Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2015.2108.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2015:2108-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2015:2108-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2015:2108-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to receive various security and bugfixes.
Following security bugs were fixed:
- CVE-2015-8104: Prevent guest to host DoS caused by infinite loop in
microcode via #DB exception (bsc#954404).
- CVE-2015-5307: Prevent guest to host DoS caused by infinite loop in
microcode via #AC exception (bsc#953527).
- CVE-2015-7990: RDS: Verify the underlying transport exists before
creating a connection, preventing possible DoS (bsc#952384).
- CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the
x86_64 platform mishandled IRET faults in processing NMIs that occurred
during userspace execution, which might have allowed local users to gain
privileges by triggering an NMI (bsc#938706).
- CVE-2015-7872: Possible crash when trying to garbage collect an
uninstantiated keyring (bsc#951440).
- CVE-2015-0272: Prevent remote DoS using IPv6 RA with bogus MTU by
validating before applying it (bsc#944296).
- CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in
the Linux kernel allowed local users to cause a denial of service (NULL
pointer dereference and system crash) or possibly have unspecified other
impact by using a socket that was not properly bound (bsc#945825).
- CVE-2015-6252: The vhost_dev_ioctl function in drivers/vhost/vhost.c in
the Linux kernel allowed local users to cause a denial of service
(memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggered
permanent file-descriptor allocation (bsc#942367).
The following non-security bugs were fixed:
- alsa: hda - Disable 64bit address for Creative HDA controllers
(bsc#814440).
- btrfs: fix hang when failing to submit bio of directIO (bsc#942688).
- btrfs: fix memory corruption on failure to submit bio for direct IO
(bsc#942688).
- btrfs: fix put dio bio twice when we submit dio bio fail (bsc#942688).
- dm sysfs: introduce ability to add writable attributes (bsc#904348).
- dm-snap: avoid deadock on s->lock when a read is split (bsc#939826).
- dm: do not start current request if it would have merged with the
previous (bsc#904348).
- dm: impose configurable deadline for dm_request_fn merge heuristic
(bsc#904348).
- drm/i915: (re)init HPD interrupt storm statistics (bsc#942938).
- drm/i915: Add HPD IRQ storm detection (v5) (bsc#942938).
- drm/i915: Add Reenable Timer to turn Hotplug Detection back on (v4)
(bsc#942938).
- drm/i915: Add bit field to record which pins have received HPD events
(v3) (bsc#942938).
- drm/i915: Add enum hpd_pin to intel_encoder (bsc#942938).
- drm/i915: Add messages useful for HPD storm detection debugging (v2)
(bsc#942938).
- drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt
(bsc#942938).
- drm/i915: Convert HPD interrupts to make use of HPD pin assignment in
encoders (v2) (bsc#942938).
- drm/i915: Disable HPD interrupt on pin when irq storm is detected (v3)
(bsc#942938)... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Software Development Kit 11-SP3, SUSE Linux Enterprise Server for VMWare 11-SP3, SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Desktop 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP3

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-0272
BugTraq ID: 76814
http://www.securityfocus.com/bid/76814
SuSE Security Announcement: SUSE-SU-2015:2108 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html
SuSE Security Announcement: SUSE-SU-2015:2194 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html
SuSE Security Announcement: SUSE-SU-2015:2292 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html
SuSE Security Announcement: SUSE-SU-2015:2339 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html
SuSE Security Announcement: SUSE-SU-2015:2350 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html
SuSE Security Announcement: SUSE-SU-2016:0354 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html
SuSE Security Announcement: SUSE-SU-2016:2074 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
http://www.ubuntu.com/usn/USN-2792-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-5157
BugTraq ID: 76005
http://www.securityfocus.com/bid/76005
Debian Security Information: DSA-3313 (Google Search)
http://www.debian.org/security/2015/dsa-3313
http://www.openwall.com/lists/oss-security/2015/07/22/7
RedHat Security Advisories: RHSA-2016:0185
http://rhn.redhat.com/errata/RHSA-2016-0185.html
RedHat Security Advisories: RHSA-2016:0212
http://rhn.redhat.com/errata/RHSA-2016-0212.html
RedHat Security Advisories: RHSA-2016:0224
http://rhn.redhat.com/errata/RHSA-2016-0224.html
RedHat Security Advisories: RHSA-2016:0715
http://rhn.redhat.com/errata/RHSA-2016-0715.html
SuSE Security Announcement: SUSE-SU-2015:1727 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html
http://www.ubuntu.com/usn/USN-2687-1
http://www.ubuntu.com/usn/USN-2688-1
http://www.ubuntu.com/usn/USN-2689-1
http://www.ubuntu.com/usn/USN-2690-1
http://www.ubuntu.com/usn/USN-2691-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-5307
