Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:0752-1

Опубликовано: 14 мар. 2016
Источник: suse-cvrf

Описание

Security update for kernel live patch 2

This kernel live patch for Linux Kernel 3.12.51-60.25.1 fixes three security issues:

Fixes:

  • CVE-2016-0728: A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962078).
  • CVE-2015-8660: The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. (bsc#960329)
  • CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. (bsc#955837)

Список пакетов

SUSE Linux Enterprise Live Patching 12
kgraft-patch-3_12_51-60_25-default-2-2.1
kgraft-patch-3_12_51-60_25-xen-2-2.1

Ссылки

Описание

Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.

Затронутые продукты
SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-2-2.1
SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-2-2.1
Ссылки

Описание

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

Затронутые продукты
SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-2-2.1
SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-2-2.1
Ссылки

Описание

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.

Затронутые продукты
SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-2-2.1
SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-2-2.1
Ссылки