openSUSE 安全性更新:Linux 核心 (openSUSE-2015-686)

high Nessus Plugin ID 86668

概要

遠端 openSUSE 主機缺少安全性更新。

說明

openSUSE 13.2 核心已更新,可接收多個安全性和錯誤修正。

已修正下列安全性錯誤:

- CVE-2015-3290:在 x86_64 平台上的 Linux 核心中,arch/x86/entry/entry_64.S 處理巢狀 NMI 時未正確仰賴 espfix64,其允許本機使用者在特定指令視窗中觸發 NMI,進而取得權限 (bnc#937969)

- CVE-2015-0272:據報告,攻擊者可利用特製的路由器廣告訊息,使接收器進入不接受新 Ipv6 連線的狀態,直到收到正確的路由器廣告訊息為止。(bsc#944296)。

- CVE-2015-5283:在 Linux 核心中,net/sctp/protocol.c 的 sctp_init 函式具有不正確的通訊協定初始化步驟順序,這會讓本機使用者在所有步驟完成之前即建立 SCTP 通訊端,進而引發拒絕服務 (不穩定或記憶體損毀) (bnc#947155)。

- CVE-2015-1333:在 Linux 核心中,security/keys/keyring.c 的 __key_link_end 函式有一個記憶體洩漏問題,其允許本機使用者透過參照現有金鑰的多個 add_key 系統呼叫,造成拒絕服務 (記憶體消耗)。(bsc#938645)

- CVE-2015-5707:在 Linux 核心中,drivers/scsi/sg.c 的 sg_start_req 函式有一個整數溢位問題,其允許本機使用者透過在寫入要求中使用大的 iov_count 值,從而造成拒絕服務或可能造成其他不明影響。(bsc#940338)

- CVE-2015-2925:攻擊者可能破解命名空間或容器,不過要視其在這些容器中是否擁有特定權限而定。(bsc#926238)。

- CVE-2015-7872:keyring 記憶體回收行程有一個弱點,其允許本機使用者利用 request_key() 或 keyctl request2,造成觸發「糟糕,發現錯誤」。
(bsc#951440)

下列非安全性錯誤已修正:

- input:evdev - 不報告來自 flush() 的錯誤 (bsc#939834)。

- NFSv4:重新呼叫讀取委派復原中斷 (bsc#942178)。

- apparmor:上傳原則錯誤的暫時處理作法 (boo#941867)。

- config/x86_64/ec2:已啟用所有其他核心類別中的對齊 CONFIG_STRICT_DEVMEM CONFIG_STRICT_DEVMEM,因此也一併在 x86_64/ec2 中啟用。

