Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:3217-1

Опубликовано: 21 дек. 2016
Источник: suse-cvrf

Описание

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 kernel was updated to receive two security fixes.

The following security bugs were fixed:

  • CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604).
  • CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533).

Список пакетов

SUSE Linux Enterprise Module for Public Cloud 12
kernel-ec2-3.12.60-52.63.1
kernel-ec2-devel-3.12.60-52.63.1
kernel-ec2-extra-3.12.60-52.63.1
SUSE Linux Enterprise Server 12-LTSS
kernel-default-3.12.60-52.63.1
kernel-default-base-3.12.60-52.63.1
kernel-default-devel-3.12.60-52.63.1
kernel-default-man-3.12.60-52.63.1
kernel-devel-3.12.60-52.63.1
kernel-macros-3.12.60-52.63.1
kernel-source-3.12.60-52.63.1
kernel-syms-3.12.60-52.63.1
kernel-xen-3.12.60-52.63.1
kernel-xen-base-3.12.60-52.63.1
kernel-xen-devel-3.12.60-52.63.1
kgraft-patch-3_12_60-52_63-default-1-2.1
kgraft-patch-3_12_60-52_63-xen-1-2.1
SUSE Linux Enterprise Server for SAP Applications 12
kernel-default-3.12.60-52.63.1
kernel-default-base-3.12.60-52.63.1
kernel-default-devel-3.12.60-52.63.1
kernel-devel-3.12.60-52.63.1
kernel-macros-3.12.60-52.63.1
kernel-source-3.12.60-52.63.1
kernel-syms-3.12.60-52.63.1
kernel-xen-3.12.60-52.63.1
kernel-xen-base-3.12.60-52.63.1
kernel-xen-devel-3.12.60-52.63.1
kgraft-patch-3_12_60-52_63-default-1-2.1
kgraft-patch-3_12_60-52_63-xen-1-2.1

Ссылки

Описание

The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.

Затронутые продукты
SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.60-52.63.1
SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.60-52.63.1
SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.60-52.63.1
SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.60-52.63.1
Ссылки

Описание

Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command.

Затронутые продукты
SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.60-52.63.1
SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.60-52.63.1
SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.60-52.63.1
SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.60-52.63.1
Ссылки