BugTraq ID: 77528
http://www.securityfocus.com/bid/77528
Debian Security Information: DSA-3396 (Google Search)
http://www.debian.org/security/2015/dsa-3396
Debian Security Information: DSA-3414 (Google Search)
http://www.debian.org/security/2015/dsa-3414
Debian Security Information: DSA-3454 (Google Search)
http://www.debian.org/security/2016/dsa-3454
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html
http://www.openwall.com/lists/oss-security/2015/11/10/6
RedHat Security Advisories: RHSA-2015:2636
http://rhn.redhat.com/errata/RHSA-2015-2636.html
RedHat Security Advisories: RHSA-2015:2645
http://rhn.redhat.com/errata/RHSA-2015-2645.html
RedHat Security Advisories: RHSA-2016:0046
http://rhn.redhat.com/errata/RHSA-2016-0046.html
http://www.securitytracker.com/id/1034105
SuSE Security Announcement: openSUSE-SU-2015:2232 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html
SuSE Security Announcement: openSUSE-SU-2015:2250 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html
http://www.ubuntu.com/usn/USN-2800-1
http://www.ubuntu.com/usn/USN-2801-1
http://www.ubuntu.com/usn/USN-2802-1
http://www.ubuntu.com/usn/USN-2803-1
http://www.ubuntu.com/usn/USN-2804-1
http://www.ubuntu.com/usn/USN-2805-1
http://www.ubuntu.com/usn/USN-2806-1
http://www.ubuntu.com/usn/USN-2807-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-6252
BugTraq ID: 76400
http://www.securityfocus.com/bid/76400
Debian Security Information: DSA-3364 (Google Search)
http://www.debian.org/security/2015/dsa-3364
http://www.openwall.com/lists/oss-security/2015/08/18/3
http://www.securitytracker.com/id/1033666
http://www.ubuntu.com/usn/USN-2748-1
http://www.ubuntu.com/usn/USN-2749-1
http://www.ubuntu.com/usn/USN-2751-1
http://www.ubuntu.com/usn/USN-2752-1
http://www.ubuntu.com/usn/USN-2759-1
http://www.ubuntu.com/usn/USN-2760-1
http://www.ubuntu.com/usn/USN-2777-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-6937
BugTraq ID: 76767
http://www.securityfocus.com/bid/76767
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167358.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168447.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168539.html
http://www.openwall.com/lists/oss-security/2015/09/14/3
http://www.securitytracker.com/id/1034453
SuSE Security Announcement: SUSE-SU-2016:0335 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html
SuSE Security Announcement: SUSE-SU-2016:0337 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html
SuSE Security Announcement: SUSE-SU-2016:0380 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html
SuSE Security Announcement: SUSE-SU-2016:0381 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html
SuSE Security Announcement: SUSE-SU-2016:0383 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html
SuSE Security Announcement: SUSE-SU-2016:0384 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html
SuSE Security Announcement: SUSE-SU-2016:0386 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html
SuSE Security Announcement: SUSE-SU-2016:0387 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html
SuSE Security Announcement: SUSE-SU-2016:0434 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html
http://www.ubuntu.com/usn/USN-2773-1
http://www.ubuntu.com/usn/USN-2774-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-7872
BugTraq ID: 77544
http://www.securityfocus.com/bid/77544
HPdes Security Advisory: HPSBGN03565
http://marc.info/?l=bugtraq&m=145975164525836&w=2
http://www.openwall.com/lists/oss-security/2015/10/20/6
http://www.securitytracker.com/id/1034472
SuSE Security Announcement: openSUSE-SU-2016:1008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html
http://www.ubuntu.com/usn/USN-2823-1
http://www.ubuntu.com/usn/USN-2824-1
http://www.ubuntu.com/usn/USN-2826-1
http://www.ubuntu.com/usn/USN-2829-1
http://www.ubuntu.com/usn/USN-2829-2
http://www.ubuntu.com/usn/USN-2840-1
http://www.ubuntu.com/usn/USN-2840-2
http://www.ubuntu.com/usn/USN-2843-1
http://www.ubuntu.com/usn/USN-2843-2
http://www.ubuntu.com/usn/USN-2843-3
Common Vulnerability Exposure (CVE) ID: CVE-2015-7990
BugTraq ID: 77340
http://www.securityfocus.com/bid/77340
https://lkml.org/lkml/2015/10/16/530
http://www.openwall.com/lists/oss-security/2015/10/27/5
http://www.ubuntu.com/usn/USN-2886-1
http://www.ubuntu.com/usn/USN-2887-1
http://www.ubuntu.com/usn/USN-2887-2
http://www.ubuntu.com/usn/USN-2888-1
http://www.ubuntu.com/usn/USN-2889-1
http://www.ubuntu.com/usn/USN-2889-2
http://www.ubuntu.com/usn/USN-2890-1
http://www.ubuntu.com/usn/USN-2890-2
http://www.ubuntu.com/usn/USN-2890-3
Common Vulnerability Exposure (CVE) ID: CVE-2015-8104
BugTraq ID: 77524
http://www.securityfocus.com/bid/77524
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
Debian Security Information: DSA-3426 (Google Search)
http://www.debian.org/security/2015/dsa-3426
http://www.openwall.com/lists/oss-security/2015/11/10/5
http://www.ubuntu.com/usn/USN-2841-1
http://www.ubuntu.com/usn/USN-2841-2
http://www.ubuntu.com/usn/USN-2842-1
http://www.ubuntu.com/usn/USN-2842-2
http://www.ubuntu.com/usn/USN-2844-1
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.