SUSE-SU-2017:3300-1

Опубликовано: 14 дек. 2017

Источник: suse-cvrf

Описание

Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP2)

This update for the Linux Kernel 4.4.74-92_29 fixes several issues.

The following security issues were fixed:

CVE-2017-1000405: Problematic use of pmd_mkdirty() in the touch_pmd() function allowed users to overwrite read-only huge pages (e.g. the zero huge page and sealed shmem files) (bsc#1070307).
CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708).

This non-security issue was fixed:

bsc#1062847: Enable proper shut down if NIC teaming is enabled

Список пакетов

SUSE Linux Enterprise Live Patching 12

kgraft-patch-4_4_74-92_29-default-6-2.1

Ссылки

https://www.suse.com/support/update/announcement/2017/suse-su-20173300-1/
Link for SUSE-SU-2017:3300-1
https://lists.suse.com/pipermail/sle-security-updates/2017-December/003508.html
E-Mail link for SUSE-SU-2017:3300-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1055567
SUSE Bug 1055567
https://bugzilla.suse.com/1062847
SUSE Bug 1062847
https://bugzilla.suse.com/1069708
SUSE Bug 1069708
https://bugzilla.suse.com/1070307
SUSE Bug 1070307
https://www.suse.com/security/cve/CVE-2017-1000405/
SUSE CVE CVE-2017-1000405 page
https://www.suse.com/security/cve/CVE-2017-16939/
SUSE CVE CVE-2017-16939 page

Описание

The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original "Dirty cow" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. For example, the zero huge page and sealed shmem files can be overwritten (since their mapping can be populated using THP). Note that after the first write page-fault to the zero page, it will be replaced with a new fresh (and zeroed) thp.

Затронутые продукты

SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_74-92_29-default-6-2.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-1000405.html
CVE-2017-1000405
https://bugzilla.suse.com/1069496
SUSE Bug 1069496
https://bugzilla.suse.com/1070307
SUSE Bug 1070307

Описание

The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.

Затронутые продукты

SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_74-92_29-default-6-2.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-16939.html
CVE-2017-16939
https://bugzilla.suse.com/1069702
SUSE Bug 1069702
https://bugzilla.suse.com/1069708
SUSE Bug 1069708
https://bugzilla.suse.com/1115893
SUSE Bug 1115893
https://bugzilla.suse.com/1120260
SUSE Bug 1120260

SUSE-SU-2017:3300-1

Описание

Список пакетов

SUSE Linux Enterprise Live Patching 12

Ссылки

Уязвимость: CVE-2017-1000405

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2017-16939

Описание

Затронутые продукты

Ссылки