hw poison -- git fixes).
    
      - mptsas: Fixup device hotplug for VMware ESXi
        (bsc#1030850).
    
      - net: ethernet: hip04: Call SET_NETDEV_DEV()
        (bsc#1049336).
    
      - netfilter: fix IS_ERR_VALUE usage (bsc#1052888).
    
      - netfilter: x_tables: pack percpu counter allocations
        (bsc#1052888).
    
      - netfilter: x_tables: pass xt_counters struct instead of
        packet counter (bsc#1052888).
    
      - netfilter: x_tables: pass xt_counters struct to counter
        allocator (bsc#1052888).
    
      - net: hns: add acpi function of xge led control
        (bsc#1049336).
    
      - net: hns: Fix a skb used after free bug (bsc#1049336).
    
      - net/mlx5: Cancel delayed recovery work when unloading
        the driver (bsc#1015342).
    
      - net/mlx5: Clean SRIOV eswitch resources upon VF creation
        failure (bsc#1015342).
    
      - net/mlx5: Consider tx_enabled in all modes on remap
        (bsc#1015342).
    
      - net/mlx5e: Add field select to MTPPS register
        (bsc#1015342).
    
      - net/mlx5e: Add missing support for PTP_CLK_REQ_PPS
        request (bsc#1015342).
    
      - net/mlx5e: Change 1PPS out scheme (bsc#1015342).
    
      - net/mlx5e: Fix broken disable 1PPS flow (bsc#1015342).
    
      - net/mlx5e: Fix outer_header_zero() check size
        (bsc#1015342).
    
      - net/mlx5e: Fix TX carrier errors report in get stats ndo
        (bsc#1015342).
    
      - net/mlx5e: Initialize CEE's getpermhwaddr address buffer
        to 0xff (bsc#1015342).
    
      - net/mlx5e: Rename physical symbol errors counter
        (bsc#1015342).
    
      - net/mlx5: Fix mlx5_add_flow_rules call with correct num
        of dests (bsc#1015342).
    
      - net/mlx5: Fix mlx5_ifc_mtpps_reg_bits structure size
        (bsc#1015342).
    
      - net/mlx5: Fix offset of hca cap reserved field
        (bsc#1015342).
    
      - net: phy: Fix lack of reference count on PHY driver
        (bsc#1049336).
    
      - net: phy: Fix PHY module checks and NULL deref in
        phy_attach_direct() (bsc#1049336).
    
      - nvme-fc: address target disconnect race conditions in
        fcp io submit (bsc#1052384).
    
      - nvme-fc: do not override opts->nr_io_queues
        (bsc#1052384).
    
      - nvme-fc: kABI fix for defer_rcv() callback
        (bsc#1052384).
    
      - nvme_fc/nvmet_fc: revise Create Association descriptor
        length (bsc#1052384).
    
      - nvme_fc: Reattach to localports on re-registration
        (bsc#1052384).
    
      - nvme-fc: revise TRADDR parsing (bsc#1052384).
    
      - nvme-fc: update tagset nr_hw_queues after queues reinit
        (bsc#1052384).
    
      - nvme-fc: use blk_mq_delay_run_hw_queue instead of
        open-coding it (bsc#1052384).
    
      - nvme: fix hostid parsing (bsc#1049272).
    
      - nvme-loop: update tagset nr_hw_queues after
        reconnecting/resetting (bsc#1052384).
    
      - nvme-pci: fix CMB sysfs file removal in reset path
        (bsc#1050211).
    
      - nvme-rdma: update tagset nr_hw_queues after
        reconnecting/resetting (bsc#1052384).
    
      - nvmet: avoid unneeded assignment of submit_bio return
        value (bsc#1052384).
    
      - nvmet_fc: Accept variable pad lengths on Create
        Association LS (bsc#1052384).
    
      - nvmet_fc: add defer_req callback for deferment of cmd
        buffer return (bsc#1052384).
    
      - nvmet-fc: correct use after free on list teardown
        (bsc#1052384).
    
      - nvmet-fc: eliminate incorrect static markers on local
        variables (bsc#1052384).
    
      - nvmet-fc: fix byte swapping in
        nvmet_fc_ls_create_association (bsc#1052384).
    
      - nvmet_fc: Simplify sg list handling (bsc#1052384).
    
      - nvmet: prefix version configfs file with attr
        (bsc#1052384).
    
      - of: fix '/cpus' reference leak in
        of_numa_parse_cpu_nodes() (bsc#1056827).
    
      - ovl: fix dentry leak for default_permissions
        (bsc#1054084).
    
      - pci/msi: fix the pci_alloc_irq_vectors_affinity stub
        (bsc#1050211).
    
      - pci/MSI: Ignore affinity if pre/post vector count is
        more than min_vecs (1050211).
    
      - percpu_ref: allow operation mode switching operations to
        be called concurrently (bsc#1055096).
    
      - percpu_ref: remove unnecessary RCU grace period for
        staggered atomic switching confirmation (bsc#1055096).
    
      - percpu_ref: reorganize __percpu_ref_switch_to_atomic()
        and relocate percpu_ref_switch_to_atomic()
        (bsc#1055096).
    
      - percpu_ref: restructure operation mode switching
        (bsc#1055096).
    
      - percpu_ref: unify staggered atomic switching wait
        behavior (bsc#1055096).
    
      - phy: Do not increment MDIO bus refcount unless it's a
        different owner (bsc#1049336).
    
      - phy: fix error case of phy_led_triggers_(un)register
        (bsc#1049336).
    
      - qeth: add network device features for VLAN devices
        (bnc#1053472, LTC#157385).
    
      - r8169: Add support for restarting auto-negotiation
        (bsc#1050742).
    
      - r8169:Correct the way of setting RTL8168DP ephy
        (bsc#1050742).
    
      - r8169:fix system hange problem (bsc#1050742).
    
      - r8169:Fix typo in setting RTL8168H PHY parameter
        (bsc#1050742).
    
      - r8169:Fix typo in setting RTL8168H PHY PFM mode
        (bsc#1050742).
    
      - r8169:Remove unnecessary phy reset for pcie nic when
        setting link spped (bsc#1050742).
    
