openSUSE 安全更新:Linux 内核 (openSUSE-2015-686)

high Nessus 插件 ID 86668

简介

远程 openSUSE 主机缺少安全更新。

描述

更新 openSUSE 13.2 内核以修复多种安全问题和缺陷。

已修复下列安全缺陷:

- CVE-2015-3290:在 x86_64 平台中,Linux 内核中的 arch/x86/entry/entry_64.S 在处理嵌套 NMI 的过程中未正确依赖 espfix64,从而允许本地用户通过触发某个指令窗口中的 NMI 获得权限 (bnc#937969)

- CVE-2015-0272:据报告,可能可以构建路由器公告消息,使接收方在收到正确的路由器公告消息之前不接受新的 IPv6 连接。(bsc#944296)。

- CVE-2015-5283:Linux 内核中 net/sctp/protocol.c 的 sctp_init 函数具有错误的协议初始化步骤序列,本地用户可利用此问题在所有步骤完成前创建 SCTP 套接字,从而造成拒绝服务(混乱或内存损坏)(bnc#947155)。

- CVE-2015-1333:Linux 内核的 security/keys/keyring.c 的 __key_link_end 函数中的内存泄漏允许本地用户通过引用现有密钥的若干 add_key 系统调用,造成拒绝服务(内存消耗)。(bsc#938645)

CVE-2015-5707:在 Linux 内核的 drivers/scsi/sg.c 中,sg_start_req 函数中的整数溢出允许本地用户通过写入请求中的较大 iov_count 值,造成拒绝服务或可能产生其他不明影响。(bsc#940338)

- CVE-2015-2925:攻击者可能破坏命名空间或容器,取决于攻击者是否拥有这些容器的特定权限。(bsc#926238)。

- CVE-2015-7872:在 keyring 垃圾回收器中发现可允许本地用户触发 oops 的漏洞,该漏洞是因使用 request_key() 或 keyctl request2 而造成的。
(bsc#951440)

修复了以下非安全缺陷:

- input:evdev - 不报告 flush() 错误 (bsc#939834)。

- NFSv4:恢复撤回的读取委托时中断 (bsc#942178)。

- apparmor:卸载策略过程中存在针对缺陷的变通方案 (boo#941867)。

- config/x86_64/ec2:对齐 CONFIG_STRICT_DEVMEM 在每个其他内核风格中都启用了 CONFIG_STRICT_DEVMEM,因此也在 x86_64/ec2 中予以启用。

