| Description: | Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2017:0437-1 advisory.
Vulnerability Insight:
The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-94 to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2017-5551: tmpfs: clear S_ISGID when setting posix ACLs (bsc#1021258).
- CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations
where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations
or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device
NOTE: this vulnerability existed because of an incomplete fix for CVE-2016-9576 (bnc#1017710).
- CVE-2016-5696: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers
and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST
packet, especially in protocols that use long-lived connections, such as BGP (bnc#989152).
- CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provided an incomplete set of requirements for setattr
operations that underspecified removing extended privilege attributes, which allowed local users to cause a denial
of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove
a capability from the ping or Wireshark dumpcap program (bnc#914939).
- CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship
between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or
cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability
(bnc#1008831).
- CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could enable a local
malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate
because it first requires compromising a privileged process and current compiler optimizations restrict access to the
vulnerable code. (bnc#1014746).
- CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of
sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash)
or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system
call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531).
- CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of
sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash)
or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system
call with the (1) SO_SNDBUF or ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Server for SAP Applications 11-SP4.
Solution:
Please install the updated package(s).
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