      - r8169:Update the way of reading RTL8168H PHY register
        'rg_saw_cnt' (bsc#1050742).
    
      - rdma/mlx5: Fix existence check for extended address
        vector (bsc#1015342).
    
      - Remove patch
        0407-nvme_fc-change-failure-code-on-remoteport-connectiv
        i.patch (bsc#1037838)
    
      - Revert 'ceph: SetPageError() for writeback pages if
        writepages fails' (bsc#1048228).
    
      - s390/diag: add diag26c support (bnc#1053472,
        LTC#156729).
    
      - s390: export symbols for crash-kmp (bsc#1053915).
    
      - s390: Include uapi/linux/if_ether.h instead of
        linux/if_ether.h (bsc#1053472).
    
      - s390/pci: do not cleanup in arch_setup_msi_irqs
        (bnc#1053472, LTC#157731).
    
      - s390/pci: fix handling of PEC 306 (bnc#1053472,
        LTC#157731).
    
      - s390/pci: improve error handling during fmb
        (de)registration (bnc#1053472, LTC#157731).
    
      - s390/pci: improve error handling during interrupt
        deregistration (bnc#1053472, LTC#157731).
    
      - s390/pci: improve pci hotplug (bnc#1053472, LTC#157731).
    
      - s390/pci: improve unreg_ioat error handling
        (bnc#1053472, LTC#157731).
    
      - s390/pci: introduce clp_get_state (bnc#1053472,
        LTC#157731).
    
      - s390/pci: provide more debug information (bnc#1053472,
        LTC#157731).
    
      - s390/pci: recognize name clashes with uids (bnc#1053472,
        LTC#157731).
    
      - s390/qeth: no ETH header for outbound AF_IUCV
        (bnc#1053472, LTC#156276).
    
      - s390/qeth: size calculation outbound buffers
        (bnc#1053472, LTC#156276).
    
      - s390/qeth: use diag26c to get MAC address on L2
        (bnc#1053472, LTC#156729).
    
      - scsi: csiostor: add check for supported fw version
        (bsc#1005776).
    
      - scsi: csiostor: add support for Chelsio T6 adapters
        (bsc#1005776).
    
      - scsi: csiostor: fix use after free in
        csio_hw_use_fwconfig() (bsc#1005776).
    
      - scsi: csiostor: switch to pci_alloc_irq_vectors
        (bsc#1005776).
    
      - scsi: csiostor: update module version (bsc#1052093).
    
      - scsi: cxgb4i: assign rxqs in round robin mode
        (bsc#1052094).
    
      - scsi: qedf: Fix a potential NULL pointer dereference
        (bsc#1048912).
    
      - scsi: qedf: Limit number of CQs (bsc#1040813).
    
      - supported.conf: clear mistaken external support flag for
        cifs.ko (bsc#1053802).
    
      - tpm: fix: return rc when devm_add_action() fails
        (bsc#1020645, fate#321435, fate#321507, fate#321600,
        bsc#1034048, git-fixes 8e0ee3c9faed).
    
      - tpm: Issue a TPM2_Shutdown for TPM2 devices
        (bsc#1053117).
    
      - tpm: KABI fix (bsc#1053117).
    
      - tpm: read burstcount from TPM_STS in one 32-bit
        transaction (bsc#1020645, fate#321435, fate#321507,
        fate#321600, bsc#1034048, git-fixes 27084efee0c3).
    
      - tpm_tis_core: Choose appropriate timeout for reading
        burstcount (bsc#1020645, fate#321435, fate#321507,
        fate#321600, bsc#1034048, git-fixes aec04cbdf723).
    
      - tpm_tis_core: convert max timeouts from msec to jiffies
        (bsc#1020645, fate#321435, fate#321507, fate#321600,
        bsc#1034048, git-fixes aec04cbdf723).
    
      - tty: pl011: fix initialization order of QDF2400 E44
        (bsc#1054082).
    
      - tty: serial: msm: Support more bauds (git-fixes).
    
      - Update
        patches.drivers/tpm-141-fix-RC-value-check-in-tpm2_seal_
        trusted.patch (bsc#1020645, fate#321435, fate#321507,
        fate#321600, bsc#1034048, git-fixes 5ca4c20cfd37).
    
      - usb: core: fix device node leak (bsc#1047487).
    
      - x86/mm: Fix use-after-free of ldt_struct (bsc#1055963).
    
      - xfs/dmapi: fix incorrect file->f_path.dentry->d_inode
        usage (bsc#1055896).
    
      - xfs: nowait aio support (FATE#321994).
    
      - xgene: Always get clk source, but ignore if it's missing
        for SGMII ports (bsc#1048501).
    
      - xgene: Do not fail probe, if there is no clk resource
        for SGMII interfaces (bsc#1048501)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005776"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1015342"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1020645"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1020657"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1030850"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1031717"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1031784"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1034048"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1037838"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1040813"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1042847"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1047487"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1047989"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048155"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048228"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048325"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048327"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048356"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048501"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048912"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048934"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049226"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049272"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049291"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049336"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1050211"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1050742"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051790"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1052093"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1052094"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1052095"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1052384"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1052580"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1052888"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053117"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053309"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053472"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053627"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053629"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053633"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053681"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053685"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053802"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053915"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053919"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1054082"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1054084"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1055013"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1055096"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1055272"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1055290"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1055359"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1055709"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1055896"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1055935"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1055963"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056185"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056588"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056827"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=969756"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected the Linux Kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-pdf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/09/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-4.4.85-22.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-base-4.4.85-22.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-base-debuginfo-4.4.85-22.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-debuginfo-4.4.85-22.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-debugsource-4.4.85-22.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-devel-4.4.85-22.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-devel-debuginfo-4.4.85-22.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-4.4.85-22.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-base-4.4.85-22.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-base-debuginfo-4.4.85-22.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-debuginfo-4.4.85-22.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-debugsource-4.4.85-22.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-devel-4.4.85-22.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-devel-4.4.85-22.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-docs-html-4.4.85-22.3") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-docs-pdf-4.4.85-22.3") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-macros-4.4.85-22.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-obs-build-4.4.85-22.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-obs-build-debugsource-4.4.85-22.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-obs-qa-4.4.85-22.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-source-4.4.85-22.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-source-vanilla-4.4.85-22.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-syms-4.4.85-22.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-4.4.85-22.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-base-4.4.85-22.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-base-debuginfo-4.4.85-22.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-debuginfo-4.4.85-22.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-debugsource-4.4.85-22.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-devel-4.4.85-22.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-devel / kernel-macros / kernel-source / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-A3A8638A60.NASL
    descriptionThe 4.12.11 stable kernel update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-09-13
    plugin id103151
    published2017-09-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103151
    titleFedora 25 : kernel (2017-a3a8638a60)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2017-a3a8638a60.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(103151);
      script_version("3.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-13693", "CVE-2017-13694", "CVE-2017-13695", "CVE-2017-14051");
      script_xref(name:"FEDORA", value:"2017-a3a8638a60");
    
