Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2012.0689.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2012:0689-1)
Summary:The remote host is missing an update for the 'kernel update for SLE11 SP2' package(s) announced via the SUSE-SU-2012:0689-1 advisory.
Description:Summary:
The remote host is missing an update for the 'kernel update for SLE11 SP2' package(s) announced via the SUSE-SU-2012:0689-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.31, fixing lots of bugs and security issues.

Various security and bug fixes contained in the Linux 3.0 stable releases 3.0.27 up to 3.0.31 are included, but not explicitly listed below.

Following security issues were fixed: CVE-2012-2313: The dl2k network card driver lacked permission handling for some ethtool ioctls, which could allow local attackers to start/stop the network card.

CVE-2012-2133: A use after free bug in hugetlb support could be used by local attackers to crash the system.

CVE-2012-2127: Various leaks in namespace handling over fork where fixed, which could be exploited by e.g. vsftpd access by remote users.

CVE-2012-2319: A memory corruption when mounting a hfsplus filesystem was fixed that could be used by local attackers able to mount filesystem to crash the system.

Following non security bugs were fixed by this update:
BTRFS:
- btrfs: partial revert of truncation improvements
(bnc#748463 bnc#760279).
- btrfs: fix eof while discarding extents
- btrfs: check return value of bio_alloc() properly
- btrfs: return void from clear_state_bit
- btrfs: avoid possible use-after-free in clear_extent_bit()
- btrfs: Make free_ipath() deal gracefully with NULL
pointers
- btrfs: do not call free_extent_buffer twice in
iterate_irefs
- btrfs: add missing read locks in backref.c
- btrfs: fix max chunk size check in chunk allocator
- btrfs: double unlock bug in error handling
- btrfs: do not return EINTR
- btrfs: fix btrfs_ioctl_dev_info() crash on missing device
- btrfs: fix that check_int_data mount option was ignored
- btrfs: do not mount when we have a sectorsize unequal to
PAGE_SIZE
- btrfs: avoid possible use-after-free in clear_extent_bit()
- btrfs: retrurn void from clear_state_bit
- btrfs: Fix typo in free-space-cache.c
- btrfs: remove the ideal caching code
- btrfs: remove search_start and search_end from
find_free_extent and callers
- btrfs: adjust the write_lock_level as we unlock
- btrfs: actually call btrfs_init_lockdep
- btrfs: fix regression in scrub path resolving
- btrfs: show useful info in space reservation tracepoint
- btrfs: flush out and clean up any block device pages
during mount
- btrfs: fix deadlock during allocating chunks
- btrfs: fix race between direct io and autodefrag
- btrfs: fix the mismatch of page->mapping
- btrfs: fix recursive defragment with autodefrag option
- btrfs: add a check to decide if we should defrag the range
- btrfs: do not bother to defrag an extent if it is a big
real extent
- btrfs: update to the right index of defragment
- btrfs: Fix use-after-free in __btrfs_end_transaction
- btrfs: stop silently switching single chunks to raid0 on
balance
- btrfs: add wrappers for working with alloc profiles
- btrfs: make profile_is_valid() check more strict
- btrfs: move alloc_profile_is_valid() to volumes.c
- btrfs: add get_restripe_target() helper
- btrfs: a... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'kernel update for SLE11 SP2' package(s) on SUSE Linux Enterprise Server 11 SP2, SUSE Linux Enterprise High Availability Extension 11 SP2, SUSE Linux Enterprise Desktop 11 SP2, SLE 11

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-2127
BugTraq ID: 55774
http://www.securityfocus.com/bid/55774
http://www.openwall.com/lists/oss-security/2012/04/20/25
http://www.openwall.com/lists/oss-security/2012/04/22/1
http://www.ubuntu.com/usn/USN-1594-1
http://ubuntu.com/usn/usn-1607-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-2133
BugTraq ID: 53233
http://www.securityfocus.com/bid/53233
Debian Security Information: DSA-2469 (Google Search)
http://www.debian.org/security/2012/dsa-2469
http://www.openwall.com/lists/oss-security/2012/04/24/12
SuSE Security Announcement: SUSE-SU-2012:0616 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html
XForce ISS Database: linux-kernel-hugepages-dos(75168)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75168
Common Vulnerability Exposure (CVE) ID: CVE-2012-2313
BugTraq ID: 53965
http://www.securityfocus.com/bid/53965
HPdes Security Advisory: HPSBGN02970
http://marc.info/?l=bugtraq&m=139447903326211&w=2
http://www.openwall.com/lists/oss-security/2012/05/04/8
RedHat Security Advisories: RHSA-2012:1174
http://rhn.redhat.com/errata/RHSA-2012-1174.html
RedHat Security Advisories: RHSA-2012:1481
http://rhn.redhat.com/errata/RHSA-2012-1481.html
RedHat Security Advisories: RHSA-2012:1541
http://rhn.redhat.com/errata/RHSA-2012-1541.html
RedHat Security Advisories: RHSA-2012:1589
http://rhn.redhat.com/errata/RHSA-2012-1589.html
SuSE Security Announcement: SUSE-SU-2015:0812 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-2319
http://www.openwall.com/lists/oss-security/2012/05/07/11
RedHat Security Advisories: RHSA-2012:1323
http://rhn.redhat.com/errata/RHSA-2012-1323.html
RedHat Security Advisories: RHSA-2012:1347
http://rhn.redhat.com/errata/RHSA-2012-1347.html
http://secunia.com/advisories/50811
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.