- kernel-obs-build:将 btrfs 添加至 initrd kiwi 版本有此需要。

- mmc:card:正常读写时,不访问 RPMB 分区 (bnc#941104)。

- netback:根据需要合并(客户机)RX SKB (bsc#919154)。

- rpm/kernel-obs-build.spec.in:将 virtio_rng 添加至 initrd。这允许向 OBS 工作线程提供某些随机性。

- xfs:修复 btree 目录的文件类型目录损坏 (bsc#941305)。

- xfs:确保正确设置缓冲区类型 (bsc#941305)。

- xfs:inode unlink 未设置 AGI 缓冲区类型 (bsc#941305)。

- xfs:在转换 extent 格式时设置缓冲区类型 (bsc#941305)。

- xfs:正确设置超级块缓冲区类型 (bsc#941305)。

- xhci:为 LynxPoint-LP 控制器添加虚假唤醒 quirk (bnc#951195)。

解决方案

更新受影响的 Linux Kernel 程序包。

另见

https://bugzilla.opensuse.org/show_bug.cgi?id=919154

https://bugzilla.opensuse.org/show_bug.cgi?id=926238

https://bugzilla.opensuse.org/show_bug.cgi?id=937969

https://bugzilla.opensuse.org/show_bug.cgi?id=938645

https://bugzilla.opensuse.org/show_bug.cgi?id=939834

https://bugzilla.opensuse.org/show_bug.cgi?id=940338

https://bugzilla.opensuse.org/show_bug.cgi?id=941104

https://bugzilla.opensuse.org/show_bug.cgi?id=941305

https://bugzilla.opensuse.org/show_bug.cgi?id=941867

https://bugzilla.opensuse.org/show_bug.cgi?id=942178

https://bugzilla.opensuse.org/show_bug.cgi?id=944296

https://bugzilla.opensuse.org/show_bug.cgi?id=947155

https://bugzilla.opensuse.org/show_bug.cgi?id=951195

https://bugzilla.opensuse.org/show_bug.cgi?id=951440

插件详情

严重性: High

ID: 86668

文件名: openSUSE-2015-686.nasl

版本: 2.3

类型: local

代理: unix

发布时间: 2015/10/30

最近更新时间: 2021/1/19

支持的传感器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

风险信息

VPR

风险因素: Medium

分数: 6.7

CVSS v2

风险因素: High

基本分数: 7.2

矢量: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

漏洞信息

CPE: p-cpe:/a:novell:opensuse:bbswitch, p-cpe:/a:novell:opensuse:bbswitch-debugsource, p-cpe:/a:novell:opensuse:bbswitch-kmp-default, p-cpe:/a:novell:opensuse:bbswitch-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:bbswitch-kmp-desktop, p-cpe:/a:novell:opensuse:bbswitch-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:bbswitch-kmp-pae, p-cpe:/a:novell:opensuse:bbswitch-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:bbswitch-kmp-xen, p-cpe:/a:novell:opensuse:bbswitch-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:cloop, p-cpe:/a:novell:opensuse:cloop-debuginfo, p-cpe:/a:novell:opensuse:cloop-debugsource, p-cpe:/a:novell:opensuse:cloop-kmp-default, p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:cloop-kmp-desktop, p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:cloop-kmp-pae, p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:cloop-kmp-xen, p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:crash, p-cpe:/a:novell:opensuse:crash-debuginfo, p-cpe:/a:novell:opensuse:crash-debugsource, p-cpe:/a:novell:opensuse:crash-devel, p-cpe:/a:novell:opensuse:crash-eppic, p-cpe:/a:novell:opensuse:crash-eppic-debuginfo, p-cpe:/a:novell:opensuse:crash-gcore, p-cpe:/a:novell:opensuse:crash-gcore-debuginfo, p-cpe:/a:novell:opensuse:crash-kmp-default, p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:crash-kmp-desktop, p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:crash-kmp-pae, p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:crash-kmp-xen, p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:hdjmod-debugsource, p-cpe:/a:novell:opensuse:hdjmod-kmp-default, p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop, p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:hdjmod-kmp-pae, p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:hdjmod-kmp-xen, p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:ipset, p-cpe:/a:novell:opensuse:ipset-debuginfo, p-cpe:/a:novell:opensuse:ipset-debugsource, p-cpe:/a:novell:opensuse:ipset-devel, p-cpe:/a:novell:opensuse:ipset-kmp-default, p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:ipset-kmp-desktop, p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:ipset-kmp-pae, p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:ipset-kmp-xen, p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-desktop, p-cpe:/a:novell:opensuse:kernel-desktop-base, p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debugsource, p-cpe:/a:novell:opensuse:kernel-desktop-devel, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:xen-devel, p-cpe:/a:novell:opensuse:xen-doc-html, p-cpe:/a:novell:opensuse:xen-kmp-default, p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:xen-tools-domu, p-cpe:/a:novell:opensuse:xen-tools-domu-debuginfo, p-cpe:/a:novell:opensuse:xtables-addons, p-cpe:/a:novell:opensuse:xtables-addons-debuginfo, p-cpe:/a:novell:opensuse:xtables-addons-debugsource, p-cpe:/a:novell:opensuse:xtables-addons-kmp-default, p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop, p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae, p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen, p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo, cpe:/o:novell:opensuse:13.2, p-cpe:/a:novell:opensuse:kernel-macros, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:kernel-obs-qa-xen, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debugsource, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debugsource, p-cpe:/a:novell:opensuse:kernel-xen-devel, p-cpe:/a:novell:opensuse:libipset3, p-cpe:/a:novell:opensuse:libipset3-debuginfo, p-cpe:/a:novell:opensuse:pcfclock, p-cpe:/a:novell:opensuse:pcfclock-debuginfo, p-cpe:/a:novell:opensuse:pcfclock-debugsource, p-cpe:/a:novell:opensuse:pcfclock-kmp-default, p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop, p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:pcfclock-kmp-pae, p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:vhba-kmp-debugsource, p-cpe:/a:novell:opensuse:vhba-kmp-default, p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:vhba-kmp-desktop, p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:vhba-kmp-pae, p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:vhba-kmp-xen, p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:xen, p-cpe:/a:novell:opensuse:xen-debugsource, p-cpe:/a:novell:opensuse:xen-kmp-desktop, p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:xen-libs, p-cpe:/a:novell:opensuse:xen-libs-32bit, p-cpe:/a:novell:opensuse:xen-libs-debuginfo, p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit, p-cpe:/a:novell:opensuse:xen-tools, p-cpe:/a:novell:opensuse:xen-tools-debuginfo

必需的 KB 项: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

补丁发布日期: 2015/10/27

参考资料信息

CVE: CVE-2015-0272, CVE-2015-1333, CVE-2015-2925, CVE-2015-3290, CVE-2015-5283, CVE-2015-5707, CVE-2015-7872