      script_name(english:"Fedora 25 : kernel (2017-a3a8638a60)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The 4.12.11 stable kernel update contains a number of important fixes
    across the tree.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-a3a8638a60"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:25");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/09/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^25([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 25", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2017-13693", "CVE-2017-13694", "CVE-2017-13695", "CVE-2017-14051");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for FEDORA-2017-a3a8638a60");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    if (rpm_check(release:"FC25", reference:"kernel-4.12.11-200.fc25")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-6764D16965.NASL
    descriptionThe 4.12.11 stable kernel update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-09-12
    plugin id103117
    published2017-09-12
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103117
    titleFedora 26 : kernel (2017-6764d16965)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2017-6764d16965.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(103117);
      script_version("3.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-13693", "CVE-2017-13694", "CVE-2017-13695", "CVE-2017-14051");
      script_xref(name:"FEDORA", value:"2017-6764d16965");
    
      script_name(english:"Fedora 26 : kernel (2017-6764d16965)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The 4.12.11 stable kernel update contains a number of important fixes
    across the tree.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-6764d16965"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:26");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/09/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^26([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 26", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2017-13693", "CVE-2017-13694", "CVE-2017-13695", "CVE-2017-14051");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for FEDORA-2017-6764d16965");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    if (rpm_check(release:"FC26", reference:"kernel-4.12.11-300.fc26")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2869-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.90 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038). - CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering object-initialization failures (bnc#1047277). - CVE-2017-11472: The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table (bnc#1049580). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603). - CVE-2017-12134: The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790 bnc#1053919). - CVE-2017-12153: A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel This function did not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash (bnc#1058410). - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel did not ensure that the
    last seen2020-06-01
    modified2020-06-02
    plugin id104253
    published2017-10-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104253
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2869-1) (KRACK)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:2869-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(104253);
      script_version("3.14");
      script_cvs_date("Date: 2019/09/11 11:22:16");
    
      script_cve_id("CVE-2017-1000252", "CVE-2017-10810", "CVE-2017-11472", "CVE-2017-11473", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-13080", "CVE-2017-14051", "CVE-2017-14106", "CVE-2017-14489", "CVE-2017-15649", "CVE-2017-6346", "CVE-2017-7518", "CVE-2017-7541", "CVE-2017-7542", "CVE-2017-8831");
      script_xref(name:"IAVA", value:"2017-A-0310");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2869-1) (KRACK)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.90 to
    receive various security and bugfixes. The following security bugs
    were fixed :
    
      - CVE-2017-1000252: The KVM subsystem in the Linux kernel
        allowed guest OS users to cause a denial of service
        (assertion failure, and hypervisor hang or crash) via an
        out-of bounds guest_irq value, related to
        arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).
    
      - CVE-2017-10810: Memory leak in the
        virtio_gpu_object_create function in
        drivers/gpu/drm/virtio/virtgpu_object.c in the Linux
        kernel allowed attackers to cause a denial of service
        (memory consumption) by triggering object-initialization
        failures (bnc#1047277).
    
      - CVE-2017-11472: The acpi_ns_terminate() function in
        drivers/acpi/acpica/nsutils.c in the Linux kernel did
        not flush the operand cache and causes a kernel stack
        dump, which allowed local users to obtain sensitive
        information from kernel memory and bypass the KASLR
        protection mechanism (in the kernel through 4.9) via a
        crafted ACPI table (bnc#1049580).
    
      - CVE-2017-11473: Buffer overflow in the
        mp_override_legacy_irq() function in
        arch/x86/kernel/acpi/boot.c in the Linux kernel allowed
        local users to gain privileges via a crafted ACPI table
        (bnc#1049603).
    
      - CVE-2017-12134: The xen_biovec_phys_mergeable function
        in drivers/xen/biomerge.c in Xen might allow local OS
        guest users to corrupt block device data streams and
        consequently obtain sensitive memory information, cause
        a denial of service, or gain host OS privileges by
        leveraging incorrect block IO merge-ability calculation
        (bnc#1051790 bnc#1053919).
    
      - CVE-2017-12153: A security flaw was discovered in the
        nl80211_set_rekey_data() function in
        net/wireless/nl80211.c in the Linux kernel This function
        did not check whether the required attributes are
        present in a Netlink request. This request can be issued
        by a user with the CAP_NET_ADMIN capability and may
        result in a NULL pointer dereference and system crash
        (bnc#1058410).
    
      - CVE-2017-12154: The prepare_vmcs02 function in
        arch/x86/kvm/vmx.c in the Linux kernel did not ensure
        that the 'CR8-load exiting' and 'CR8-store exiting' L0
        vmcs02 controls exist in cases where L1 omits the 'use
        TPR shadow' vmcs12 control, which allowed KVM L2 guest
        OS users to obtain read and write access to the hardware
        CR8 register (bnc#1058507).
    
      - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2)
        allowed reinstallation of the Group Temporal Key (GTK)
        during the group key handshake, allowing an attacker
        within radio range to replay frames from access points
        to clients (bnc#1063667).
    
      - CVE-2017-14051: An integer overflow in the
        qla2x00_sysfs_write_optrom_ctl function in
        drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel
        allowed local users to cause a denial of service (memory
        corruption and system crash) by leveraging root access
        (bnc#1056588).
    
