English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2017.2920.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2017:2920-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2017:2920-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2017:2920-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 12 GA LTS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bnc#1064388).
- CVE-2015-9004: kernel/events/core.c in the Linux kernel mishandled counter grouping, which allowed local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions (bnc#1037306).
- CVE-2016-10229: udp.c in the Linux kernel allowed remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag (bnc#1032268).
- CVE-2016-9604: The handling of keyrings starting with '.' in KEYCTL_JOIN_SESSION_KEYRING, which could have allowed local users to manipulate privileged keyrings, was fixed (bsc#1035576)
- CVE-2017-1000363: Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line (bnc#1039456).
- CVE-2017-1000365: The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation. (bnc#1039354).
- CVE-2017-1000380: sound/core/timer.c in the Linux kernel is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time (bnc#1044125).
- CVE-2017-10661: Race condition in fs/timerfd.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bnc#1053152).
- CVE-2017-11176: The mq_notify function in the Linux kernel did not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allowed attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact (bnc#1048275).
- CVE-2017-12153: A security flaw was discovered in the ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Server 12.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-9004
BugTraq ID: 98166
http://www.securityfocus.com/bid/98166
Common Vulnerability Exposure (CVE) ID: CVE-2016-10229
BugTraq ID: 97397
http://www.securityfocus.com/bid/97397
http://www.securitytracker.com/id/1038201
Common Vulnerability Exposure (CVE) ID: CVE-2016-10277
BugTraq ID: 98149
http://www.securityfocus.com/bid/98149
https://www.exploit-db.com/exploits/42601/
Common Vulnerability Exposure (CVE) ID: CVE-2016-9604
BugTraq ID: 102135
http://www.securityfocus.com/bid/102135
RedHat Security Advisories: RHSA-2017:1842
https://access.redhat.com/errata/RHSA-2017:1842
RedHat Security Advisories: RHSA-2017:2077
https://access.redhat.com/errata/RHSA-2017:2077
RedHat Security Advisories: RHSA-2017:2669
https://access.redhat.com/errata/RHSA-2017:2669
Common Vulnerability Exposure (CVE) ID: CVE-2017-1000363
BugTraq ID: 98651
http://www.securityfocus.com/bid/98651
Debian Security Information: DSA-3945 (Google Search)
http://www.debian.org/security/2017/dsa-3945
https://alephsecurity.com/vulns/aleph-2017023
Common Vulnerability Exposure (CVE) ID: CVE-2017-1000365
BugTraq ID: 99156
http://www.securityfocus.com/bid/99156
Debian Security Information: DSA-3927 (Google Search)
http://www.debian.org/security/2017/dsa-3927
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Common Vulnerability Exposure (CVE) ID: CVE-2017-1000380
BugTraq ID: 99121
http://www.securityfocus.com/bid/99121
Debian Security Information: DSA-3981 (Google Search)
http://www.debian.org/security/2017/dsa-3981
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ba3021b2c79b2fa9114f92790a99deb27a65b728
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d11662f4f798b50d8c8743f433842c3e40fe3378
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.5
http://www.openwall.com/lists/oss-security/2017/06/12/2
https://github.com/torvalds/linux/commit/ba3021b2c79b2fa9114f92790a99deb27a65b728
https://github.com/torvalds/linux/commit/d11662f4f798b50d8c8743f433842c3e40fe3378
RedHat Security Advisories: RHSA-2017:3295
https://access.redhat.com/errata/RHSA-2017:3295
RedHat Security Advisories: RHSA-2017:3315
https://access.redhat.com/errata/RHSA-2017:3315
RedHat Security Advisories: RHSA-2017:3322
https://access.redhat.com/errata/RHSA-2017:3322
Common Vulnerability Exposure (CVE) ID: CVE-2017-10661
BugTraq ID: 100215
http://www.securityfocus.com/bid/100215
https://www.exploit-db.com/exploits/43345/
RedHat Security Advisories: RHSA-2018:3083
https://access.redhat.com/errata/RHSA-2018:3083
