Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2017.2525.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2017:2525-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2017:2525-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2017:2525-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2016-5243: The tipc_nl_compat_link_dump function in
net/tipc/netlink_compat.c in the Linux kernel did not properly copy a
certain string, which allowed local users to obtain sensitive
information from kernel stack memory by reading a Netlink message
(bnc#983212)
- CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in
the Linux kernel allowed local users to gain privileges or cause a
denial of service (use-after-free) by making multiple bind system calls
without properly ascertaining whether a socket has the SOCK_ZAPPED
status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c
(bnc#1028415)
- CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local
users to gain privileges or cause a denial of service (NULL pointer
dereference and system crash) via vectors involving a NULL value for a
certain match field, related to the keyring_search_iterator function in
keyring.c (bsc#1030593).
- CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux
kernel was too late in obtaining a certain lock and consequently could
not ensure that disconnect function calls are safe, which allowed local
users to cause a denial of service (panic) by leveraging access to the
protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003)
- CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel
did not restrict the address calculated by a certain rounding operation,
which allowed local users to map page zero, and consequently bypass a
protection mechanism that exists for the mmap system call, by making
crafted shmget and shmat system calls in a privileged context
(bnc#1026914)
- CVE-2017-5970: The ipv4_pktinfo_prepare function in
net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a
denial of service (system crash) via (1) an application that made
crafted system calls or possibly (2) IPv4 traffic with invalid IP
options (bsc#1024938)
- CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in
net/sctp/socket.c in the Linux kernel allowed local users to cause a
denial of service (assertion failure and panic) via a multithreaded
application that peels off an association in a certain buffer-full state
(bsc#1025235)
- CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c
in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures
in the LISTEN state, which allowed local users to obtain root privileges
or cause a denial of service (double free) via an application that made
an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024)
- CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the
Linux kernel allowed remote attackers to cause a denial of service
(infinite loop and soft lockup) via vectors ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP3

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-5243
BugTraq ID: 91334
http://www.securityfocus.com/bid/91334
Debian Security Information: DSA-3607 (Google Search)
http://www.debian.org/security/2016/dsa-3607
http://www.openwall.com/lists/oss-security/2016/06/03/4
http://www.ubuntu.com/usn/USN-3049-1
http://www.ubuntu.com/usn/USN-3050-1
http://www.ubuntu.com/usn/USN-3051-1
http://www.ubuntu.com/usn/USN-3052-1
http://www.ubuntu.com/usn/USN-3053-1
http://www.ubuntu.com/usn/USN-3054-1
http://www.ubuntu.com/usn/USN-3055-1