      - CVE-2017-14106: The tcp_disconnect function in
        net/ipv4/tcp.c in the Linux kernel allowed local users
        to cause a denial of service (__tcp_select_window
        divide-by-zero error and system crash) by triggering a
        disconnect within a certain tcp_recvmsg code path
        (bnc#1056982).
    
      - CVE-2017-14489: The iscsi_if_rx function in
        drivers/scsi/scsi_transport_iscsi.c in the Linux kernel
        allowed local users to cause a denial of service (panic)
        by leveraging incorrect length validation (bnc#1059051).
    
      - CVE-2017-15649: net/packet/af_packet.c in the Linux
        kernel allowed local users to gain privileges via
        crafted system calls that trigger mishandling of
        packet_fanout data structures, because of a race
        condition (involving fanout_add and packet_do_bind) that
        leads to a use-after-free, a different vulnerability
        than CVE-2017-6346 (bnc#1064388).
    
      - CVE-2017-7518: The Linux kernel was vulnerable to an
        incorrect debug exception(#DB) error. It could occur
        while emulating a syscall instruction and potentially
        lead to guest privilege escalation. (bsc#1045922).
    
      - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in
        drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021
        1.c in the Linux kernel allowed local users to cause a
        denial of service (buffer overflow and system crash) or
        possibly gain privileges via a crafted NL80211_CMD_FRAME
        Netlink packet (bnc#1049645).
    
      - CVE-2017-7542: The ip6_find_1stfragopt function in
        net/ipv6/output_core.c in the Linux kernel allowed local
        users to cause a denial of service (integer overflow and
        infinite loop) by leveraging the ability to open a raw
        socket (bnc#1049882).
    
      - CVE-2017-8831: The saa7164_bus_get function in
        drivers/media/pci/saa7164/saa7164-bus.c in the Linux
        kernel allowed local users to cause a denial of service
        (out-of-bounds array access) or possibly have
        unspecified other impact by changing a certain
        sequence-number value, aka a 'double fetch'
        vulnerability (bnc#1037994).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1006180"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1011913"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1012382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1012829"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1013887"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1019151"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1020645"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1020657"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1021424"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022476"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022743"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022967"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1023175"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1024405"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1028173"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1028286"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1029693"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1030552"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1030850"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1031515"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1031717"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1031784"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1033587"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1034048"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1034075"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1034762"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1036303"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1036632"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1037344"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1037404"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1037994"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1038078"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1038583"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1038616"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1038792"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1039915"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1040307"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1040351"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1041958"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1042286"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1042314"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1042422"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1042778"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1043652"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1044112"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1044636"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045154"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045563"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045922"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1046682"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1046821"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1046985"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047027"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047048"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047096"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047118"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047121"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047152"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047277"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047343"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047354"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047487"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047651"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047653"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047670"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048155"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048221"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048317"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048891"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048893"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048914"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048934"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049226"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049483"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049486"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049580"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049603"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049645"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050061"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050188"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051022"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051059"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051239"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051399"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051478"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051479"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051556"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051663"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051790"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052049"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052223"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052533"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052580"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052593"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052709"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052773"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052794"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052888"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053117"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053802"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053915"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053919"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1054084"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055013"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055096"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055359"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055493"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055755"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055896"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056261"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056588"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056827"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056982"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1057015"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1058038"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1058116"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1058410"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1058507"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1059051"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1059465"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1060197"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061017"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061046"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061064"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061067"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061172"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061831"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061872"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063667"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1064206"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1064388"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=964063"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=971975"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=974215"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=981309"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-1000252/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-10810/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-11472/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-11473/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-12134/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-12153/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-12154/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-13080/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-14051/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-14106/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-14489/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-15649/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7518/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7541/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7542/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-8831/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20172869-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?baed955d"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch
    SUSE-SLE-WE-12-SP2-2017-1786=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
    patch SUSE-SLE-SDK-12-SP2-2017-1786=1
    
    SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t
    patch SUSE-SLE-RPI-12-SP2-2017-1786=1
    
    SUSE Linux Enterprise Server 12-SP2:zypper in -t patch
    SUSE-SLE-SERVER-12-SP2-2017-1786=1
    
    SUSE Linux Enterprise Live Patching 12:zypper in -t patch
    SUSE-SLE-Live-Patching-12-2017-1786=1
    
    SUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch
    SUSE-SLE-HA-12-SP2-2017-1786=1
    
    SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP2-2017-1786=1
    
    SUSE Container as a Service Platform ALL:zypper in -t patch
    SUSE-CAASP-ALL-2017-1786=1
    
    OpenStack Cloud Magnum Orchestration 7:zypper in -t patch
    SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1786=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/03/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/10/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/30");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"II");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP2", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP2", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"s390x", reference:"kernel-default-man-4.4.90-92.45.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"kernel-default-4.4.90-92.45.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"kernel-default-base-4.4.90-92.45.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"kernel-default-base-debuginfo-4.4.90-92.45.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"kernel-default-debuginfo-4.4.90-92.45.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"kernel-default-debugsource-4.4.90-92.45.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"kernel-default-devel-4.4.90-92.45.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"kernel-syms-4.4.90-92.45.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"kernel-default-4.4.90-92.45.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"kernel-default-debuginfo-4.4.90-92.45.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"kernel-default-debugsource-4.4.90-92.45.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"kernel-default-devel-4.4.90-92.45.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"kernel-default-extra-4.4.90-92.45.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"kernel-default-extra-debuginfo-4.4.90-92.45.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"kernel-syms-4.4.90-92.45.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1530.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.(CVE-2018-5750i1/4%0 - An issue was discovered in the btrfs filesystem code in the Linux kernel. A use-after-free is possible in try_merge_free_space() when mounting a crafted btrfs image due to a lack of chunk type flag checks in btrfs_check_chunk_valid() in the fs/btrfs/volumes.c function. This could lead to a denial of service or other unspecified impact.(CVE-2018-14611i1/4%0 - A flaw was found in the way the Linux kernel visor driver handles certain invalid USB device descriptors. The driver assumes that the device always has at least one bulk OUT endpoint. By using a specially crafted USB device (without a bulk OUT endpoint), an unprivileged user with physical access could trigger a kernel NULL-pointer dereference and cause a system panic (denial of service).(CVE-2015-7566i1/4%0 - It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel
    last seen2020-03-19
    modified2019-05-14
    plugin id124983
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124983
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1530)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124983);
      script_version("1.20");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19");
    