- kernel-obs-build:新增 btrfs 至 initrd,kiwi 版本需要此項目。

- mmc:card:不存取用於一般讀取/寫入的 RPMB 磁碟分割 (bnc#941104)。

- netback:視需要聯合 (來賓) RX SKB (bsc#919154)。

- rpm/kernel-obs-build.spec.in:新增 virtio_rng 至 initrd。如此可為 OBS 背景工作供給一些隨機性。

- xfs:修正 btree 目錄的檔案類型目錄損毀 (bsc#941305)。

- xfs:確保緩衝區類型正確設定 (bsc#941305)。

- xfs:inode 取消連結不設定 AGI 緩衝區類型 (bsc#941305)。

- xfs:轉換範圍格式時設定 buf 類型 (bsc#941305)。

- xfs:正確設定超級區塊緩衝區類型 (bsc#941305)。

- xhci:為 LynxPoint-LP 控制器新增假性喚醒 quirk (bnc#951195)。

解決方案

更新受影響的 Linux 核心套件。

另請參閱

https://bugzilla.opensuse.org/show_bug.cgi?id=919154

https://bugzilla.opensuse.org/show_bug.cgi?id=926238

https://bugzilla.opensuse.org/show_bug.cgi?id=937969

https://bugzilla.opensuse.org/show_bug.cgi?id=938645

https://bugzilla.opensuse.org/show_bug.cgi?id=939834

https://bugzilla.opensuse.org/show_bug.cgi?id=940338

https://bugzilla.opensuse.org/show_bug.cgi?id=941104

https://bugzilla.opensuse.org/show_bug.cgi?id=941305

https://bugzilla.opensuse.org/show_bug.cgi?id=941867

https://bugzilla.opensuse.org/show_bug.cgi?id=942178

https://bugzilla.opensuse.org/show_bug.cgi?id=944296

https://bugzilla.opensuse.org/show_bug.cgi?id=947155

https://bugzilla.opensuse.org/show_bug.cgi?id=951195

https://bugzilla.opensuse.org/show_bug.cgi?id=951440

Plugin 詳細資訊

嚴重性: High

ID: 86668

檔案名稱: openSUSE-2015-686.nasl

版本: 2.3

類型: local

代理程式: unix

已發布: 2015/10/30

已更新: 2021/1/19

支援的感應器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

風險資訊

VPR

風險因素: Medium

分數: 6.7

CVSS v2

風險因素: High

基本分數: 7.2

媒介: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

弱點資訊

CPE: p-cpe:/a:novell:opensuse:bbswitch, p-cpe:/a:novell:opensuse:bbswitch-debugsource, p-cpe:/a:novell:opensuse:bbswitch-kmp-default, p-cpe:/a:novell:opensuse:bbswitch-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:bbswitch-kmp-desktop, p-cpe:/a:novell:opensuse:bbswitch-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:bbswitch-kmp-pae, p-cpe:/a:novell:opensuse:bbswitch-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:bbswitch-kmp-xen, p-cpe:/a:novell:opensuse:bbswitch-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:cloop, p-cpe:/a:novell:opensuse:cloop-debuginfo, p-cpe:/a:novell:opensuse:cloop-debugsource, p-cpe:/a:novell:opensuse:cloop-kmp-default, p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:cloop-kmp-desktop, p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:cloop-kmp-pae, p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:cloop-kmp-xen, p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:crash, p-cpe:/a:novell:opensuse:crash-debuginfo, p-cpe:/a:novell:opensuse:crash-debugsource, p-cpe:/a:novell:opensuse:crash-devel, p-cpe:/a:novell:opensuse:crash-eppic, p-cpe:/a:novell:opensuse:crash-eppic-debuginfo, p-cpe:/a:novell:opensuse:crash-gcore, p-cpe:/a:novell:opensuse:crash-gcore-debuginfo, p-cpe:/a:novell:opensuse:crash-kmp-default, p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:crash-kmp-desktop, p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:crash-kmp-pae, p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:crash-kmp-xen, p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:hdjmod-debugsource, p-cpe:/a:novell:opensuse:hdjmod-kmp-default, p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop, p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:hdjmod-kmp-pae, p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:hdjmod-kmp-xen, p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:ipset, p-cpe:/a:novell:opensuse:ipset-debuginfo, p-cpe:/a:novell:opensuse:ipset-debugsource, p-cpe:/a:novell:opensuse:ipset-devel, p-cpe:/a:novell:opensuse:ipset-kmp-default, p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:ipset-kmp-desktop, p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:ipset-kmp-pae, p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:ipset-kmp-xen, p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-desktop, p-cpe:/a:novell:opensuse:kernel-desktop-base, p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debugsource, p-cpe:/a:novell:opensuse:kernel-desktop-devel, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:xen-devel, p-cpe:/a:novell:opensuse:xen-doc-html, p-cpe:/a:novell:opensuse:xen-kmp-default, p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:xen-tools-domu, p-cpe:/a:novell:opensuse:xen-tools-domu-debuginfo, p-cpe:/a:novell:opensuse:xtables-addons, p-cpe:/a:novell:opensuse:xtables-addons-debuginfo, p-cpe:/a:novell:opensuse:xtables-addons-debugsource, p-cpe:/a:novell:opensuse:xtables-addons-kmp-default, p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop, p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae, p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen, p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo, cpe:/o:novell:opensuse:13.2, p-cpe:/a:novell:opensuse:kernel-macros, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:kernel-obs-qa-xen, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debugsource, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debugsource, p-cpe:/a:novell:opensuse:kernel-xen-devel, p-cpe:/a:novell:opensuse:libipset3, p-cpe:/a:novell:opensuse:libipset3-debuginfo, p-cpe:/a:novell:opensuse:pcfclock, p-cpe:/a:novell:opensuse:pcfclock-debuginfo, p-cpe:/a:novell:opensuse:pcfclock-debugsource, p-cpe:/a:novell:opensuse:pcfclock-kmp-default, p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop, p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:pcfclock-kmp-pae, p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:vhba-kmp-debugsource, p-cpe:/a:novell:opensuse:vhba-kmp-default, p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:vhba-kmp-desktop, p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:vhba-kmp-pae, p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:vhba-kmp-xen, p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:xen, p-cpe:/a:novell:opensuse:xen-debugsource, p-cpe:/a:novell:opensuse:xen-kmp-desktop, p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:xen-libs, p-cpe:/a:novell:opensuse:xen-libs-32bit, p-cpe:/a:novell:opensuse:xen-libs-debuginfo, p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit, p-cpe:/a:novell:opensuse:xen-tools, p-cpe:/a:novell:opensuse:xen-tools-debuginfo

必要的 KB 項目: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

修補程式發佈日期: 2015/10/27

參考資訊

CVE: CVE-2015-0272, CVE-2015-1333, CVE-2015-2925, CVE-2015-3290, CVE-2015-5283, CVE-2015-5707, CVE-2015-7872