openSUSE 13.1: 2014:1677-1 Important: Kernel Privilege Escalation
opensuse
December 21, 2014
An update that solves 31 vulnerabilities and has 12 fixes An update that solves 31 vulnerabilities and has 12 fixes An update that solves 31 vulnerabilities and has 12 fixes is now...
Description
The openSUSE 13.1 kernel was updated to fix security issues and bugs:
Security issues fixed: CVE-2014-9322: A local privilege escalation in the
x86_64 32bit compatibility signal handling was fixed, which could be used
by local attackers to crash the machine or execute code.
CVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c in
the Linux kernel did not properly handle faults associated with the Stack
Segment (SS) segment register, which allowed local users to cause a denial
of service (panic) via a modify_ldt system call, as demonstrated by
sigreturn_32 in the linux-clock-tests test suite.
CVE-2014-8133: Insufficient validation of TLS register usage could leak
information from the kernel stack to userspace.
CVE-2014-0181: The Netlink implementation in the Linux kernel through
3.14.1 did not provide a mechanism for authorizing socket operations based
on the opener of a socket, which allowed local users to bypass...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-793
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE 13.1 (i686 x86_64):
kernel-debug-3.11.10-25.1
kernel-debug-base-3.11.10-25.1
kernel-debug-base-debuginfo-3.11.10-25.1
kernel-debug-debuginfo-3.11.10-25.1
kernel-debug-debugsource-3.11.10-25.1
kernel-debug-devel-3.11.10-25.1
kernel-debug-devel-debuginfo-3.11.10-25.1
kernel-desktop-3.11.10-25.1
kernel-desktop-base-3.11.10-25.1
kernel-desktop-base-debuginfo-3.11.10-25.1
kernel-desktop-debuginfo-3.11.10-25.1
kernel-desktop-debugsource-3.11.10-25.1
kernel-desktop-devel-3.11.10-25.1
kernel-desktop-devel-debuginfo-3.11.10-25.1
kernel-ec2-3.11.10-25.1
kernel-ec2-base-3.11.10-25.1
kernel-ec2-base-debuginfo-3.11.10-25.1
kernel-ec2-debuginfo-3.11.10-25.1
kernel-ec2-debugsource-3.11.10-25.1
kernel-ec2-devel-3.11.10-25.1
kernel-ec2-devel-debuginfo-3.11.10-25.1
kernel-trace-3.11.10-25.1
kernel-trace-base-3.11.10-25.1
kernel-trace-base-debuginfo-3.11.10-25.1
kernel-trace-debuginfo-3.11.10-25.1
kernel-trace-debugsource-3.11.10-25.1
kernel-trace-devel-3.11.10-25.1
kernel-trace-devel-debuginfo-3.11.10-25.1
kernel-vanilla...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2013-2891.html
https://www.suse.com/security/cve/CVE-2013-2898.html
https://www.suse.com/security/cve/CVE-2014-0181.html
https://www.suse.com/security/cve/CVE-2014-0206.html
https://www.suse.com/security/cve/CVE-2014-1739.html
https://www.suse.com/security/cve/CVE-2014-3181.html
https://www.suse.com/security/cve/CVE-2014-3182.html
https://www.suse.com/security/cve/CVE-2014-3184.html
https://www.suse.com/security/cve/CVE-2014-3185.html
https://www.suse.com/security/cve/CVE-2014-3186.html
https://www.suse.com/security/cve/CVE-2014-3673.html
https://www.suse.com/security/cve/CVE-2014-3687.html
https://www.suse.com/security/cve/CVE-2014-3688.html
https://www.suse.com/security/cve/CVE-2014-4171.html
https://www.suse.com/security/cve/CVE-2014-4508.html
https://www.suse.com/security/cve/CVE-2014-4608.html
https://www.suse.com/security/cve/CVE-2014-4611.html
https://www.suse.com/security/cve/CVE-2014-4943.html
https://www.suse.com/security/cve/CVE-2014-5077.html
https://www....
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2014:1677-1
Rating: important
Affected Products:
openSUSE 13.1
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!