RedHat Security Advisories: RHSA-2018:3096
https://access.redhat.com/errata/RHSA-2018:3096
RedHat Security Advisories: RHSA-2019:4057
https://access.redhat.com/errata/RHSA-2019:4057
RedHat Security Advisories: RHSA-2019:4058
https://access.redhat.com/errata/RHSA-2019:4058
RedHat Security Advisories: RHSA-2020:0036
https://access.redhat.com/errata/RHSA-2020:0036
Common Vulnerability Exposure (CVE) ID: CVE-2017-11176
BugTraq ID: 99919
http://www.securityfocus.com/bid/99919
https://www.exploit-db.com/exploits/45553/
RedHat Security Advisories: RHSA-2017:2918
https://access.redhat.com/errata/RHSA-2017:2918
RedHat Security Advisories: RHSA-2017:2930
https://access.redhat.com/errata/RHSA-2017:2930
RedHat Security Advisories: RHSA-2017:2931
https://access.redhat.com/errata/RHSA-2017:2931
RedHat Security Advisories: RHSA-2018:0169
https://access.redhat.com/errata/RHSA-2018:0169
RedHat Security Advisories: RHSA-2018:3822
https://access.redhat.com/errata/RHSA-2018:3822
Common Vulnerability Exposure (CVE) ID: CVE-2017-12153
100855
http://www.securityfocus.com/bid/100855
DSA-3981
USN-3583-1
https://usn.ubuntu.com/3583-1/
USN-3583-2
https://usn.ubuntu.com/3583-2/
http://seclists.org/oss-sec/2017/q3/437
https://bugzilla.novell.com/show_bug.cgi?id=1058410
https://bugzilla.redhat.com/show_bug.cgi?id=1491046
https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git/commit/?id=e785fa0a164aa11001cba931367c7f94ffaff888
https://marc.info/?t=150525503100001&r=1&w=2
Common Vulnerability Exposure (CVE) ID: CVE-2017-12154
100856
http://www.securityfocus.com/bid/100856
RHSA-2018:0676
https://access.redhat.com/errata/RHSA-2018:0676
RHSA-2018:1062
https://access.redhat.com/errata/RHSA-2018:1062
RHSA-2019:1946
https://access.redhat.com/errata/RHSA-2019:1946
USN-3698-1
https://usn.ubuntu.com/3698-1/
USN-3698-2
https://usn.ubuntu.com/3698-2/
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f
https://bugzilla.redhat.com/show_bug.cgi?id=1491224
https://github.com/torvalds/linux/commit/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f
https://www.spinics.net/lists/kvm/msg155414.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-12762
BugTraq ID: 100251
http://www.securityfocus.com/bid/100251
https://patchwork.kernel.org/patch/9880041/
http://www.openwall.com/lists/oss-security/2020/02/11/1
http://www.openwall.com/lists/oss-security/2020/02/11/2
http://www.openwall.com/lists/oss-security/2020/02/14/4
https://usn.ubuntu.com/3620-1/
https://usn.ubuntu.com/3620-2/
Common Vulnerability Exposure (CVE) ID: CVE-2017-13080
BugTraq ID: 101274
http://www.securityfocus.com/bid/101274
CERT/CC vulnerability note: VU#228519
http://www.kb.cert.org/vuls/id/228519
Cisco Security Advisory: 20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
Debian Security Information: DSA-3999 (Google Search)
http://www.debian.org/security/2017/dsa-3999
FreeBSD Security Advisory: FreeBSD-SA-17:07
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc
https://security.gentoo.org/glsa/201711-03
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
https://www.krackattacks.com/
https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html
RedHat Security Advisories: RHSA-2017:2907
https://access.redhat.com/errata/RHSA-2017:2907
RedHat Security Advisories: RHSA-2017:2911
https://access.redhat.com/errata/RHSA-2017:2911
http://www.securitytracker.com/id/1039572
http://www.securitytracker.com/id/1039573
http://www.securitytracker.com/id/1039576
http://www.securitytracker.com/id/1039577
http://www.securitytracker.com/id/1039578
http://www.securitytracker.com/id/1039581
http://www.securitytracker.com/id/1039585
http://www.securitytracker.com/id/1039703
SuSE Security Announcement: SUSE-SU-2017:2745 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html
SuSE Security Announcement: SUSE-SU-2017:2752 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html
SuSE Security Announcement: openSUSE-SU-2017:2755 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html
http://www.ubuntu.com/usn/USN-3455-1
Common Vulnerability Exposure (CVE) ID: CVE-2017-14051
BugTraq ID: 100571
http://www.securityfocus.com/bid/100571