      script_cve_id(
        "CVE-2013-6380",
        "CVE-2014-4157",
        "CVE-2014-4654",
        "CVE-2014-9585",
        "CVE-2015-2041",
        "CVE-2015-7566",
        "CVE-2015-8956",
        "CVE-2016-5696",
        "CVE-2016-9588",
        "CVE-2017-14051",
        "CVE-2017-14106",
        "CVE-2017-15299",
        "CVE-2017-15868",
        "CVE-2017-16533",
        "CVE-2017-7616",
        "CVE-2017-9984",
        "CVE-2018-10880",
        "CVE-2018-13053",
        "CVE-2018-14611",
        "CVE-2018-5750"
      );
      script_bugtraq_id(
        63887,
        68083,
        68162,
        71990,
        72729
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1530)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS Virtualization for ARM 64 installation on the remote host is
    affected by the following vulnerabilities :
    
      - The acpi_smbus_hc_add function in drivers/acpi/sbshc.c
        in the Linux kernel through 4.14.15 allows local users
        to obtain sensitive address information by reading
        dmesg data from an SBS HC printk call.(CVE-2018-5750i1/4%0
    
      - An issue was discovered in the btrfs filesystem code in
        the Linux kernel. A use-after-free is possible in
        try_merge_free_space() when mounting a crafted btrfs
        image due to a lack of chunk type flag checks in
        btrfs_check_chunk_valid() in the fs/btrfs/volumes.c
        function. This could lead to a denial of service or
        other unspecified impact.(CVE-2018-14611i1/4%0
    
      - A flaw was found in the way the Linux kernel visor
        driver handles certain invalid USB device descriptors.
        The driver assumes that the device always has at least
        one bulk OUT endpoint. By using a specially crafted USB
        device (without a bulk OUT endpoint), an unprivileged
        user with physical access could trigger a kernel
        NULL-pointer dereference and cause a system panic
        (denial of service).(CVE-2015-7566i1/4%0
    
      - It was found that the RFC 5961 challenge ACK rate
        limiting as implemented in the Linux kernel's
        networking subsystem allowed an off-path attacker to
        leak certain information about a given connection by
        creating congestion on the global challenge ACK rate
        limit counter and then measuring the changes by probing
        packets. An off-path attacker could use this flaw to
        either terminate TCP connection and/or inject payload
        into non-secured TCP connection between two endpoints
        on the network.(CVE-2016-5696i1/4%0
    
      - It was found that the Bluebooth Network Encapsulation
        Protocol (BNEP) implementation did not validate the
        type of second socket passed to the BNEPCONNADD
        ioctl(), which could lead to memory corruption. A local
        user with the CAP_NET_ADMIN capability can use this for
        denial of service (crash or data corruption) or
        possibly for privilege escalation. Due to the nature of
        the flaw, privilege escalation cannot be fully ruled
        out, although we feel it is unlikely.(CVE-2017-15868i1/4%0
    
      - A vulnerability was found in the key management
        subsystem of the Linux kernel. An update on an
        uninstantiated key could cause a kernel panic, leading
        to denial of service (DoS).(CVE-2017-15299i1/4%0
    
      - The rfcomm_sock_bind function in
        net/bluetooth/rfcomm/sock.c in the Linux kernel before
        4.2 allows local users to obtain sensitive information
        or cause a denial of service (NULL pointer dereference)
        via vectors involving a bind system call on a Bluetooth
        RFCOMM socket.(CVE-2015-8956i1/4%0
    
      - arch/mips/include/asm/thread_info.h in the Linux kernel
        before 3.14.8 on the MIPS platform does not configure
        _TIF_SECCOMP checks on the fast system-call path, which
        allows local users to bypass intended PR_SET_SECCOMP
        restrictions by executing a crafted application without
        invoking a trace or audit subsystem.(CVE-2014-4157i1/4%0
    
      - A flaw was found in the Linux kernel's ext4 filesystem
        code. A stack-out-of-bounds write in
        ext4_update_inline_data() is possible when mounting and
        writing to a crafted ext4 image. An attacker could use
        this to cause a system crash and a denial of
        service.(CVE-2018-10880i1/4%0
    
      - The aac_send_raw_srb function in
        drivers/scsi/aacraid/commctrl.c in the Linux kernel
        through 3.12.1 does not properly validate a certain
        size value, which allows local users to cause a denial
        of service (invalid pointer dereference) or possibly
        have unspecified other impact via an
        FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted
        SRB command.(CVE-2013-6380i1/4%0
    
      - Linux kernel built with the KVM visualization support
        (CONFIG_KVM), with nested visualization(nVMX) feature
        enabled(nested=1), is vulnerable to an uncaught
        exception issue. It could occur if an L2 guest was to
        throw an exception which is not handled by an L1
        guest.(CVE-2016-9588i1/4%0
    
      - A flaw was found in the alarm_timer_nsleep() function
        in kernel/time/alarmtimer.c in the Linux kernel. The
        ktime_add_safe() function is not used and an integer
        overflow can happen causing an alarm not to fire if
        using a large relative timeout.(CVE-2018-13053i1/4%0
    
      - net/llc/sysctl_net_llc.c in the Linux kernel before
        3.19 uses an incorrect data type in a sysctl table,
        which allows local users to obtain potentially
        sensitive information from kernel memory or possibly
        have unspecified other impact by accessing a sysctl
        entry.(CVE-2015-2041i1/4%0
    
      - Incorrect error handling in the set_mempolicy() and
        mbind() compat syscalls in 'mm/mempolicy.c' in the
        Linux kernel allows local users to obtain sensitive
        information from uninitialized stack data by triggering
        failure of a certain bitmap operation.(CVE-2017-7616i1/4%0
    
      - The snd_msnd_interrupt function in
        sound/isa/msnd/msnd_pinnacle.c in the Linux kernel
        through 4.11.7 allows local users to cause a denial of
        service (over-boundary access) or possibly have
        unspecified other impact by changing the value of a
        message queue head pointer between two kernel reads of
        that value, aka a 'double fetch'
        vulnerability.(CVE-2017-9984i1/4%0
    
