Descripción: | Summary: The remote host is missing an update for the 'Linux' package(s) announced via the referenced advisory.
Vulnerability Insight: The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix various bugs and security issues.
WARNING: If you are running KVM with PCI pass-through on a system with one of the following Intel chipsets: 5500 (revision 0x13), 5520 (revision 0x13) or X58 (revisions 0x12, 0x13, 0x22), please make sure to read the following referenced support document before installing this update. You will have to update your KVM setup to no longer make use of PCI pass-through before rebooting to the updated kernel.
The following security bugs were fixed:
* CVE-2013-4470: The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c. (bnc#847672)
* CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#852967)
* CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#857643)
* CVE-2013-7264: The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2 ...
Description truncated, please see the referenced URL(s) for more information.
Affected Software/OS: Linux on SUSE Linux Enterprise Server 11 SP3
Solution: Please install the updated package(s).
CVSS Score: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
|