http://www.ubuntu.com/usn/USN-3056-1
http://www.ubuntu.com/usn/USN-3057-1
Common Vulnerability Exposure (CVE) ID: CVE-2017-2647
BugTraq ID: 97258
http://www.securityfocus.com/bid/97258
RedHat Security Advisories: RHSA-2017:1842
https://access.redhat.com/errata/RHSA-2017:1842
RedHat Security Advisories: RHSA-2017:2077
https://access.redhat.com/errata/RHSA-2017:2077
RedHat Security Advisories: RHSA-2017:2437
https://access.redhat.com/errata/RHSA-2017:2437
RedHat Security Advisories: RHSA-2017:2444
https://access.redhat.com/errata/RHSA-2017:2444
https://usn.ubuntu.com/3849-1/
https://usn.ubuntu.com/3849-2/
Common Vulnerability Exposure (CVE) ID: CVE-2017-2671
BugTraq ID: 97407
http://www.securityfocus.com/bid/97407
https://www.exploit-db.com/exploits/42135/
https://github.com/danieljiang0415/android_kernel_crash_poc
https://twitter.com/danieljiang0415/status/845116665184497664
http://openwall.com/lists/oss-security/2017/04/04/8
RedHat Security Advisories: RHSA-2017:2669
https://access.redhat.com/errata/RHSA-2017:2669
RedHat Security Advisories: RHSA-2018:1854
https://access.redhat.com/errata/RHSA-2018:1854
https://usn.ubuntu.com/3754-1/
Common Vulnerability Exposure (CVE) ID: CVE-2017-5669
BugTraq ID: 96754
http://www.securityfocus.com/bid/96754
Debian Security Information: DSA-3804 (Google Search)
http://www.debian.org/security/2017/dsa-3804
https://bugzilla.kernel.org/show_bug.cgi?id=192931
https://github.com/torvalds/linux/commit/95e91b831f87ac8e1f8ed50c14d709089b4e01b8
https://github.com/torvalds/linux/commit/e1d35d4dc7f089e6c9c080d556feedf9c706f0c7
http://www.securitytracker.com/id/1037918
https://usn.ubuntu.com/3583-1/
https://usn.ubuntu.com/3583-2/
Common Vulnerability Exposure (CVE) ID: CVE-2017-5970
BugTraq ID: 96233
http://www.securityfocus.com/bid/96233
Debian Security Information: DSA-3791 (Google Search)
http://www.debian.org/security/2017/dsa-3791
http://www.openwall.com/lists/oss-security/2017/02/12/3
Common Vulnerability Exposure (CVE) ID: CVE-2017-5986
BugTraq ID: 96222
http://www.securityfocus.com/bid/96222
http://www.openwall.com/lists/oss-security/2017/02/14/6
RedHat Security Advisories: RHSA-2017:1308
https://access.redhat.com/errata/RHSA-2017:1308
Common Vulnerability Exposure (CVE) ID: CVE-2017-6074
BugTraq ID: 96310
http://www.securityfocus.com/bid/96310
https://www.exploit-db.com/exploits/41457/
https://www.exploit-db.com/exploits/41458/
http://www.openwall.com/lists/oss-security/2017/02/22/3
RedHat Security Advisories: RHSA-2017:0293
http://rhn.redhat.com/errata/RHSA-2017-0293.html
RedHat Security Advisories: RHSA-2017:0294
http://rhn.redhat.com/errata/RHSA-2017-0294.html
RedHat Security Advisories: RHSA-2017:0295
http://rhn.redhat.com/errata/RHSA-2017-0295.html
RedHat Security Advisories: RHSA-2017:0316
http://rhn.redhat.com/errata/RHSA-2017-0316.html
RedHat Security Advisories: RHSA-2017:0323
http://rhn.redhat.com/errata/RHSA-2017-0323.html
RedHat Security Advisories: RHSA-2017:0324
http://rhn.redhat.com/errata/RHSA-2017-0324.html
RedHat Security Advisories: RHSA-2017:0345
http://rhn.redhat.com/errata/RHSA-2017-0345.html
RedHat Security Advisories: RHSA-2017:0346
http://rhn.redhat.com/errata/RHSA-2017-0346.html
RedHat Security Advisories: RHSA-2017:0347
http://rhn.redhat.com/errata/RHSA-2017-0347.html
RedHat Security Advisories: RHSA-2017:0365
http://rhn.redhat.com/errata/RHSA-2017-0365.html
RedHat Security Advisories: RHSA-2017:0366
http://rhn.redhat.com/errata/RHSA-2017-0366.html
RedHat Security Advisories: RHSA-2017:0403
http://rhn.redhat.com/errata/RHSA-2017-0403.html