      - An integer overflow was discovered in the
        qla2x00_sysfs_write_optrom_ctl function in
        drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel
        through 4.12.10. This flaw allows local users to cause
        a denial of service (memory corruption and system
        crash) by leveraging root access.(CVE-2017-14051i1/4%0
    
      - A use-after-free flaw was found in the way the Linux
        kernel's Advanced Linux Sound Architecture (ALSA)
        implementation handled user controls. A local,
        privileged user could use this flaw to crash the
        system.(CVE-2014-4654i1/4%0
    
      - An information leak flaw was found in the way the Linux
        kernel's Virtual Dynamic Shared Object (vDSO)
        implementation performed address randomization. A
        local, unprivileged user could use this flaw to leak
        kernel memory addresses to user-space.(CVE-2014-9585i1/4%0
    
      - The usbhid_parse function in
        drivers/hid/usbhid/hid-core.c in the Linux kernel,
        before 4.13.8, allows local users to cause a denial of
        service (out-of-bounds read and system crash) or
        possibly have unspecified other impact via a crafted
        USB device.(CVE-2017-16533i1/4%0
    
      - A divide-by-zero vulnerability was found in the
        __tcp_select_window function in the Linux kernel. This
        can result in a kernel panic causing a local denial of
        service.(CVE-2017-14106i1/4%0
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1530
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1b19f2a9");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-9984");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-4.19.28-1.2.117",
            "kernel-devel-4.19.28-1.2.117",
            "kernel-headers-4.19.28-1.2.117",
            "kernel-tools-4.19.28-1.2.117",
            "kernel-tools-libs-4.19.28-1.2.117",
            "kernel-tools-libs-devel-4.19.28-1.2.117",
            "perf-4.19.28-1.2.117",
            "python-perf-4.19.28-1.2.117"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1200.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2016-10208 Sergej Schumilo and Ralf Spenneberg discovered that a crafted ext4 filesystem could trigger memory corruption when it is mounted. A user that can provide a device or filesystem image to be mounted could use this for denial of service (crash or data corruption) or possibly for privilege escalation. CVE-2017-8824 Mohamed Ghannam discovered that the DCCP implementation did not correctly manage resources when a socket is disconnected and reconnected, potentially leading to a use-after-free. A local user could use this for denial of service (crash or data corruption) or possibly for privilege escalation. On systems that do not already have the dccp module loaded, this can be mitigated by disabling it: echo >> /etc/modprobe.d/disable-dccp.conf install dccp false CVE-2017-8831 Pengfei Wang discovered that the saa7164 video capture driver re-reads data from a PCI device after validating it. A physically present user able to attach a specially designed PCI device could use this for privilege escalation. CVE-2017-12190 Vitaly Mayatskikh discovered that the block layer did not correctly count page references for raw I/O from user-space. This can be exploited by a guest VM with access to a host SCSI device for denial of service (memory exhaustion) or potentially for privilege escalation. CVE-2017-13080 A vulnerability was found in the WPA2 protocol that could lead to reinstallation of the same Group Temporal Key (GTK), which substantially reduces the security of wifi encryption. This is one of the issues collectively known as
    last seen2020-03-17
    modified2017-12-11
    plugin id105116
    published2017-12-11
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105116
    titleDebian DLA-1200-1 : linux security update (KRACK)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-1200-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105116);
      script_version("3.9");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2016-10208", "CVE-2017-1000407", "CVE-2017-12190", "CVE-2017-13080", "CVE-2017-14051", "CVE-2017-15115", "CVE-2017-15265", "CVE-2017-15299", "CVE-2017-15649", "CVE-2017-15868", "CVE-2017-16525", "CVE-2017-16527", "CVE-2017-16529", "CVE-2017-16531", "CVE-2017-16532", "CVE-2017-16533", "CVE-2017-16535", "CVE-2017-16536", "CVE-2017-16537", "CVE-2017-16643", "CVE-2017-16649", "CVE-2017-16939", "CVE-2017-8824", "CVE-2017-8831");
      script_xref(name:"IAVA", value:"2017-A-0310");
    
      script_name(english:"Debian DLA-1200-1 : linux security update (KRACK)");
      script_summary(english:"Checks dpkg output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a privilege escalation, denial of service or information
    leaks.
    
    CVE-2016-10208
    
    Sergej Schumilo and Ralf Spenneberg discovered that a crafted ext4
    filesystem could trigger memory corruption when it is mounted. A user
    that can provide a device or filesystem image to be mounted could use
    this for denial of service (crash or data corruption) or possibly for
    privilege escalation.
    
    CVE-2017-8824
    
    Mohamed Ghannam discovered that the DCCP implementation did not
    correctly manage resources when a socket is disconnected and
    reconnected, potentially leading to a use-after-free. A local user
    could use this for denial of service (crash or data corruption) or
    possibly for privilege escalation. On systems that do not already have
    the dccp module loaded, this can be mitigated by disabling it: echo >>
    /etc/modprobe.d/disable-dccp.conf install dccp false
    
    CVE-2017-8831
    
    Pengfei Wang discovered that the saa7164 video capture driver re-reads
    data from a PCI device after validating it. A physically present user
    able to attach a specially designed PCI device could use this for
    privilege escalation.
    
    CVE-2017-12190
    
    Vitaly Mayatskikh discovered that the block layer did not correctly
    count page references for raw I/O from user-space. This can be
    exploited by a guest VM with access to a host SCSI device for denial
    of service (memory exhaustion) or potentially for privilege
    escalation.
    
    CVE-2017-13080
    
    A vulnerability was found in the WPA2 protocol that could lead to
    reinstallation of the same Group Temporal Key (GTK), which
    substantially reduces the security of wifi encryption. This is one of
    the issues collectively known as 'KRACK'.
    
    Updates to GTKs are usually handled by the wpa package,
    where this issue was already fixed (DLA-1150-1). However,
    some wifi devices can remain active and update GTKs
    autonomously while the system is suspended. The kernel must
    also check for and ignore key reinstallation.
    
    CVE-2017-14051
    
    'shqking' reported that the qla2xxx SCSI host driver did not correctly
    validate I/O to the 'optrom' sysfs attribute of the devices it
    creates. This is unlikely to have any security impact.
    
