Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:0865-1

Опубликовано: 29 мар. 2017
Источник: suse-cvrf

Описание

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 kernel was updated to fix the following security bugs:

  • CVE-2017-7184: The Linux kernel allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via unspecified vectors, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bnc#1030573, bnc#1028372).
  • CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bnc#1027565).

Список пакетов

SUSE Linux Enterprise Desktop 12 SP1
kernel-default-3.12.69-60.64.35.1
kernel-default-devel-3.12.69-60.64.35.1
kernel-default-extra-3.12.69-60.64.35.1
kernel-devel-3.12.69-60.64.35.1
kernel-macros-3.12.69-60.64.35.1
kernel-source-3.12.69-60.64.35.1
kernel-syms-3.12.69-60.64.35.1
kernel-xen-3.12.69-60.64.35.1
kernel-xen-devel-3.12.69-60.64.35.1
SUSE Linux Enterprise Live Patching 12
kgraft-patch-3_12_69-60_64_35-default-1-2.1
kgraft-patch-3_12_69-60_64_35-xen-1-2.1
SUSE Linux Enterprise Module for Public Cloud 12
kernel-ec2-3.12.69-60.64.35.1
kernel-ec2-devel-3.12.69-60.64.35.1
kernel-ec2-extra-3.12.69-60.64.35.1
SUSE Linux Enterprise Server 12 SP1
kernel-default-3.12.69-60.64.35.1
kernel-default-base-3.12.69-60.64.35.1
kernel-default-devel-3.12.69-60.64.35.1
kernel-default-man-3.12.69-60.64.35.1
kernel-devel-3.12.69-60.64.35.1
kernel-macros-3.12.69-60.64.35.1
kernel-source-3.12.69-60.64.35.1
kernel-syms-3.12.69-60.64.35.1
kernel-xen-3.12.69-60.64.35.1
kernel-xen-base-3.12.69-60.64.35.1
kernel-xen-devel-3.12.69-60.64.35.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
kernel-default-3.12.69-60.64.35.1
kernel-default-base-3.12.69-60.64.35.1
kernel-default-devel-3.12.69-60.64.35.1
kernel-default-man-3.12.69-60.64.35.1
kernel-devel-3.12.69-60.64.35.1
kernel-macros-3.12.69-60.64.35.1
kernel-source-3.12.69-60.64.35.1
kernel-syms-3.12.69-60.64.35.1
kernel-xen-3.12.69-60.64.35.1
kernel-xen-base-3.12.69-60.64.35.1
kernel-xen-devel-3.12.69-60.64.35.1
SUSE Linux Enterprise Software Development Kit 12 SP1
kernel-docs-3.12.69-60.64.35.3
kernel-obs-build-3.12.69-60.64.35.1
SUSE Linux Enterprise Workstation Extension 12 SP1
kernel-default-extra-3.12.69-60.64.35.1

Ссылки

Описание

Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:kernel-default-3.12.69-60.64.35.1
SUSE Linux Enterprise Desktop 12 SP1:kernel-default-devel-3.12.69-60.64.35.1
SUSE Linux Enterprise Desktop 12 SP1:kernel-default-extra-3.12.69-60.64.35.1
SUSE Linux Enterprise Desktop 12 SP1:kernel-devel-3.12.69-60.64.35.1
Ссылки

Описание

The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:kernel-default-3.12.69-60.64.35.1
SUSE Linux Enterprise Desktop 12 SP1:kernel-default-devel-3.12.69-60.64.35.1
SUSE Linux Enterprise Desktop 12 SP1:kernel-default-extra-3.12.69-60.64.35.1
SUSE Linux Enterprise Desktop 12 SP1:kernel-devel-3.12.69-60.64.35.1
Ссылки
Уязвимость SUSE-SU-2017:0865-1