| Description: | Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.
Vulnerability Insight:
The openSUSE 13.2 kernel was updated to receive various security and
bugfixes.
The following security bugs were fixed:
- CVE-2015-3290: A flaw was found in the way the Linux kernels nested NMI
handler and espfix64 functionalities interacted during NMI processing. A
local, unprivileged user could use this flaw to crash the system or,
potentially, escalate their privileges on the system.
- CVE-2015-3212: A race condition flaw was found in the way the Linux
kernels SCTP implementation handled Address Configuration lists when
performing Address Configuration Change (ASCONF). A local attacker could
use this flaw to crash the system via a race condition triggered by
setting certain ASCONF options on a socket.
- CVE-2015-5364: A remote denial of service (hang) via UDP flood with
incorrect package checksums was fixed. (bsc#936831).
- CVE-2015-5366: A remote denial of service (unexpected error returns) via
UDP flood with incorrect package checksums was fixed. (bsc#936831).
- CVE-2015-4700: A local user could have created a bad instruction in the
JIT processed BPF code, leading to a kernel crash (bnc#935705).
- CVE-2015-1420: Race condition in the handle_to_path function in
fs/fhandle.c in the Linux kernel allowed local users to bypass intended
size restrictions and trigger read operations on additional memory
locations by changing the handle_bytes value of a file handle during the
execution of this function (bnc#915517).
- CVE-2015-4692: The kvm_apic_has_events function in arch/x86/kvm/lapic.h
in the Linux kernel allowed local users to cause a denial of service
(NULL pointer dereference and system crash) or possibly have unspecified
other impact by leveraging /dev/kvm access for an ioctl call
(bnc#935542).
- CVE-2015-4167 CVE-2014-9728 CVE-2014-9730 CVE-2014-9729 CVE-2014-9731:
Various problems in the UDF filesystem were fixed that could lead to
crashes when mounting prepared udf filesystems.
- CVE-2015-4002: drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver
in the Linux kernel did not ensure that certain length values are
sufficiently large, which allowed remote attackers to cause a denial of
service (system crash or large loop) or possibly execute arbitrary code
via a crafted packet, related to the (1) oz_usb_rx and (2)
oz_usb_handle_ep_data functions (bnc#933934).
- CVE-2015-4003: The oz_usb_handle_ep_data function in
drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux
kernel allowed remote attackers to cause a denial of service
(divide-by-zero error and system crash) via a crafted packet
(bnc#9339 ...
Description truncated, please see the referenced URL(s) for more information.
Affected Software/OS:
kernel on openSUSE 13.2
Solution:
Please install the updated package(s).
CVSS Score:
9.0
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:C
|