https://bugzilla.kernel.org/show_bug.cgi?id=194061
https://patchwork.kernel.org/patch/9929625/
Common Vulnerability Exposure (CVE) ID: CVE-2017-14106
BugTraq ID: 100878
http://www.securityfocus.com/bid/100878
RedHat Security Advisories: RHSA-2017:3200
https://access.redhat.com/errata/RHSA-2017:3200
RedHat Security Advisories: RHSA-2018:2172
https://access.redhat.com/errata/RHSA-2018:2172
http://www.securitytracker.com/id/1039549
SuSE Security Announcement: SUSE-SU-2018:0011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-14140
BugTraq ID: 100876
http://www.securityfocus.com/bid/100876
RedHat Security Advisories: RHSA-2018:0676
RedHat Security Advisories: RHSA-2018:1062
Common Vulnerability Exposure (CVE) ID: CVE-2017-15265
BugTraq ID: 101288
http://www.securityfocus.com/bid/101288
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71105998845fb012937332fe2e806d443c09e026
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8
https://bugzilla.suse.com/show_bug.cgi?id=1062520
https://github.com/torvalds/linux/commit/71105998845fb012937332fe2e806d443c09e026
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
https://source.android.com/security/bulletin/2018-02-01
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
http://mailman.alsa-project.org/pipermail/alsa-devel/2017-October/126292.html
http://www.openwall.com/lists/oss-security/2017/10/11/3
RedHat Security Advisories: RHSA-2018:1130
https://access.redhat.com/errata/RHSA-2018:1130
RedHat Security Advisories: RHSA-2018:1170
https://access.redhat.com/errata/RHSA-2018:1170
RedHat Security Advisories: RHSA-2018:2390
https://access.redhat.com/errata/RHSA-2018:2390
RedHat Security Advisories: RHSA-2018:3823
https://access.redhat.com/errata/RHSA-2018:3823
http://www.securitytracker.com/id/1039561
Common Vulnerability Exposure (CVE) ID: CVE-2017-15274
BugTraq ID: 101292
http://www.securityfocus.com/bid/101292
RedHat Security Advisories: RHSA-2019:1946
Common Vulnerability Exposure (CVE) ID: CVE-2017-15649
BugTraq ID: 101573
http://www.securityfocus.com/bid/101573
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=008ba2a13f2d04c947adc536d19debb8fe66f110
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4971613c1639d8e5f102c4e797c3bf8f83a5a69e
http://patchwork.ozlabs.org/patch/813945/
http://patchwork.ozlabs.org/patch/818726/
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6
https://blogs.securiteam.com/index.php/archives/3484
https://github.com/torvalds/linux/commit/008ba2a13f2d04c947adc536d19debb8fe66f110
https://github.com/torvalds/linux/commit/4971613c1639d8e5f102c4e797c3bf8f83a5a69e
RedHat Security Advisories: RHSA-2018:0151
https://access.redhat.com/errata/RHSA-2018:0151
RedHat Security Advisories: RHSA-2018:0152
https://access.redhat.com/errata/RHSA-2018:0152
RedHat Security Advisories: RHSA-2018:0181
https://access.redhat.com/errata/RHSA-2018:0181
https://usn.ubuntu.com/3754-1/
Common Vulnerability Exposure (CVE) ID: CVE-2017-2647
97258
http://www.securityfocus.com/bid/97258
RHSA-2017:1842
RHSA-2017:2077
RHSA-2017:2437
https://access.redhat.com/errata/RHSA-2017:2437
RHSA-2017:2444
https://access.redhat.com/errata/RHSA-2017:2444
USN-3849-1
https://usn.ubuntu.com/3849-1/
USN-3849-2
https://usn.ubuntu.com/3849-2/
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81
https://bugzilla.redhat.com/show_bug.cgi?id=1428353
https://github.com/torvalds/linux/commit/c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81
Common Vulnerability Exposure (CVE) ID: CVE-2017-6346
BugTraq ID: 96508
http://www.securityfocus.com/bid/96508
Debian Security Information: DSA-3804 (Google Search)
http://www.debian.org/security/2017/dsa-3804
http://www.openwall.com/lists/oss-security/2017/02/28/6
Common Vulnerability Exposure (CVE) ID: CVE-2017-6951
BugTraq ID: 96943
http://www.securityfocus.com/bid/96943
http://www.spinics.net/lists/keyrings/msg01845.html
http://www.spinics.net/lists/keyrings/msg01846.html
http://www.spinics.net/lists/keyrings/msg01849.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-7482
BugTraq ID: 99299
http://www.securityfocus.com/bid/99299
https://www.debian.org/security/2017/dsa-3927
