Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.851179
Categoría:SuSE Local Security Checks
Título:openSUSE: Security Advisory for kernel (openSUSE-SU-2016:0280-1)
Resumen:The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.
Descripción:Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The Linux kernel for openSUSE Leap 42.1 was updated to the 4.1.15 stable
release, and also includes security and bugfixes.

The following security bugs were fixed:

- CVE-2016-0728: A reference leak in keyring handling with
join_session_keyring() could lead to local attackers gain root
privileges. (bsc#962075).

- CVE-2015-7550: A local user could have triggered a race between read and
revoke in keyctl (bnc#958951).

- CVE-2015-8767: A case can occur when sctp_accept() is called by the user
during a heartbeat timeout event after the 4-way handshake. Since
sctp_assoc_migrate() changes both assoc- base.sk and assoc- ep, the
bh_sock_lock in sctp_generate_heartbeat_event() will be taken with the
listening socket but released with the new association socket. The
result is a deadlock on any future attempts to take the listening socket
lock. (bsc#961509)

- CVE-2015-8539: A negatively instantiated user key could have been used
by a local user to leverage privileges (bnc#958463).

- CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in
drivers/net/ppp/pptp.c in the Linux kernel did not verify an address
length, which allowed local users to obtain sensitive information from
kernel memory and bypass the KASLR protection mechanism via a crafted
application (bnc#959190).

- CVE-2015-8543: The networking implementation in the Linux kernel did not
validate protocol identifiers for certain protocol families, which
allowed local users to cause a denial of service (NULL function pointer
dereference and system crash) or possibly gain privileges by leveraging
CLONE_NEWUSER support to execute a crafted SOCK_RAW application
(bnc#958886).

- CVE-2015-8575: Validate socket address length in sco_sock_bind() to
prevent information leak (bsc#959399).

- CVE-2015-8551, CVE-2015-8552: xen/pciback: For
XEN_PCI_OP_disable_msi[x] only disable if device has MSI(X) enabled
(bsc#957990).

- CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers
could have lead to double fetch vulnerabilities, causing denial of
service or arbitrary code execution (depending on the configuration)
(bsc#957988).

The following non-security bugs were fixed:

- ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd (bsc#958439).

- ALSA: hda - Apply click noise workaround for Thinkpads generically
(bsc#958439).

- ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504).

- ALSA: hda - Flush the pending probe work at remove (boo#960710).

- ALSA: hda - Set codec to D3 at reboot/shutdown on Thinkpads (bsc#958439).

- Add Cavium Thunderx network enha ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
Linux Kernel on openSUSE Leap 42.1

