Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP1 kernel was updated to receive a security fix.
Following security bug was fixed:
- A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962075, CVE-2016-0728).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
kernel-default-3.12.51-60.25.1
kernel-default-devel-3.12.51-60.25.1
kernel-default-extra-3.12.51-60.25.1
kernel-devel-3.12.51-60.25.1
kernel-macros-3.12.51-60.25.1
kernel-source-3.12.51-60.25.1
kernel-syms-3.12.51-60.25.1
kernel-xen-3.12.51-60.25.1
kernel-xen-devel-3.12.51-60.25.1
SUSE Linux Enterprise Live Patching 12
kgraft-patch-3_12_51-60_25-default-1-2.2
kgraft-patch-3_12_51-60_25-xen-1-2.2
SUSE Linux Enterprise Module for Public Cloud 12
kernel-ec2-3.12.51-60.25.1
kernel-ec2-devel-3.12.51-60.25.1
kernel-ec2-extra-3.12.51-60.25.1
SUSE Linux Enterprise Server 12 SP1
kernel-default-3.12.51-60.25.1
kernel-default-base-3.12.51-60.25.1
kernel-default-devel-3.12.51-60.25.1
kernel-default-man-3.12.51-60.25.1
kernel-devel-3.12.51-60.25.1
kernel-macros-3.12.51-60.25.1
kernel-source-3.12.51-60.25.1
kernel-syms-3.12.51-60.25.1
kernel-xen-3.12.51-60.25.1
kernel-xen-base-3.12.51-60.25.1
kernel-xen-devel-3.12.51-60.25.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
kernel-default-3.12.51-60.25.1
kernel-default-base-3.12.51-60.25.1
kernel-default-devel-3.12.51-60.25.1
kernel-default-man-3.12.51-60.25.1
kernel-devel-3.12.51-60.25.1
kernel-macros-3.12.51-60.25.1
kernel-source-3.12.51-60.25.1
kernel-syms-3.12.51-60.25.1
kernel-xen-3.12.51-60.25.1
kernel-xen-base-3.12.51-60.25.1
kernel-xen-devel-3.12.51-60.25.1
SUSE Linux Enterprise Software Development Kit 12 SP1
kernel-docs-3.12.51-60.25.2
kernel-obs-build-3.12.51-60.25.1
SUSE Linux Enterprise Workstation Extension 12 SP1
kernel-default-extra-3.12.51-60.25.1
Ссылки
- Link for SUSE-SU-2016:0186-1
- E-Mail link for SUSE-SU-2016:0186-1
- SUSE Security Ratings
- SUSE Bug 962075
- SUSE CVE CVE-2016-0728 page
Описание
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:kernel-default-3.12.51-60.25.1
SUSE Linux Enterprise Desktop 12 SP1:kernel-default-devel-3.12.51-60.25.1
SUSE Linux Enterprise Desktop 12 SP1:kernel-default-extra-3.12.51-60.25.1
SUSE Linux Enterprise Desktop 12 SP1:kernel-devel-3.12.51-60.25.1
Ссылки
- CVE-2016-0728
- SUSE Bug 923755
- SUSE Bug 962075
- SUSE Bug 962078
- SUSE Bug 963994