Alerts This Week
Warning Icon 1 566
Alerts This Week
Warning Icon 1 566

openSUSE 12.2: 2013:0395-1 Important: Local Privilege Escalation Fix

opensuse
Calendar Grey March 5, 2013
Dist Opensuse Esm H88
New release for openSUSE addresses local privilege escalation vulnerabilities with critical kernel enhancements. Keep your system secure and up-to-date!
An update that solves 5 vulnerabilities and has three fixes An update that solves 5 vulnerabilities and has three fixes An update that solves 5 vulnerabilities and has three fixes ...

Description

The Linux kernel was updated to 3.4.33 and to fix a local

root privilege escalation and various other security and

non-security bugs.

CVE-2013-1763: A out of bounds access in sock_diag could be

used by local attackers to execute code in kernel context

and so become root.

CVE-2013-0160: The atime of /dev/ptmx is no longer updated,

avoiding side channel attacks via user typing speed.

CVE-2012-5374: Denial of service via btrfs hashes could

have been used by local attackers to cause a compute denial

of service.

CVE-2013-0216: Fixed a problem in XEN netback: shutdown the

ring if it contains garbage.

CVE-2013-0231: Fixed a problem in XEN pciback: rate limit

error messages from xen_pcibk_enable_msi(x).

Topics%20covered

Topics Covered

security advisory kernel update local privilege escalation important fix openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-175

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 12.2 (i586 x86_64):

kernel-default-3.4.33-2.24.1

kernel-default-base-3.4.33-2.24.1

kernel-default-base-debuginfo-3.4.33-2.24.1

kernel-default-debuginfo-3.4.33-2.24.1

kernel-default-debugsource-3.4.33-2.24.1

kernel-default-devel-3.4.33-2.24.1

kernel-default-devel-debuginfo-3.4.33-2.24.1

kernel-syms-3.4.33-2.24.1

- openSUSE 12.2 (i686 x86_64):

kernel-debug-3.4.33-2.24.1

kernel-debug-base-3.4.33-2.24.1

kernel-debug-base-debuginfo-3.4.33-2.24.1

kernel-debug-debuginfo-3.4.33-2.24.1

kernel-debug-debugsource-3.4.33-2.24.1

kernel-debug-devel-3.4.33-2.24.1

kernel-debug-devel-debuginfo-3.4.33-2.24.1

kernel-desktop-3.4.33-2.24.1

kernel-desktop-base-3.4.33-2.24.1

kernel-desktop-base-debuginfo-3.4.33-2.24.1

kernel-desktop-debuginfo-3.4.33-2.24.1

kernel-desktop-debugsource-3.4.33-2.24.1

kernel-desktop-devel-3.4.33-2.24.1

kernel-desktop-devel-debuginfo-3.4.33-2.24.1

kernel-ec2-3.4.33-2.24.1

kernel-ec2-base-3.4.33-2.24.1

kernel-ec2-base-debuginfo-3.4.33-2.24.1

kernel-ec2-debuginfo-3.4.33-2.24.1

kernel-ec2-debugsource-...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2012-5374.html

https://www.suse.com/security/cve/CVE-2013-0160.html

https://www.suse.com/security/cve/CVE-2013-0216.html

https://www.suse.com/security/cve/CVE-2013-0231.html

https://www.suse.com/security/cve/CVE-2013-1763.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2013:0395-1
Rating: important
Affected Products: openSUSE 12.2

Topics%20covered

Topics Covered

security advisory kernel update local privilege escalation important fix openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here