Jump to content
Compatible Support Forums
Sign in to follow this  
news

[security-announce] SUSE-SU-2015:1487-1: important: Live patch for the Linux Kernel

Recommended Posts

SUSE Security Update: Live patch for the Linux Kernel

______________________________________________________________________________

 

Announcement ID: SUSE-SU-2015:1487-1

Rating: important

References: #939044 #939241 #939262 #939263 #939270 #939273

#939276 #939277

Cross-References: CVE-2014-8159 CVE-2015-1805 CVE-2015-3331

CVE-2015-3339 CVE-2015-3636 CVE-2015-4700

CVE-2015-5364 CVE-2015-5366

Affected Products:

SUSE Linux Enterprise Live Patching 12

______________________________________________________________________________

 

An update that fixes 8 vulnerabilities is now available.

 

Description:

 

 

This update contains a kernel live patch for the 3.12.38-44 SUSE Linux

Enterprise Server 12 Kernel, fixing following security issues.

 

- CVE-2015-3339: A race condition in the prepare_binprm function in

fs/exec.c in the Linux kernel allowed local users to gain privileges by

executing a setuid program at a time instant when a chown to root is in

progress, and the ownership is changed but the setuid bit is not yet

stripped. (bsc#939263 bsc#939044)

 

- CVE-2015-3636: The ping_unhash function in net/ipv4/ping.c in the Linux

kernel did not initialize a certain list data structure during an unhash

operation, which allowed local users to gain privileges or cause a

denial of service (use-after-free and system crash) by leveraging the

ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP

or IPPROTO_ICMPV6 protocol, and then making a connect system call after

a disconnect. (bsc#939277)

 

- CVE-2015-5364/CVE-2015-5366: Two denial of service attacks via a flood

of UDP packets with invalid checksums were fixed that could be used by

remote attackers to delay execution. (bsc#939276)

 

- CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in

fs/pipe.c in the Linux kernel did not properly consider the side effects

of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls,

which allowed local users to cause a denial of service (system crash)

or possibly gain privileges via a crafted application, aka an "I/O

vector array overrun." (bsc#939270)

 

- CVE-2015-4700: A BPF Jit optimization flaw could allow local users to

panic the kernel. (bsc#939273)

 

- CVE-2015-3331: The __driver_rfc4106_decrypt function in

arch/x86/crypto/aesni-intel_glue.c in the Linux kernel did not properly

determine the memory locations used for encrypted data, which allowed

context-dependent attackers to cause a denial of service (buffer

overflow and system crash) or possibly execute arbitrary code by

triggering a crypto API call, as demonstrated by use of a libkcapi test

program with an AF_ALG(aead) socket. (bsc#939262)

 

- CVE-2014-8159: The InfiniBand (IB) implementation in the Linux kernel

did not properly restrict use of User Verbs for registration of memory

regions, which allowed local users to access arbitrary physical memory

locations, and consequently cause a denial of service (system crash)

or gain privileges, by leveraging permissions on a uverbs device under

/dev/infiniband/. (bsc#939241)

 

 

Patch Instructions:

 

To install this SUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- SUSE Linux Enterprise Live Patching 12:

 

zypper in -t patch SUSE-SLE-Live-Patching-12-2015-486=1

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- SUSE Linux Enterprise Live Patching 12 (x86_64):

 

kgraft-patch-3_12_38-44-default-2-7.1

kgraft-patch-3_12_38-44-xen-2-7.1

 

 

References:

 

https://www.suse.com/security/cve/CVE-2014-8159.html

https://www.suse.com/security/cve/CVE-2015-1805.html

https://www.suse.com/security/cve/CVE-2015-3331.html

https://www.suse.com/security/cve/CVE-2015-3339.html

https://www.suse.com/security/cve/CVE-2015-3636.html

https://www.suse.com/security/cve/CVE-2015-4700.html

https://www.suse.com/security/cve/CVE-2015-5364.html

https://www.suse.com/security/cve/CVE-2015-5366.html

https://bugzilla.suse.com/939044

https://bugzilla.suse.com/939241

https://bugzilla.suse.com/939262

https://bugzilla.suse.com/939263

https://bugzilla.suse.com/939270

https://bugzilla.suse.com/939273

https://bugzilla.suse.com/939276

https://bugzilla.suse.com/939277

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×