RedHat Security Advisories: RHSA-2017:0501
http://rhn.redhat.com/errata/RHSA-2017-0501.html
RedHat Security Advisories: RHSA-2017:0932
https://access.redhat.com/errata/RHSA-2017:0932
RedHat Security Advisories: RHSA-2017:1209
https://access.redhat.com/errata/RHSA-2017:1209
http://www.securitytracker.com/id/1037876
Common Vulnerability Exposure (CVE) ID: CVE-2017-6214
BugTraq ID: 96421
http://www.securityfocus.com/bid/96421
RedHat Security Advisories: RHSA-2017:1372
https://access.redhat.com/errata/RHSA-2017:1372
RedHat Security Advisories: RHSA-2017:1615
https://access.redhat.com/errata/RHSA-2017:1615
RedHat Security Advisories: RHSA-2017:1616
https://access.redhat.com/errata/RHSA-2017:1616
RedHat Security Advisories: RHSA-2017:1647
https://access.redhat.com/errata/RHSA-2017:1647
http://www.securitytracker.com/id/1037897
Common Vulnerability Exposure (CVE) ID: CVE-2017-6348
BugTraq ID: 96483
http://www.securityfocus.com/bid/96483
http://www.openwall.com/lists/oss-security/2017/02/28/4
Common Vulnerability Exposure (CVE) ID: CVE-2017-6353
BugTraq ID: 96473
http://www.securityfocus.com/bid/96473
http://www.openwall.com/lists/oss-security/2017/02/27/2
Common Vulnerability Exposure (CVE) ID: CVE-2017-6951
BugTraq ID: 96943
http://www.securityfocus.com/bid/96943
http://www.spinics.net/lists/keyrings/msg01845.html
http://www.spinics.net/lists/keyrings/msg01846.html
http://www.spinics.net/lists/keyrings/msg01849.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-7184
BugTraq ID: 97018
http://www.securityfocus.com/bid/97018
http://www.eweek.com/security/ubuntu-linux-falls-on-day-1-of-pwn2own-hacking-competition
https://blog.trendmicro.com/results-pwn2own-2017-day-one/
https://twitter.com/thezdi/status/842126074435665920
RedHat Security Advisories: RHSA-2017:2918
https://access.redhat.com/errata/RHSA-2017:2918
RedHat Security Advisories: RHSA-2017:2930
https://access.redhat.com/errata/RHSA-2017:2930
RedHat Security Advisories: RHSA-2017:2931
https://access.redhat.com/errata/RHSA-2017:2931
RedHat Security Advisories: RHSA-2019:4159
https://access.redhat.com/errata/RHSA-2019:4159
http://www.securitytracker.com/id/1038166
Common Vulnerability Exposure (CVE) ID: CVE-2017-7187
BugTraq ID: 96989
http://www.securityfocus.com/bid/96989
https://gist.github.com/dvyukov/48ad14e84de45b0be92b7f0eda20ff1b
https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.11/scsi-fixes&id=bf33f87dd04c371ea33feb821b60d63d754e3124
http://www.securitytracker.com/id/1038086
Common Vulnerability Exposure (CVE) ID: CVE-2017-7261
BugTraq ID: 97096
http://www.securityfocus.com/bid/97096
http://marc.info/?t=149037004200005&r=1&w=2
https://bugzilla.redhat.com/show_bug.cgi?id=1435719
https://lists.freedesktop.org/archives/dri-devel/2017-March/136814.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-7294
BugTraq ID: 97177
http://www.securityfocus.com/bid/97177
https://bugzilla.redhat.com/show_bug.cgi?id=1436798
https://lists.freedesktop.org/archives/dri-devel/2017-March/137094.html
RedHat Security Advisories: RHSA-2018:0676
https://access.redhat.com/errata/RHSA-2018:0676
RedHat Security Advisories: RHSA-2018:1062
https://access.redhat.com/errata/RHSA-2018:1062
Common Vulnerability Exposure (CVE) ID: CVE-2017-7308
BugTraq ID: 97234
http://www.securityfocus.com/bid/97234
https://www.exploit-db.com/exploits/41994/
https://www.exploit-db.com/exploits/44654/
https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html
RedHat Security Advisories: RHSA-2017:1297
https://access.redhat.com/errata/RHSA-2017:1297
