SUSE-SU-2017:3226-1

Опубликовано: 06 дек. 2017

Источник: suse-cvrf

Описание

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2017-1000405: A bug in the THP CoW support could be used by local attackers to corrupt memory of other processes and cause them to crash (bnc#1069496).
CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bnc#1069702).

The following non-security bugs were fixed:

Fix a build issue on ppc64le systems (bsc#1070805)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP2

kernel-default-4.4.90-92.50.1

kernel-default-devel-4.4.90-92.50.1

kernel-default-extra-4.4.90-92.50.1

kernel-devel-4.4.90-92.50.1

kernel-macros-4.4.90-92.50.1

kernel-source-4.4.90-92.50.1

kernel-syms-4.4.90-92.50.1

SUSE Linux Enterprise High Availability Extension 12 SP2

cluster-md-kmp-default-4.4.90-92.50.1

cluster-network-kmp-default-4.4.90-92.50.1

dlm-kmp-default-4.4.90-92.50.1

gfs2-kmp-default-4.4.90-92.50.1

ocfs2-kmp-default-4.4.90-92.50.1

SUSE Linux Enterprise Live Patching 12

kgraft-patch-4_4_90-92_50-default-1-4.1

SUSE Linux Enterprise Server 12 SP2

kernel-default-4.4.90-92.50.1

kernel-default-base-4.4.90-92.50.1

kernel-default-devel-4.4.90-92.50.1

kernel-default-man-4.4.90-92.50.1

kernel-devel-4.4.90-92.50.1

kernel-macros-4.4.90-92.50.1

kernel-source-4.4.90-92.50.1

kernel-syms-4.4.90-92.50.1

SUSE Linux Enterprise Server for Raspberry Pi 12 SP2

kernel-default-4.4.90-92.50.1

kernel-default-base-4.4.90-92.50.1

kernel-default-devel-4.4.90-92.50.1

kernel-devel-4.4.90-92.50.1

kernel-macros-4.4.90-92.50.1

kernel-source-4.4.90-92.50.1

kernel-syms-4.4.90-92.50.1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

kernel-default-4.4.90-92.50.1

kernel-default-base-4.4.90-92.50.1

kernel-default-devel-4.4.90-92.50.1

kernel-default-man-4.4.90-92.50.1

kernel-devel-4.4.90-92.50.1

kernel-macros-4.4.90-92.50.1

kernel-source-4.4.90-92.50.1

kernel-syms-4.4.90-92.50.1

SUSE Linux Enterprise Software Development Kit 12 SP2

kernel-docs-4.4.90-92.50.3

kernel-obs-build-4.4.90-92.50.1

SUSE Linux Enterprise Workstation Extension 12 SP2

kernel-default-extra-4.4.90-92.50.1

Ссылки

https://www.suse.com/support/update/announcement/2017/suse-su-20173226-1/
Link for SUSE-SU-2017:3226-1
https://lists.suse.com/pipermail/sle-security-updates/2017-December/003475.html
E-Mail link for SUSE-SU-2017:3226-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1069496
SUSE Bug 1069496
https://bugzilla.suse.com/1069702
SUSE Bug 1069702
https://bugzilla.suse.com/1070805
SUSE Bug 1070805
https://www.suse.com/security/cve/CVE-2017-1000405/
SUSE CVE CVE-2017-1000405 page
https://www.suse.com/security/cve/CVE-2017-16939/
SUSE CVE CVE-2017-16939 page

Описание

The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original "Dirty cow" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. For example, the zero huge page and sealed shmem files can be overwritten (since their mapping can be populated using THP). Note that after the first write page-fault to the zero page, it will be replaced with a new fresh (and zeroed) thp.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP2:kernel-default-4.4.90-92.50.1

SUSE Linux Enterprise Desktop 12 SP2:kernel-default-devel-4.4.90-92.50.1

SUSE Linux Enterprise Desktop 12 SP2:kernel-default-extra-4.4.90-92.50.1

SUSE Linux Enterprise Desktop 12 SP2:kernel-devel-4.4.90-92.50.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-1000405.html
CVE-2017-1000405
https://bugzilla.suse.com/1069496
SUSE Bug 1069496
https://bugzilla.suse.com/1070307
SUSE Bug 1070307

Описание

The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP2:kernel-default-4.4.90-92.50.1

SUSE Linux Enterprise Desktop 12 SP2:kernel-default-devel-4.4.90-92.50.1

SUSE Linux Enterprise Desktop 12 SP2:kernel-default-extra-4.4.90-92.50.1

SUSE Linux Enterprise Desktop 12 SP2:kernel-devel-4.4.90-92.50.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-16939.html
CVE-2017-16939
https://bugzilla.suse.com/1069702
SUSE Bug 1069702
https://bugzilla.suse.com/1069708
SUSE Bug 1069708
https://bugzilla.suse.com/1115893
SUSE Bug 1115893
https://bugzilla.suse.com/1120260
SUSE Bug 1120260

SUSE-SU-2017:3226-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 12 SP2

SUSE Linux Enterprise High Availability Extension 12 SP2

SUSE Linux Enterprise Live Patching 12

SUSE Linux Enterprise Server 12 SP2

SUSE Linux Enterprise Server for Raspberry Pi 12 SP2

SUSE Linux Enterprise Server for SAP Applications 12 SP2

SUSE Linux Enterprise Software Development Kit 12 SP2

SUSE Linux Enterprise Workstation Extension 12 SP2

Ссылки

Уязвимость: CVE-2017-1000405

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2017-16939

Описание

Затронутые продукты

Ссылки