Jump to content
Compatible Support Forums
Sign in to follow this  
news

[security-announce] SUSE-SU-2016:1035-1: important: Security update for Linux Kernel Live Patch 2 for SP 1

Recommended Posts

SUSE Security Update: Security update for Linux Kernel Live Patch 2 for SP 1

______________________________________________________________________________

 

Announcement ID: SUSE-SU-2016:1035-1

Rating: important

References: #960563 #964732 #966683 #967773

Cross-References: CVE-2015-8709 CVE-2015-8812 CVE-2016-0774

CVE-2016-2384

Affected Products:

SUSE Linux Enterprise Live Patching 12

______________________________________________________________________________

 

An update that fixes four vulnerabilities is now available.

 

Description:

 

 

This update for the Linux Kernel 3.12.51-60.25.1 fixes the following

issues:

 

- CVE-2016-2384: A malicious USB device could cause a kernel crash in the

alsa usb-audio driver. (bsc#967773)

 

- CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the

network was considered congested. The kernel would incorrectly

misinterpret the congestion as an error condition and incorrectly

free/clean up the skb. When the device would then send the skb's queued,

these structures would be referenced and may panic the system or allow

an attacker to escalate privileges in a use-after-free scenario.

(bsc#966683)

 

- CVE-2016-0774: A pipe buffer state corruption after unsuccessful atomic

read from pipe was fixed (bsc#964732).

 

- CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and

gid mappings, which allowed local users to gain privileges by

establishing a user namespace, waiting for a root process to enter that

namespace with an unsafe uid or gid, and then using the ptrace system

call. NOTE: the vendor states "there is no kernel bug here." (bsc#960563)

 

 

Patch Instructions:

 

To install this SUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- SUSE Linux Enterprise Live Patching 12:

 

zypper in -t patch SUSE-SLE-Live-Patching-12-2016-612=1

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- SUSE Linux Enterprise Live Patching 12 (x86_64):

 

kgraft-patch-3_12_51-60_25-default-3-2.1

kgraft-patch-3_12_51-60_25-xen-3-2.1

 

 

References:

 

https://www.suse.com/security/cve/CVE-2015-8709.html

https://www.suse.com/security/cve/CVE-2015-8812.html

https://www.suse.com/security/cve/CVE-2016-0774.html

https://www.suse.com/security/cve/CVE-2016-2384.html

https://bugzilla.suse.com/960563

https://bugzilla.suse.com/964732

https://bugzilla.suse.com/966683

https://bugzilla.suse.com/967773

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×