RedHat Security Advisories: RHSA-2017:1298
https://access.redhat.com/errata/RHSA-2017:1298
Common Vulnerability Exposure (CVE) ID: CVE-2017-7482
BugTraq ID: 99299
http://www.securityfocus.com/bid/99299
Debian Security Information: DSA-3927 (Google Search)
https://www.debian.org/security/2017/dsa-3927
Debian Security Information: DSA-3945 (Google Search)
https://www.debian.org/security/2017/dsa-3945
http://seclists.org/oss-sec/2017/q2/602
RedHat Security Advisories: RHSA-2019:0641
https://access.redhat.com/errata/RHSA-2019:0641
http://www.securitytracker.com/id/1038787
Common Vulnerability Exposure (CVE) ID: CVE-2017-7487
BugTraq ID: 98439
http://www.securityfocus.com/bid/98439
Debian Security Information: DSA-3886 (Google Search)
http://www.debian.org/security/2017/dsa-3886
http://www.securitytracker.com/id/1039237
Common Vulnerability Exposure (CVE) ID: CVE-2017-7533
BugTraq ID: 100123
http://www.securityfocus.com/bid/100123
http://www.debian.org/security/2017/dsa-3927
http://www.debian.org/security/2017/dsa-3945
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e
http://openwall.com/lists/oss-security/2017/08/03/2
https://bugzilla.redhat.com/show_bug.cgi?id=1468283
https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e
https://patchwork.kernel.org/patch/9755753/
https://patchwork.kernel.org/patch/9755757/
https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1408967.html
http://www.openwall.com/lists/oss-security/2019/06/27/7
http://www.openwall.com/lists/oss-security/2019/06/28/1
http://www.openwall.com/lists/oss-security/2019/06/28/2
RedHat Security Advisories: RHSA-2017:2473
https://access.redhat.com/errata/RHSA-2017:2473
RedHat Security Advisories: RHSA-2017:2585
https://access.redhat.com/errata/RHSA-2017:2585
RedHat Security Advisories: RHSA-2017:2770
https://access.redhat.com/errata/RHSA-2017:2770
RedHat Security Advisories: RHSA-2017:2869
https://access.redhat.com/errata/RHSA-2017:2869
http://www.securitytracker.com/id/1039075
Common Vulnerability Exposure (CVE) ID: CVE-2017-7542
BugTraq ID: 99953
http://www.securityfocus.com/bid/99953
RedHat Security Advisories: RHSA-2018:0169
https://access.redhat.com/errata/RHSA-2018:0169
Common Vulnerability Exposure (CVE) ID: CVE-2017-7616
BugTraq ID: 97527
http://www.securityfocus.com/bid/97527
http://www.securitytracker.com/id/1038503
Common Vulnerability Exposure (CVE) ID: CVE-2017-8831
BugTraq ID: 99619
http://www.securityfocus.com/bid/99619
http://www.securityfocus.com/archive/1/540770/30/0/threaded
https://bugzilla.kernel.org/show_bug.cgi?id=195559
https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-8890
BugTraq ID: 98562
http://www.securityfocus.com/bid/98562
Common Vulnerability Exposure (CVE) ID: CVE-2017-8924
BugTraq ID: 98451
http://www.securityfocus.com/bid/98451
Common Vulnerability Exposure (CVE) ID: CVE-2017-8925
BugTraq ID: 98462
http://www.securityfocus.com/bid/98462
Common Vulnerability Exposure (CVE) ID: CVE-2017-9074
BugTraq ID: 98577
http://www.securityfocus.com/bid/98577
Common Vulnerability Exposure (CVE) ID: CVE-2017-9075
BugTraq ID: 98597
http://www.securityfocus.com/bid/98597
Common Vulnerability Exposure (CVE) ID: CVE-2017-9076
BugTraq ID: 98586
http://www.securityfocus.com/bid/98586
Common Vulnerability Exposure (CVE) ID: CVE-2017-9077
BugTraq ID: 98583
http://www.securityfocus.com/bid/98583
Common Vulnerability Exposure (CVE) ID: CVE-2017-9242
BugTraq ID: 98731
http://www.securityfocus.com/bid/98731
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.