    CVE-2017-15115
    
    Vladis Dronov reported that the SCTP implementation did not correctly
    handle 'peel-off' of an association to another net namespace. This
    leads to a use-after-free, which a local user can exploit for denial
    of service (crash or data corruption) or possibly for privilege
    escalation. On systems that do not already have the sctp module
    loaded, this can be mitigated by disabling it: echo >>
    /etc/modprobe.d/disable-sctp.conf install sctp false
    
    CVE-2017-15265
    
    Michael23 Yu reported a race condition in the ALSA sequencer subsystem
    involving creation and deletion of ports, which could lead to a
    use-after-free. A local user with access to an ALSA sequencer device
    can use this for denial of service (crash or data loss) or possibly
    for privilege escalation.
    
    CVE-2017-15299
    
    Eric Biggers discovered that the KEYS subsystem did not correctly
    handle update of an uninstantiated key, leading to a null dereference.
    A local user can use this for denial of service (crash).
    
    CVE-2017-15649
    
    'nixioaming' reported a race condition in the packet socket
    (AF_PACKET) implementation involving rebinding to a fanout group,
    which could lead to a use-after-free. A local user with the
    CAP_NET_RAW capability can use this for denial of service (crash or
    data corruption) or possibly for privilege escalation.
    
    CVE-2017-15868
    
    Al Viro found that the Bluebooth Network Encapsulation Protocol (BNEP)
    implementation did not validate the type of the second socket passed
    to the BNEPCONNADD ioctl(), which could lead to memory corruption. A
    local user with the CAP_NET_ADMIN capability can use this for denial
    of service (crash or data corruption) or possibly for privilege
    escalation.
    
    CVE-2017-16525
    
    Andrey Konovalov reported that the USB serial console implementation
    did not correctly handle disconnection of unusual serial devices,
    leading to a use-after-free. A similar issue was found in the case
    where setup of a serial console fails. A physically present user with
    a specially designed USB device can use this to cause a denial of
    service (crash or data corruption) or possibly for privilege
    escalation.
    
    CVE-2017-16527
    
    Andrey Konovalov reported that the USB sound mixer driver did not
    correctly cancel I/O in case it failed to probe a device, which could
    lead to a use-after-free. A physically present user with a specially
    designed USB device can use this to cause a denial of service (crash
    or data corruption) or possibly for privilege escalation.
    
    CVE-2017-16529
    
    Andrey Konovalov reported that the USB sound driver did not fully
    validate descriptor lengths, which could lead to a buffer over-read. A
    physically present user with a specially designed USB device may be
    able to use this to cause a denial of service (crash).
    
    CVE-2017-16531
    
    Andrey Konovalov reported that the USB core did not validate IAD
    lengths, which could lead to a buffer over-read. A physically present
    user with a specially designed USB device may be able to use this to
    cause a denial of service (crash).
    
    CVE-2017-16532
    
    Andrey Konovalov reported that the USB test driver did not correctly
    handle devices with specific combinations of endpoints. A physically
    present user with a specially designed USB device can use this to
    cause a denial of service (crash).
    
    CVE-2017-16533
    
    Andrey Konovalov reported that the USB HID driver did not fully
    validate descriptor lengths, which could lead to a buffer over-read. A
    physically present user with a specially designed USB device may be
    able to use this to cause a denial of service (crash).
    
    CVE-2017-16535
    
    Andrey Konovalov reported that the USB core did not validate BOS
    descriptor lengths, which could lead to a buffer over-read. A
    physically present user with a specially designed USB device may be
    able to use this to cause a denial of service (crash).
    
    CVE-2017-16536
    
    Andrey Konovalov reported that the cx231xx video capture driver did
    not fully validate the device endpoint configuration, which could lead
    to a null dereference. A physically present user with a specially
    designed USB device can use this to cause a denial of service (crash).
    
    CVE-2017-16537
    
    Andrey Konovalov reported that the imon RC driver did not fully
    validate the device interface configuration, which could lead to a
    null dereference. A physically present user with a specially designed
    USB device can use this to cause a denial of service (crash).
    
    CVE-2017-16643
    
    Andrey Konovalov reported that the gtco tablet driver did not fully
    validate descriptor lengths, which could lead to a buffer over-read. A
    physically present user with a specially designed USB device may be
    able to use this to cause a denial of service (crash).
    
    CVE-2017-16649
    
    Bj&oslash;rn Mork found that the cdc_ether network driver did not
    validate the device's maximum segment size, potentially leading to a
    division by zero. A physically present user with a specially designed
    USB device can use this to cause a denial of service (crash).
    
    CVE-2017-16939
    
    Mohamed Ghannam reported (through Beyond Security's SecuriTeam Secure
    Disclosure program) that the IPsec (xfrm) implementation did not
    correctly handle some failure cases when dumping policy information
    through netlink. A local user with the CAP_NET_ADMIN capability can
    use this for denial of service (crash or data corruption) or possibly
    for privilege escalation.
    
    CVE-2017-1000407
    
    Andrew Honig reported that the KVM implementation for Intel processors
    allowed direct access to host I/O port 0x80, which is not generally
    safe. On some systems this allows a guest VM to cause a denial of
    service (crash) of the host.
    
    For Debian 7 'Wheezy', these problems have been fixed in version
    3.2.96-2. This version also includes bug fixes from upstream versions
    up to and including 3.2.96. It also fixes some regressions caused by
    the fix for CVE-2017-1000364, which was included in DLA-993-1.
    