https://www.debian.org/security/2017/dsa-3945
http://seclists.org/oss-sec/2017/q2/602
RedHat Security Advisories: RHSA-2019:0641
https://access.redhat.com/errata/RHSA-2019:0641
http://www.securitytracker.com/id/1038787
Common Vulnerability Exposure (CVE) ID: CVE-2017-7487
1039237
http://www.securitytracker.com/id/1039237
98439
http://www.securityfocus.com/bid/98439
DSA-3886
http://www.debian.org/security/2017/dsa-3886
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee0d8d8482345ff97a75a7d747efc309f13b0d80
https://bugzilla.redhat.com/show_bug.cgi?id=1447734
https://github.com/torvalds/linux/commit/ee0d8d8482345ff97a75a7d747efc309f13b0d80
https://patchwork.ozlabs.org/patch/757549/
https://source.android.com/security/bulletin/2017-09-01
Common Vulnerability Exposure (CVE) ID: CVE-2017-7518
BugTraq ID: 99263
http://www.securityfocus.com/bid/99263
https://www.debian.org/security/2017/dsa-3981
https://www.spinics.net/lists/kvm/msg151817.html
http://www.openwall.com/lists/oss-security/2017/06/23/5
RedHat Security Advisories: RHSA-2018:0395
https://access.redhat.com/errata/RHSA-2018:0395
RedHat Security Advisories: RHSA-2018:0412
https://access.redhat.com/errata/RHSA-2018:0412
http://www.securitytracker.com/id/1038782
https://usn.ubuntu.com/3619-1/
https://usn.ubuntu.com/3619-2/
Common Vulnerability Exposure (CVE) ID: CVE-2017-7541
1038981
http://www.securitytracker.com/id/1038981
99955
http://www.securityfocus.com/bid/99955
DSA-3927
DSA-3945
RHSA-2017:2863
https://access.redhat.com/errata/RHSA-2017:2863
RHSA-2017:2918
RHSA-2017:2930
RHSA-2017:2931
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f44c9a41386729fea410e688959ddaa9d51be7c
http://openwall.com/lists/oss-security/2017/07/24/2
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.3
https://bugzilla.novell.com/show_bug.cgi?id=1049645
https://bugzilla.redhat.com/show_bug.cgi?id=1473198
https://github.com/torvalds/linux/commit/8f44c9a41386729fea410e688959ddaa9d51be7c
https://source.android.com/security/bulletin/2017-11-01
https://www.spinics.net/lists/stable/msg180994.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-7542
99953
http://www.securityfocus.com/bid/99953
RHSA-2018:0169
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6399f1fae4ec29fab5ec76070435555e256ca3a6
https://github.com/torvalds/linux/commit/6399f1fae4ec29fab5ec76070435555e256ca3a6
Common Vulnerability Exposure (CVE) ID: CVE-2017-7889
BugTraq ID: 97690
http://www.securityfocus.com/bid/97690
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a4866aa812518ed1a37d8ea0c881dc946409de94
http://www.openwall.com/lists/oss-security/2017/04/16/4
https://github.com/torvalds/linux/commit/a4866aa812518ed1a37d8ea0c881dc946409de94
RedHat Security Advisories: RHSA-2018:1854
https://access.redhat.com/errata/RHSA-2018:1854
Common Vulnerability Exposure (CVE) ID: CVE-2017-8106
https://bugzilla.kernel.org/show_bug.cgi?id=195167
https://launchpad.net/bugs/1678676
Common Vulnerability Exposure (CVE) ID: CVE-2017-8831
BugTraq ID: 99619
http://www.securityfocus.com/bid/99619
http://www.securityfocus.com/archive/1/540770/30/0/threaded
https://bugzilla.kernel.org/show_bug.cgi?id=195559
Common Vulnerability Exposure (CVE) ID: CVE-2017-8890
BugTraq ID: 98562
http://www.securityfocus.com/bid/98562
Debian Security Information: DSA-3886 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2017-8924
BugTraq ID: 98451
http://www.securityfocus.com/bid/98451
Common Vulnerability Exposure (CVE) ID: CVE-2017-8925
BugTraq ID: 98462
http://www.securityfocus.com/bid/98462
Common Vulnerability Exposure (CVE) ID: CVE-2017-9074
BugTraq ID: 98577
http://www.securityfocus.com/bid/98577
Common Vulnerability Exposure (CVE) ID: CVE-2017-9075
BugTraq ID: 98597
http://www.securityfocus.com/bid/98597
Common Vulnerability Exposure (CVE) ID: CVE-2017-9076
BugTraq ID: 98586
http://www.securityfocus.com/bid/98586
Common Vulnerability Exposure (CVE) ID: CVE-2017-9077
BugTraq ID: 98583
http://www.securityfocus.com/bid/98583
Common Vulnerability Exposure (CVE) ID: CVE-2017-9242
BugTraq ID: 98731
http://www.securityfocus.com/bid/98731
CopyrightCopyright (C) 2021 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.