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-7550
BugTraq ID: 79903
http://www.securityfocus.com/bid/79903
Debian Security Information: DSA-3434 (Google Search)
http://www.debian.org/security/2016/dsa-3434
SuSE Security Announcement: SUSE-SU-2016:0911 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html
SuSE Security Announcement: SUSE-SU-2016:1102 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html
SuSE Security Announcement: SUSE-SU-2016:2074 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
http://www.ubuntu.com/usn/USN-2888-1
http://www.ubuntu.com/usn/USN-2890-1
http://www.ubuntu.com/usn/USN-2890-2
http://www.ubuntu.com/usn/USN-2890-3
http://www.ubuntu.com/usn/USN-2911-1
http://www.ubuntu.com/usn/USN-2911-2
Common Vulnerability Exposure (CVE) ID: CVE-2015-8539
http://www.openwall.com/lists/oss-security/2015/12/09/1
RedHat Security Advisories: RHSA-2018:0151
https://access.redhat.com/errata/RHSA-2018:0151
RedHat Security Advisories: RHSA-2018:0152
https://access.redhat.com/errata/RHSA-2018:0152
RedHat Security Advisories: RHSA-2018:0181
https://access.redhat.com/errata/RHSA-2018:0181
SuSE Security Announcement: SUSE-SU-2016:0335 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html
SuSE Security Announcement: SUSE-SU-2016:0336 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00008.html
SuSE Security Announcement: SUSE-SU-2016:0337 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html
SuSE Security Announcement: SUSE-SU-2016:0339 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00011.html
SuSE Security Announcement: SUSE-SU-2016:0380 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html
SuSE Security Announcement: SUSE-SU-2016:0381 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html
SuSE Security Announcement: SUSE-SU-2016:0383 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html
SuSE Security Announcement: SUSE-SU-2016:0384 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html
SuSE Security Announcement: SUSE-SU-2016:0386 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html
SuSE Security Announcement: SUSE-SU-2016:0387 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html
SuSE Security Announcement: SUSE-SU-2016:0434 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html
SuSE Security Announcement: SUSE-SU-2016:1937 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html
https://usn.ubuntu.com/3798-1/
https://usn.ubuntu.com/3798-2/
Common Vulnerability Exposure (CVE) ID: CVE-2015-8543
BugTraq ID: 79698
http://www.securityfocus.com/bid/79698
Debian Security Information: DSA-3426 (Google Search)
http://www.debian.org/security/2015/dsa-3426
http://www.openwall.com/lists/oss-security/2015/12/09/5
RedHat Security Advisories: RHSA-2016:0855
http://rhn.redhat.com/errata/RHSA-2016-0855.html
RedHat Security Advisories: RHSA-2016:2574
http://rhn.redhat.com/errata/RHSA-2016-2574.html
RedHat Security Advisories: RHSA-2016:2584
http://rhn.redhat.com/errata/RHSA-2016-2584.html
http://www.securitytracker.com/id/1034892
http://www.ubuntu.com/usn/USN-2886-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-8550
BugTraq ID: 79592
http://www.securityfocus.com/bid/79592
Debian Security Information: DSA-3471 (Google Search)
http://www.debian.org/security/2016/dsa-3471
Debian Security Information: DSA-3519 (Google Search)
http://www.debian.org/security/2016/dsa-3519
https://security.gentoo.org/glsa/201604-03
http://www.securitytracker.com/id/1034479
SuSE Security Announcement: SUSE-SU-2016:1764 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-8551
BugTraq ID: 79546
http://www.securityfocus.com/bid/79546
http://www.securitytracker.com/id/1034480
SuSE Security Announcement: SUSE-SU-2016:1707 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html
SuSE Security Announcement: SUSE-SU-2016:2105 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html
SuSE Security Announcement: openSUSE-SU-2016:2184 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-8552
Common Vulnerability Exposure (CVE) ID: CVE-2015-8569
BugTraq ID: 79428
http://www.securityfocus.com/bid/79428
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html
http://twitter.com/grsecurity/statuses/676744240802750464
https://lkml.org/lkml/2015/12/14/252
http://www.openwall.com/lists/oss-security/2015/12/15/11
http://www.securitytracker.com/id/1034549
Common Vulnerability Exposure (CVE) ID: CVE-2015-8575
BugTraq ID: 79724
http://www.securityfocus.com/bid/79724
http://www.openwall.com/lists/oss-security/2015/12/16/3
Common Vulnerability Exposure (CVE) ID: CVE-2015-8767
BugTraq ID: 80268
http://www.securityfocus.com/bid/80268
Debian Security Information: DSA-3448 (Google Search)
http://www.debian.org/security/2016/dsa-3448
Debian Security Information: DSA-3503 (Google Search)
http://www.debian.org/security/2016/dsa-3503
http://www.openwall.com/lists/oss-security/2016/01/11/4
RedHat Security Advisories: RHSA-2016:0715
http://rhn.redhat.com/errata/RHSA-2016-0715.html
RedHat Security Advisories: RHSA-2016:1277
https://access.redhat.com/errata/RHSA-2016:1277
RedHat Security Advisories: RHSA-2016:1301
https://access.redhat.com/errata/RHSA-2016:1301
RedHat Security Advisories: RHSA-2016:1341
https://access.redhat.com/errata/RHSA-2016:1341
SuSE Security Announcement: openSUSE-SU-2016:1008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html
http://www.ubuntu.com/usn/USN-2930-1
http://www.ubuntu.com/usn/USN-2930-2
http://www.ubuntu.com/usn/USN-2930-3
http://www.ubuntu.com/usn/USN-2931-1
http://www.ubuntu.com/usn/USN-2932-1
http://www.ubuntu.com/usn/USN-2967-1
http://www.ubuntu.com/usn/USN-2967-2
Common Vulnerability Exposure (CVE) ID: CVE-2016-0728
BugTraq ID: 81054
http://www.securityfocus.com/bid/81054
https://www.exploit-db.com/exploits/39277/
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.html
HPdes Security Advisory: HPSBHF03436
https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05018265
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
http://www.openwall.com/lists/oss-security/2016/01/19/2
RedHat Security Advisories: RHSA-2016:0064
http://rhn.redhat.com/errata/RHSA-2016-0064.html
RedHat Security Advisories: RHSA-2016:0065
http://rhn.redhat.com/errata/RHSA-2016-0065.html
RedHat Security Advisories: RHSA-2016:0068
http://rhn.redhat.com/errata/RHSA-2016-0068.html
http://www.securitytracker.com/id/1034701
SuSE Security Announcement: SUSE-SU-2016:0205 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00026.html
SuSE Security Announcement: SUSE-SU-2016:0341 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00012.html
SuSE Security Announcement: SUSE-SU-2016:0745 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html
SuSE Security Announcement: SUSE-SU-2016:0746 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html
SuSE Security Announcement: SUSE-SU-2016:0747 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html
SuSE Security Announcement: SUSE-SU-2016:0750 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html
SuSE Security Announcement: SUSE-SU-2016:0751 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html
SuSE Security Announcement: SUSE-SU-2016:0752 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html
SuSE Security Announcement: SUSE-SU-2016:0753 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html
SuSE Security Announcement: SUSE-SU-2016:0755 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html
SuSE Security Announcement: SUSE-SU-2016:0756 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html
SuSE Security Announcement: SUSE-SU-2016:0757 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html
http://www.ubuntu.com/usn/USN-2870-1
http://www.ubuntu.com/usn/USN-2870-2
http://www.ubuntu.com/usn/USN-2871-1
http://www.ubuntu.com/usn/USN-2871-2
http://www.ubuntu.com/usn/USN-2872-1
http://www.ubuntu.com/usn/USN-2872-2
http://www.ubuntu.com/usn/USN-2872-3
http://www.ubuntu.com/usn/USN-2873-1
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.