Описание
Security update for kernel live patch 8
This kernel live patch for Linux Kernel 3.12.48-52.27.1 fixes two security issues:
Fixes:
- CVE-2016-0728: A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962078).
- CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. (bsc#955837)
Список пакетов
SUSE Linux Enterprise Live Patching 12
kgraft-patch-3_12_48-52_27-default-3-2.1
kgraft-patch-3_12_48-52_27-xen-3-2.1
Ссылки
- Link for SUSE-SU-2016:0757-1
- E-Mail link for SUSE-SU-2016:0757-1
- SUSE Security Ratings
- SUSE Bug 955837
- SUSE Bug 962078
- SUSE CVE CVE-2013-7446 page
- SUSE CVE CVE-2016-0728 page
Описание
Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.
Затронутые продукты
SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_48-52_27-default-3-2.1
SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_48-52_27-xen-3-2.1
Ссылки
- CVE-2013-7446
- SUSE Bug 1020452
- SUSE Bug 955654
- SUSE Bug 955837
Описание
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
Затронутые продукты
SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_48-52_27-default-3-2.1
SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_48-52_27-xen-3-2.1
Ссылки
- CVE-2016-0728
- SUSE Bug 923755
- SUSE Bug 962075
- SUSE Bug 962078
- SUSE Bug 963994