openSUSE 13.1: 2014:0840-1 Important Kernel Bugfix For Security Issues

opensuse

June 25, 2014

An update that solves 9 vulnerabilities and has 15 fixes is An update that solves 9 vulnerabilities and has 15 fixes is An update that solves 9 vulnerabilities and has 15 fixes is ...

Description

The Linux kernel was updated to fix security issues and bugs.

Security issues fixed: CVE-2014-3153: The futex_requeue function in

kernel/futex.c in the Linux kernel did not ensure that calls have two

different futex addresses, which allowed local users to gain privileges

via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter

modification.

CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST

extension implementations in the sk_run_filter function in

net/core/filter.c in the Linux kernel did not check whether a certain

length value is sufficiently large, which allowed local users to cause a

denial of service (integer underflow and system crash) via crafted BPF

instructions. NOTE: the affected code was moved to the __skb_get_nlattr

and __skb_get_nlattr_nest functions before the vulnerability was announced.

CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension implementation in the

sk_run_filter function in...

Read the Full Advisory

Topics Covered

security advisory kernel security threats Denial of Service bugfix important update openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2014-441

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 13.1 (i686 x86_64):

kernel-debug-3.11.10-17.2

kernel-debug-base-3.11.10-17.2

kernel-debug-base-debuginfo-3.11.10-17.2

kernel-debug-debuginfo-3.11.10-17.2

kernel-debug-debugsource-3.11.10-17.2

kernel-debug-devel-3.11.10-17.2

kernel-debug-devel-debuginfo-3.11.10-17.2

kernel-desktop-3.11.10-17.2

kernel-desktop-base-3.11.10-17.2

kernel-desktop-base-debuginfo-3.11.10-17.2

kernel-desktop-debuginfo-3.11.10-17.2

kernel-desktop-debugsource-3.11.10-17.2

kernel-desktop-devel-3.11.10-17.2

kernel-desktop-devel-debuginfo-3.11.10-17.2

kernel-ec2-3.11.10-17.1

kernel-ec2-base-3.11.10-17.1

kernel-ec2-base-debuginfo-3.11.10-17.1

kernel-ec2-debuginfo-3.11.10-17.1

kernel-ec2-debugsource-3.11.10-17.1

kernel-ec2-devel-3.11.10-17.1

kernel-ec2-devel-debuginfo-3.11.10-17.1

kernel-trace-3.11.10-17.2

kernel-trace-base-3.11.10-17.2

kernel-trace-base-debuginfo-3.11.10-17.2

kernel-trace-debuginfo-3.11.10-17.2

kernel-trace-debugsource-3.11.10-17.2

kernel-trace-devel-3.11.10-17.2

kernel-trace-devel-debuginfo-3.11.10-17.2

kernel-vanilla...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2013-7339.html

https://www.suse.com/security/cve/CVE-2014-0055.html

https://www.suse.com/security/cve/CVE-2014-0077.html

https://www.suse.com/security/cve/CVE-2014-2678.html

https://www.suse.com/security/cve/CVE-2014-2851.html

https://www.suse.com/security/cve/CVE-2014-3122.html

https://www.suse.com/security/cve/CVE-2014-3144.html

https://www.suse.com/security/cve/CVE-2014-3145.html

https://www.suse.com/security/cve/CVE-2014-3153.html

https://login.microfocus.com/nidp/app/login?sid=0

https://login.microfocus.com/nidp/app/logi...

Read the Full Advisory

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: openSUSE-SU-2014:0840-1

Rating: important

Affected Products: openSUSE 13.1

Topics Covered

security advisory kernel security threats Denial of Service bugfix important update openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks