SUSE-SU-2016:0341-1

Опубликовано: 04 фев. 2016

Источник: suse-cvrf

Описание

Security update for Kernel live patch 10

This kernel live patch for Linux Kernel 3.12.51-52.34.1 fixes one security issue:

A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962075, CVE-2016-0728).

Список пакетов

SUSE Linux Enterprise Live Patching 12

kgraft-patch-3_12_51-52_34-default-2-2.1

kgraft-patch-3_12_51-52_34-xen-2-2.1

Ссылки

https://www.suse.com/support/update/announcement/2016/suse-su-20160341-1/
Link for SUSE-SU-2016:0341-1
https://lists.suse.com/pipermail/sle-security-updates/2016-February/001849.html
E-Mail link for SUSE-SU-2016:0341-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/962078
SUSE Bug 962078
https://www.suse.com/security/cve/CVE-2016-0728/
SUSE CVE CVE-2016-0728 page

Описание

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.

Затронутые продукты

SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-52_34-default-2-2.1

SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-52_34-xen-2-2.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-0728.html
CVE-2016-0728
https://bugzilla.suse.com/923755
SUSE Bug 923755
https://bugzilla.suse.com/962075
SUSE Bug 962075
https://bugzilla.suse.com/962078
SUSE Bug 962078
https://bugzilla.suse.com/963994
SUSE Bug 963994

SUSE-SU-2016:0341-1

Описание

Список пакетов

SUSE Linux Enterprise Live Patching 12

Ссылки

Уязвимость: CVE-2016-0728

Описание

Затронутые продукты

Ссылки