    We recommend that you upgrade your linux packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Upgrade the affected linux package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/02/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/12/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/11");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"II");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"linux", reference:"3.2.96-2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2353.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):The yam_ioctl function in drivers et/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.(CVE-2014-1446)The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.(CVE-2015-1350)A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.(CVE-2015-3332)The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.(CVE-2015-8816)In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23.(CVE-2015-9289)The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2184)The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2185)The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2186)The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2187)Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.(CVE-2016-2384)The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.(CVE-2016-2782)The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.(CVE-2016-3138)The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-3139)The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-3140)The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.(CVE-2016-3689)The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.(CVE-2016-4569)sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.(CVE-2016-4578)The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.(CVE-2016-4580)The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.(CVE-2016-7425)The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.(CVE-2017-1000379)In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes(CVE-2017-11089)An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993.(CVE-2017-13167)In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097.(CVE-2017-13216)A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.(CVE-2017-13305)An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.(CVE-2017-14051)The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.(CVE-2017-18232)An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.(CVE-2017-18509)An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.(CVE-2017-18551)An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.(CVE-2017-18595)The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.(CVE-2017-7261)The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.(CVE-2017-7472)The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.(CVE-2018-10087)The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.(CVE-2018-10124)The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.(CVE-2018-10322)The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.(CVE-2018-10323)The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.(CVE-2018-10675)Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.(CVE-2018-10880)An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls.(CVE-2018-12896)An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.(CVE-2018-17972)An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658.(CVE-2018-18710 )An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers et/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call.(CVE-2018-20511)An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.(CVE-2018-20856)An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.(CVE-2018-20976)Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.(CVE-2018-3693)In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.(CVE-2018-6412)In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945.(CVE-2018-9518 )Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.(CVE-2019-0136)A vulnerability was found in Linux kernel
    last seen2020-05-08
    modified2019-12-10
    plugin id131845
    published2019-12-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131845
    titleEulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-4316.NASL
    descriptionDescription of changes: kernel-uek [3.8.13-118.29.1.el7uek] - Copy secure_boot flag in boot params across kexec reboot (Dave Young) [Orabug: 22066352] {CVE-2015-7837} - ipv6: tcp: add rcu locking in tcp_v6_send_synack() (Eric Dumazet) [Orabug: 25059183] {CVE-2016-3841} - ipv6: add complete rcu protection around np->opt (Eric Dumazet) [Orabug: 25059183] {CVE-2016-3841} - scsi: qla2xxx: Fix an integer overflow in sysfs code (Dan Carpenter) [Orabug: 28220420] {CVE-2017-14051} - ext4: fail ext4_iget for root directory if unallocated (Theodore Ts
    last seen2020-03-18
    modified2019-01-07
    plugin id120977
    published2019-01-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120977
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4316)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2920-1.NASL
    descriptionThe SUSE Linux Enterprise 12 GA LTS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bnc#1064388). - CVE-2015-9004: kernel/events/core.c in the Linux kernel mishandled counter grouping, which allowed local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions (bnc#1037306). - CVE-2016-10229: udp.c in the Linux kernel allowed remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag (bnc#1032268). - CVE-2016-9604: The handling of keyrings starting with
    last seen2020-06-01
    modified2020-06-02
    plugin id104374
    published2017-11-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104374
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2920-1) (KRACK) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2908-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP1 LTS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bnc#1064388). - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667). - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192 (bnc#1045327). - CVE-2017-15265: Use-after-free vulnerability in the Linux kernel allowed local users to have unspecified impact via vectors related to /dev/snd/seq (bnc#1062520). - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation. (bnc#1039354). - CVE-2017-12153: A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel This function did not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash (bnc#1058410). - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel did not ensure that the
    last seen2020-06-01
    modified2020-06-02
    plugin id104271
    published2017-10-31
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104271
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2908-1) (KRACK) (Stack Clash)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3583-1.NASL
    descriptionIt was discovered that an out-of-bounds write vulnerability existed in the Flash-Friendly File System (f2fs) in the Linux kernel. An attacker could construct a malicious file system that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0750) It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861) It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407) Bo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service (system crash). (CVE-2017-12153) Vitaly Mayatskikh discovered that the SCSI subsystem in the Linux kernel did not properly track reference counts when merging buffers. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-12190) It was discovered that the key management subsystem in the Linux kernel did not properly restrict key reads on negatively instantiated keys. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-12192) It was discovered that an integer overflow existed in the sysfs interface for the QLogic 24xx+ series SCSI driver in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2017-14051) Otto Ebeling discovered that the memory manager in the Linux kernel did not properly check the effective UID in some situations. A local attacker could use this to expose sensitive information. (CVE-2017-14140) It was discovered that the ATI Radeon framebuffer driver in the Linux kernel did not properly initialize a data structure returned to user space. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14156) ChunYu Wang discovered that the iSCSI transport implementation in the Linux kernel did not properly validate data structures. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14489) James Patrick-Evans discovered a race condition in the LEGO USB Infrared Tower driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15102) ChunYu Wang discovered that a use-after-free vulnerability existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code, (CVE-2017-15115) It was discovered that the key management subsystem in the Linux kernel did not properly handle NULL payloads with non-zero length values. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-15274) It was discovered that the Bluebooth Network Encapsulation Protocol (BNEP) implementation in the Linux kernel did not validate the type of socket passed in the BNEPCONNADD ioctl(). A local attacker with the CAP_NET_ADMIN privilege could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15868) Andrey Konovalov discovered a use-after-free vulnerability in the USB serial console driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16525) It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the systemwide OS fingerprint list. (CVE-2017-17450) It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806) Denys Fedoryshchenko discovered a use-after-free vulnerability in the netfilter xt_TCPMSS filter of the Linux kernel. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-18017) Gareth Evans discovered that the shm IPC subsystem in the Linux kernel did not properly restrict mapping page zero. A local privileged attacker could use this to execute arbitrary code. (CVE-2017-5669) It was discovered that an integer overflow vulnerability existing in the IPv6 implementation in the Linux kernel. A local attacker could use this to cause a denial of service (infinite loop). (CVE-2017-7542) Tommi Rantala and Brad Spengler discovered that the memory manager in the Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism. A local attacker with access to /dev/mem could use this to expose sensitive information or possibly execute arbitrary code. (CVE-2017-7889) Mohamed Ghannam discovered a use-after-free vulnerability in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-8824) Mohamed Ghannam discovered a NULL pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333) Fan Long Fei discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344) USN-3524-1 mitigated CVE-2017-5754 (Meltdown) for the amd64 architecture in Ubuntu 14.04 LTS. This update provides the corresponding mitigations for the ppc64el architecture. Original advisory details : Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5754). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id107003
    published2018-02-26
    reporterUbuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107003
    titleUbuntu 14.04 LTS : linux vulnerabilities (USN-3583-1) (Meltdown)