SuSE Local Security Checks : SUSE: Security Advisory for Security (SUSE-SU-2015:0658-1)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.850900

Kategorie: SuSE Local Security Checks

Titel: SUSE: Security Advisory for Security (SUSE-SU-2015:0658-1)

Zusammenfassung: The remote host is missing an update for the 'Security'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'Security'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The SUSE Linux Enterprise Server 12 kernel was updated to 3.12.39 to
receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2015-0777: The XEN usb backend could leak information to the guest
system due to copying uninitialized memory.

- CVE-2015-2150: Xen and the Linux kernel did not properly restrict access
to PCI command registers, which might have allowed local guest users to
cause a denial of service (non-maskable interrupt and host crash) by
disabling the (1) memory or (2) I/O decoding for a PCI Express device
and then accessing the device, which triggers an Unsupported Request
(UR) response.

The following non-security bugs were fixed:

- Added Little Endian support to vtpm module (bsc#918620).

- Add support for pnfs block layout. Patches not included by default yet

- ALSA: hda - Fix regression of HD-audio controller fallback modes
(bsc#921313).

- btrfs: add missing blk_finish_plug in btrfs_sync_log() (bnc#922284).

- btrfs: cleanup orphans while looking up default subvolume (bsc#914818).

- btrfs: do not ignore errors from btrfs_lookup_xattr in do_setxattr
(bnc#922272).

- btrfs: fix BUG_ON in btrfs_orphan_add() when delete unused block group
(bnc#922278).

- btrfs: fix data loss in the fast fsync path (bnc#922275).

- btrfs: fix fsync data loss after adding hard link to inode (bnc#922275).

- cgroup: revert cgroup_mutex removal from idr_remove (bnc#918644).

- cifs: fix use-after-free bug in find_writable_file (bnc#909477).

- crypto: rng - RNGs must return 0 in success case (bsc#920805).

- crypto: testmgr - fix RNG return code enforcement (bsc#920805).

- exit: Always reap resource stats in __exit_signal() (Time scalability).

- fork: report pid reservation failure properly (bnc#909684).

- fsnotify: Fix handling of renames in audit (bnc#915200).

- HID: hyperv: match wait_for_completion_timeout return type.

- hv: address compiler warnings for hv_fcopy_daemon.c.

- hv: address compiler warnings for hv_kvp_daemon.c.

- hv: check vmbus_device_create() return value in vmbus_process_offer().

- hv: do not add redundant / in hv_start_fcopy().

- hv: hv_balloon: Do not post pressure status from interrupt context.

- hv: hv_balloon: Fix a locking bug in the balloon driver.

- hv: hv_balloon: Make adjustments in computing the floor.

- hv: hv_fcopy: drop the obsolete message on transfer failure.

- hv: kvp_daemon: make IPv6-only-injection work.

- hv: remove unused bytes_written from kvp_update_file().

- hv: rename sc_lock to the more generic lock ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
Security on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12

Solution:
Please install the updated package(s).

CVSS Score:
4.9

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-0777
BugTraq ID: 73921
http://www.securityfocus.com/bid/73921
SuSE Security Announcement: SUSE-SU-2015:0658 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00001.html
SuSE Security Announcement: SUSE-SU-2015:1478 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
SuSE Security Announcement: SUSE-SU-2015:1592 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html
SuSE Security Announcement: SUSE-SU-2015:1611 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-2150
BugTraq ID: 73014
http://www.securityfocus.com/bid/73014
Bugtraq: 20190813 [SECURITY] [DSA 4497-1] linux security update (Google Search)
https://seclists.org/bugtraq/2019/Aug/18
Debian Security Information: DSA-3237 (Google Search)
http://www.debian.org/security/2015/dsa-3237
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html
http://www.securitytracker.com/id/1031806
http://www.securitytracker.com/id/1031902
http://www.ubuntu.com/usn/USN-2631-1
http://www.ubuntu.com/usn/USN-2632-1

Copyright Copyright (C) 2015 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.850900
Kategorie:	SuSE Local Security Checks
Titel:	SUSE: Security Advisory for Security (SUSE-SU-2015:0658-1)
Zusammenfassung:	The remote host is missing an update for the 'Security'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'Security' package(s) announced via the referenced advisory. Vulnerability Insight: The SUSE Linux Enterprise Server 12 kernel was updated to 3.12.39 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-0777: The XEN usb backend could leak information to the guest system due to copying uninitialized memory. - CVE-2015-2150: Xen and the Linux kernel did not properly restrict access to PCI command registers, which might have allowed local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. The following non-security bugs were fixed: - Added Little Endian support to vtpm module (bsc#918620). - Add support for pnfs block layout. Patches not included by default yet - ALSA: hda - Fix regression of HD-audio controller fallback modes (bsc#921313). - btrfs: add missing blk_finish_plug in btrfs_sync_log() (bnc#922284). - btrfs: cleanup orphans while looking up default subvolume (bsc#914818). - btrfs: do not ignore errors from btrfs_lookup_xattr in do_setxattr (bnc#922272). - btrfs: fix BUG_ON in btrfs_orphan_add() when delete unused block group (bnc#922278). - btrfs: fix data loss in the fast fsync path (bnc#922275). - btrfs: fix fsync data loss after adding hard link to inode (bnc#922275). - cgroup: revert cgroup_mutex removal from idr_remove (bnc#918644). - cifs: fix use-after-free bug in find_writable_file (bnc#909477). - crypto: rng - RNGs must return 0 in success case (bsc#920805). - crypto: testmgr - fix RNG return code enforcement (bsc#920805). - exit: Always reap resource stats in __exit_signal() (Time scalability). - fork: report pid reservation failure properly (bnc#909684). - fsnotify: Fix handling of renames in audit (bnc#915200). - HID: hyperv: match wait_for_completion_timeout return type. - hv: address compiler warnings for hv_fcopy_daemon.c. - hv: address compiler warnings for hv_kvp_daemon.c. - hv: check vmbus_device_create() return value in vmbus_process_offer(). - hv: do not add redundant / in hv_start_fcopy(). - hv: hv_balloon: Do not post pressure status from interrupt context. - hv: hv_balloon: Fix a locking bug in the balloon driver. - hv: hv_balloon: Make adjustments in computing the floor. - hv: hv_fcopy: drop the obsolete message on transfer failure. - hv: kvp_daemon: make IPv6-only-injection work. - hv: remove unused bytes_written from kvp_update_file(). - hv: rename sc_lock to the more generic lock ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: Security on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12 Solution: Please install the updated package(s). CVSS Score: 4.9 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-0777 BugTraq ID: 73921 http://www.securityfocus.com/bid/73921 SuSE Security Announcement: SUSE-SU-2015:0658 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00001.html SuSE Security Announcement: SUSE-SU-2015:1478 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html SuSE Security Announcement: SUSE-SU-2015:1592 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html SuSE Security Announcement: SUSE-SU-2015:1611 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html Common Vulnerability Exposure (CVE) ID: CVE-2015-2150 BugTraq ID: 73014 http://www.securityfocus.com/bid/73014 Bugtraq: 20190813 [SECURITY] [DSA 4497-1] linux security update (Google Search) https://seclists.org/bugtraq/2019/Aug/18 Debian Security Information: DSA-3237 (Google Search) http://www.debian.org/security/2015/dsa-3237 http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html http://www.securitytracker.com/id/1031806 http://www.securitytracker.com/id/1031902 http://www.ubuntu.com/usn/USN-2631-1 http://www.ubuntu.com/usn/USN-2632-1
Copyright	Copyright (C) 2015 Greenbone Networks GmbH