openSUSE 13.2: 2014:1678-1 Important: Local Escalation and DoS Threats
opensuse
December 21, 2014
An update that solves 8 vulnerabilities and has 22 fixes is An update that solves 8 vulnerabilities and has 22 fixes is An update that solves 8 vulnerabilities and has 22 fixes is ...
Description
The openSUSE 13.2 kernel was updated to version 3.16.7.
These security issues were fixed:
- CVE-2014-9322: A local privilege escalation in the x86_64 32bit
compatibility signal handling was fixed, which could be used by local
attackers to crash the machine or execute code. (bnc#910251)
- CVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c
in the Linux kernel did not properly handle faults associated with the
Stack Segment (SS) segment register, which allowed local users to cause
a denial of service (panic) via a modify_ldt system call, as
demonstrated by sigreturn_32 in the linux-clock-tests test suite.
(bnc#907818)
- CVE-2014-8133: Insufficient validation of TLS register usage could leak
information from the kernel stack to userspace. (bnc#909077)
- CVE-2014-3673: The SCTP implementation in the Linux kernel through
3.17.2 allowed remote attackers to cause a denial of service (system
crash) via a...
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.2:
zypper in -t patch openSUSE-2014-794
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE 13.2 (i586 x86_64):
kernel-default-3.16.7-7.1
kernel-default-base-3.16.7-7.1
kernel-default-base-debuginfo-3.16.7-7.1
kernel-default-debuginfo-3.16.7-7.1
kernel-default-debugsource-3.16.7-7.1
kernel-default-devel-3.16.7-7.1
kernel-ec2-3.16.7-7.1
kernel-ec2-base-3.16.7-7.1
kernel-ec2-devel-3.16.7-7.1
kernel-obs-build-3.16.7-7.3
kernel-obs-build-debugsource-3.16.7-7.3
kernel-obs-qa-3.16.7-7.2
kernel-obs-qa-xen-3.16.7-7.2
kernel-syms-3.16.7-7.1
- openSUSE 13.2 (i686 x86_64):
kernel-debug-3.16.7-7.1
kernel-debug-base-3.16.7-7.1
kernel-debug-base-debuginfo-3.16.7-7.1
kernel-debug-debuginfo-3.16.7-7.1
kernel-debug-debugsource-3.16.7-7.1
kernel-debug-devel-3.16.7-7.1
kernel-debug-devel-debuginfo-3.16.7-7.1
kernel-desktop-3.16.7-7.1
kernel-desktop-base-3.16.7-7.1
kernel-desktop-base-debuginfo-3.16.7-7.1
kernel-desktop-debuginfo-3.16.7-7.1
kernel-desktop-debugsource-3.16.7-7.1
kernel-desktop-devel-3.16.7-7.1
kernel-ec2-base-debuginfo-3.16.7-7.1
kernel-ec2-debuginfo-3.16.7-7.1
kernel-ec2-debugsource-3.16.7-7.1
kerne...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2014-3673.html
https://www.suse.com/security/cve/CVE-2014-3687.html
https://www.suse.com/security/cve/CVE-2014-3688.html
https://www.suse.com/security/cve/CVE-2014-7826.html
https://www.suse.com/security/cve/CVE-2014-7841.html
https://www.suse.com/security/cve/CVE-2014-8133.html
https://www.suse.com/security/cve/CVE-2014-9090.html
https://www.suse.com/security/cve/CVE-2014-9322.html
https://bugzilla.suse.com/show_bug.cgi?id=665315
https://bugzilla.suse.com/show_bug.cgi?id=856659
https://bugzilla.suse.com/show_bug.cgi?id=897112
https://bugzilla.suse.com/show_bug.cgi?id=897736
https://bugzilla.suse.com/show_bug.cgi?id=900786
https://bugzilla.suse.com/show_bug.cgi?id=902346
https://bugzilla.suse.com/show_bug.cgi?id=902349
https://bugzilla.suse.com/show_bug.cgi?id=902351
https://bugzilla.suse.com/show_bug.cgi?id=902632
https://bugzilla.suse.com/show_bug.cgi?id=902633
https://bugzilla.suse.com/show_bug.cgi?id=902728
https://bugzilla.suse.com/show_bug.cgi?id=903748
https://...
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2014:1678-1
Rating: important
Affected Products:
openSUSE 13.2
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!