SUSE-SU-2017:2523-1

Опубликовано: 18 сент. 2017

Источник: suse-cvrf

Описание

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP3 kernel was updated to receive the following security fixes:

CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel was vulnerable to a stack overflow while processing L2CAP configuration responses, resulting in a potential remote denial-of-service vulnerability but no remote code execution due to use of CONFIG_CC_STACKPROTECTOR. [bnc#1057389]

Список пакетов

SUSE Linux Enterprise Desktop 12 SP3

kernel-default-4.4.82-6.6.1

kernel-default-devel-4.4.82-6.6.1

kernel-default-extra-4.4.82-6.6.1

kernel-devel-4.4.82-6.6.1

kernel-macros-4.4.82-6.6.1

kernel-source-4.4.82-6.6.1

kernel-syms-4.4.82-6.6.1

SUSE Linux Enterprise High Availability Extension 12 SP3

cluster-md-kmp-default-4.4.82-6.6.1

dlm-kmp-default-4.4.82-6.6.1

gfs2-kmp-default-4.4.82-6.6.1

ocfs2-kmp-default-4.4.82-6.6.1

SUSE Linux Enterprise Live Patching 12 SP3

kgraft-patch-4_4_82-6_6-default-1-2.1

SUSE Linux Enterprise Server 12 SP3

kernel-default-4.4.82-6.6.1

kernel-default-base-4.4.82-6.6.1

kernel-default-devel-4.4.82-6.6.1

kernel-default-man-4.4.82-6.6.1

kernel-devel-4.4.82-6.6.1

kernel-macros-4.4.82-6.6.1

kernel-source-4.4.82-6.6.1

kernel-syms-4.4.82-6.6.1

SUSE Linux Enterprise Server for SAP Applications 12 SP3

kernel-default-4.4.82-6.6.1

kernel-default-base-4.4.82-6.6.1

kernel-default-devel-4.4.82-6.6.1

kernel-default-man-4.4.82-6.6.1

kernel-devel-4.4.82-6.6.1

kernel-macros-4.4.82-6.6.1

kernel-source-4.4.82-6.6.1

kernel-syms-4.4.82-6.6.1

SUSE Linux Enterprise Software Development Kit 12 SP3

kernel-docs-4.4.82-6.6.3

kernel-obs-build-4.4.82-6.6.1

SUSE Linux Enterprise Workstation Extension 12 SP3

kernel-default-extra-4.4.82-6.6.1

Ссылки

https://www.suse.com/support/update/announcement/2017/suse-su-20172523-1/
Link for SUSE-SU-2017:2523-1
https://lists.suse.com/pipermail/sle-security-updates/2017-September/003247.html
E-Mail link for SUSE-SU-2017:2523-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1057389
SUSE Bug 1057389
https://www.suse.com/security/cve/CVE-2017-1000251/
SUSE CVE CVE-2017-1000251 page

Описание

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP3:kernel-default-4.4.82-6.6.1

SUSE Linux Enterprise Desktop 12 SP3:kernel-default-devel-4.4.82-6.6.1

SUSE Linux Enterprise Desktop 12 SP3:kernel-default-extra-4.4.82-6.6.1

SUSE Linux Enterprise Desktop 12 SP3:kernel-devel-4.4.82-6.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-1000251.html
CVE-2017-1000251
https://bugzilla.suse.com/1057389
SUSE Bug 1057389
https://bugzilla.suse.com/1057950
SUSE Bug 1057950
https://bugzilla.suse.com/1070535
SUSE Bug 1070535
https://bugzilla.suse.com/1072117
SUSE Bug 1072117
https://bugzilla.suse.com/1072162
SUSE Bug 1072162
https://bugzilla.suse.com/1120758
SUSE Bug 1120758

SUSE-SU-2017:2523-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 12 SP3

SUSE Linux Enterprise High Availability Extension 12 SP3

SUSE Linux Enterprise Live Patching 12 SP3

SUSE Linux Enterprise Server 12 SP3

SUSE Linux Enterprise Server for SAP Applications 12 SP3

SUSE Linux Enterprise Software Development Kit 12 SP3

SUSE Linux Enterprise Workstation Extension 12 SP3

Ссылки

Уязвимость: CVE-2017-1000251

Описание

Затронутые продукты

Ссылки