 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.4.2013.1749.1 |
| Category: | SuSE Local Security Checks |
| Title: | SUSE: Security Advisory (SUSE-SU-2013:1749-1) |
| Summary: | The remote host is missing an update for the 'Linux kernel' package(s) announced via the SUSE-SU-2013:1749-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'Linux kernel' package(s) announced via the SUSE-SU-2013:1749-1 advisory. Vulnerability Insight: The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to version 3.0.101 and also includes various other bug and security fixes. The following features have been added: * Drivers: hv: Support handling multiple VMBUS versions (FATE#314665). * Drivers: hv: Save and export negotiated vmbus version (FATE#314665). * Drivers: hv: Move vmbus version definitions to hyperv.h (FATE#314665). The following security issue has been fixed: * CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel did not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic. (bnc#826102) The following non-security bugs have been fixed: * mm, memcg: introduce own oom handler to iterate only over its own threads. * mm, memcg: move all oom handling to memcontrol.c. * mm, oom: avoid looping when chosen thread detaches its mm. * mm, oom: fold oom_kill_task() into oom_kill_process(). * mm, oom: introduce helper function to process threads during scan. * mm, oom: reduce dependency on tasklist_lock (Reduce tasklist_lock hold times) (bnc#821259). * mm: do not walk all of system memory during show_mem (Reduce tasklist_lock hold times) (bnc#821259). * iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets (bnc#844513). * x86/iommu/vt-d: Expand interrupt remapping quirk to cover x58 chipset (bnc#844513). * iommu/vt-d: Only warn about broken interrupt remapping (bnc#844513). * iommu: Remove stack trace from broken irq remapping warning (bnc#844513). * intel-iommu: Fix leaks in pagetable freeing (bnc#841402). * Revert aer_recover_queue() __GENKSYMS__ hack, add a fake symset with the previous value instead (bnc#847721). * i2c: ismt: initialize DMA buffer (bnc#843753). * powerpc/irq: Run softirqs off the top of the irq stack (bnc#847319). * quirks: add touchscreen that is dazzeled by remote wakeup (bnc#835930). * kernel: sclp console hangs (bnc#841498, LTC#95711). * tty/hvc_iucv: Disconnect IUCV connection when lowering DTR (bnc#839973,LTC#97595). * tty/hvc_console: Add DTR/RTS callback to handle HUPCL control (bnc#839973,LTC#97595). * softirq: reduce latencies (bnc#797526). * X.509: Remove certificate date checks (bnc#841656). * config/debug: Enable FSCACHE_DEBUG and CACHEFILES_DEBUG (bnc#837372). * splice: fix racy pipe->buffers uses (bnc#827246). * blktrace: fix race with open trace files and directory removal (bnc#832292). * rcu: Do not trigger false positive RCU stall detection (bnc#834204). * kernel: allow program interruption filtering in user space (bnc#837596, LTC#97332). * Audit: do not print error when LSMs disabled (bnc#842057). * SUNRPC: close a rare race in xs_tcp_setup_socket (bnc#794824). * Btrfs: fix negative ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'Linux kernel' package(s) on SUSE Linux Enterprise Desktop 11-SP3, SUSE Linux Enterprise High Availability Extension 11-SP3, SUSE Linux Enterprise Server 11-SP3. Solution: Please install the updated package(s). CVSS Score: 5.4 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-2206 DSA-2766 http://www.debian.org/security/2013/dsa-2766 RHSA-2013:1166 http://rhn.redhat.com/errata/RHSA-2013-1166.html RHSA-2013:1173 http://rhn.redhat.com/errata/RHSA-2013-1173.html SUSE-SU-2013:1744 http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00020.html SUSE-SU-2013:1748 http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00021.html SUSE-SU-2013:1749 http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00023.html SUSE-SU-2013:1750 http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00024.html USN-1939-1 http://www.ubuntu.com/usn/USN-1939-1 [oss-security] 20130620 Re: CVE Request -- Linux kernel: sctp: duplicate cookie handling NULL pointer dereference http://www.openwall.com/lists/oss-security/2013/06/21/1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f2815633504b442ca0b0605c16bf3d88a3a0fcea http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.5 https://bugzilla.redhat.com/show_bug.cgi?id=976562 https://github.com/torvalds/linux/commit/f2815633504b442ca0b0605c16bf3d88a3a0fcea openSUSE-SU-2013:1971 http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html |
| Copyright | Copyright (C) 2021 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |