Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:2094-1

Опубликовано: 08 авг. 2017
Источник: suse-cvrf

Описание

Security update for Linux Kernel Live Patch 15 for SLE 12 SP1

This update for the Linux Kernel 3.12.74-60_64_40 fixes several issues.

The following security bugs were fixed:

  • CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).
  • CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).
  • CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).

The following non-security bug was fixed:

  • A SUSE Linux Enterprise specific regression in tearing down network namespaces was fixed (bsc#1044878)

Список пакетов

SUSE Linux Enterprise Server 12 SP1-LTSS
kgraft-patch-3_12_74-60_64_40-default-3-2.1
kgraft-patch-3_12_74-60_64_40-xen-3-2.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
kgraft-patch-3_12_74-60_64_40-default-3-2.1
kgraft-patch-3_12_74-60_64_40-xen-3-2.1

Ссылки

Описание

Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-default-3-2.1
SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-xen-3-2.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-default-3-2.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-xen-3-2.1
Ссылки

Описание

The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-default-3-2.1
SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-xen-3-2.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-default-3-2.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-xen-3-2.1
Ссылки

Описание

The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-default-3-2.1
SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-xen-3-2.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-default-3-2.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-xen-3-2.1
Ссылки