Описание
Security update for Linux Kernel Live Patch 14 for SLE 12 SP1
This update for the Linux Kernel 3.12.69-60_64_35 fixes several issues.
The following security bugs were fixed:
- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).
- CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).
- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).
- CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).
Список пакетов
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server for SAP Applications 12 SP1
Ссылки
- Link for SUSE-SU-2017:2091-1
- E-Mail link for SUSE-SU-2017:2091-1
- SUSE Security Ratings
- SUSE Bug 1038564
- SUSE Bug 1042892
- SUSE Bug 1046191
- SUSE Bug 1050751
- SUSE CVE CVE-2017-7533 page
- SUSE CVE CVE-2017-7645 page
- SUSE CVE CVE-2017-8890 page
- SUSE CVE CVE-2017-9242 page
Описание
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.
Затронутые продукты
Ссылки
- CVE-2017-7533
- SUSE Bug 1049483
- SUSE Bug 1050677
- SUSE Bug 1050751
- SUSE Bug 1053919
Описание
The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.
Затронутые продукты
Ссылки
- CVE-2017-7645
- SUSE Bug 1034670
- SUSE Bug 1036741
- SUSE Bug 1046191
- SUSE Bug 1087082
Описание
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.
Затронутые продукты
Ссылки
- CVE-2017-8890
- SUSE Bug 1038544
- SUSE Bug 1038564
- SUSE Bug 1039883
- SUSE Bug 1039885
- SUSE Bug 1040069
- SUSE Bug 1042364
- SUSE Bug 1051906
- SUSE Bug 1115893
Описание
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.
Затронутые продукты
Ссылки
- CVE-2017-9242
- SUSE Bug 1041431
- SUSE Bug 1042892