| Description: | Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.
Vulnerability Insight:
The openSUSE Leap 42.3 kernel was updated
to 4.4.92 to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed
reinstallation of the Group Temporal Key (GTK) during the group key
handshake, allowing an attacker within radio range to replay frames from
access points to clients (bnc#1063667).
- CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel
allowed local users to cause a denial of service (use-after-free) or
possibly have unspecified other impact via crafted /dev/snd/seq ioctl
calls, related to sound/core/seq/seq_clientmgr.c and
sound/core/seq/seq_ports.c (bnc#1062520).
- CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local
users to gain privileges via crafted system calls that trigger
mishandling of packet_fanout data structures, because of a race
condition (involving fanout_add and packet_do_bind) that leads to a
use-after-free, a different vulnerability than CVE-2017-6346
(bnc#1064388).
The following non-security bugs were fixed:
- acpi/processor: Check for duplicate processor ids at hotplug time
(bnc#1056230).
- acpi/processor: Implement DEVICE operator for processor enumeration
(bnc#1056230).
- add mainline tags to hyperv patches
- alsa: au88x0: avoid theoretical uninitialized access (bnc#1012382).
- alsa: compress: Remove unused variable (bnc#1012382).
- alsa: usb-audio: Check out-of-bounds access by corrupted buffer
descriptor (bnc#1012382).
- alsa: usx2y: Suppress kernel warning at page allocation failures
(bnc#1012382).
- arm64: add function to get a cpu's MADT GICC table (bsc#1062279).
- arm64: dts: Add Broadcom Vulcan PMU in dts (fate#319481).
- arm64/perf: Access pmu register using read/write gt _sys_reg
(bsc#1062279).
- arm64/perf: Add Broadcom Vulcan PMU support (fate#319481).
- arm64/perf: Changed events naming as per the ARM ARM (fate#319481).
- arm64/perf: Define complete ARMv8 recommended implementation defined
events (fate#319481).
- arm64: perf: do not expose CHAIN event in sysfs (bsc#1062279).
- arm64: perf: Extend event config for ARMv8.1 (bsc#1062279).
- arm64/perf: Filter common events based on PMCEIDn_EL0 (fate#319481).
- arm64: perf: Ignore exclude_hv when kernel is running in HYP
(bsc#1062279).
- arm64: perf: move to common attr_group fields (bsc#1062279).
- arm64: perf: Use the builtin_platform_driver (bsc#1062279).
- arm64: pmu: add fallback probe table (bsc#1062279).
- arm64: pmu: Hoist pmu platform device name (bsc#1062279).
- a ...
Description truncated, please see the referenced URL(s) for more information.
Affected Software/OS:
Linux Kernel on openSUSE Leap 42.3
Solution:
Please install the updated package(s).
CVSS Score:
6.9
CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
