SuSE Local Security Checks : openSUSE: Security Advisory for kernel (openSUSE-SU-2017:2169-1)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.851594

Kategorie: SuSE Local Security Checks

Titel: openSUSE: Security Advisory for kernel (openSUSE-SU-2017:2169-1)

Zusammenfassung: The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The openSUSE Leap 42.2 kernel was updated to receive various security and
bugfixes.

The following security bugs were fixed:

- CVE-2017-1000111: Fixed a race condition in net-packet code that could
be exploited to cause out-of-bounds memory access (bsc#1052365).

- CVE-2017-1000112: Fixed a race condition in net-packet code that could
have been exploited by unprivileged users to gain root access.
(bsc#1052311).

- CVE-2017-8831: The saa7164_bus_get function in
drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed
local users to cause a denial of service (out-of-bounds array access) or
possibly have unspecified other impact by changing a certain
sequence-number value, aka a 'double fetch' vulnerability (bnc#1037994).

The following non-security bugs were fixed:

- IB/hfi1: Wait for QSFP modules to initialize (bsc#1019151).

- bcache: force trigger gc (bsc#1038078).

- bcache: only recovery I/O error for writethrough mode (bsc#1043652).

- block: do not allow updates through sysfs until registration completes
(bsc#1047027).

- ibmvnic: Check for transport event on driver resume (bsc#1051556,
bsc#1052709).

- ibmvnic: Initialize SCRQ's during login renegotiation (bsc#1052223).

- ibmvnic: Report rx buffer return codes as netdev_dbg (bsc#1052794).

- iommu/amd: Fix schedule-while-atomic BUG in initialization code
(bsc1052533).

- libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1023175).

- libnvdimm: fix badblock range handling of ARS range (bsc#1023175).

- qeth: fix L3 next-hop im xmit qeth hdr (bnc#1052773, LTC#157374).

- scsi_devinfo: fixup string compare (bsc#1037404).

- scsi_dh_alua: suppress errors from unsupported devices (bsc#1038792).

- vfs: fix missing inode_get_dev sites (bsc#1052049).

- x86/dmi: Switch dmi_remap() from ioremap() to ioremap_cache()
(bsc#1051399).

Affected Software/OS:
Linux Kernel on openSUSE Leap 42.2

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-8831
BugTraq ID: 99619
http://www.securityfocus.com/bid/99619
http://www.securityfocus.com/archive/1/540770/30/0/threaded
https://bugzilla.kernel.org/show_bug.cgi?id=195559
https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
https://usn.ubuntu.com/3754-1/

Copyright Copyright (C) 2017 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.851594
Kategorie:	SuSE Local Security Checks
Titel:	openSUSE: Security Advisory for kernel (openSUSE-SU-2017:2169-1)
Zusammenfassung:	The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the referenced advisory. Vulnerability Insight: The openSUSE Leap 42.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000111: Fixed a race condition in net-packet code that could be exploited to cause out-of-bounds memory access (bsc#1052365). - CVE-2017-1000112: Fixed a race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bsc#1052311). - CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a 'double fetch' vulnerability (bnc#1037994). The following non-security bugs were fixed: - IB/hfi1: Wait for QSFP modules to initialize (bsc#1019151). - bcache: force trigger gc (bsc#1038078). - bcache: only recovery I/O error for writethrough mode (bsc#1043652). - block: do not allow updates through sysfs until registration completes (bsc#1047027). - ibmvnic: Check for transport event on driver resume (bsc#1051556, bsc#1052709). - ibmvnic: Initialize SCRQ's during login renegotiation (bsc#1052223). - ibmvnic: Report rx buffer return codes as netdev_dbg (bsc#1052794). - iommu/amd: Fix schedule-while-atomic BUG in initialization code (bsc1052533). - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1023175). - libnvdimm: fix badblock range handling of ARS range (bsc#1023175). - qeth: fix L3 next-hop im xmit qeth hdr (bnc#1052773, LTC#157374). - scsi_devinfo: fixup string compare (bsc#1037404). - scsi_dh_alua: suppress errors from unsupported devices (bsc#1038792). - vfs: fix missing inode_get_dev sites (bsc#1052049). - x86/dmi: Switch dmi_remap() from ioremap() to ioremap_cache() (bsc#1051399). Affected Software/OS: Linux Kernel on openSUSE Leap 42.2 Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-8831 BugTraq ID: 99619 http://www.securityfocus.com/bid/99619 http://www.securityfocus.com/archive/1/540770/30/0/threaded https://bugzilla.kernel.org/show_bug.cgi?id=195559 https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://usn.ubuntu.com/3754-1/
Copyright	Copyright (C) 2017 Greenbone Networks GmbH