Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 441
Alerts This Week
Warning Icon 1 441

openSUSE 13.2: 2016:2144-1 Important: Kernel Denial Of Service Fixes

opensuse
Calendar Grey August 24, 2016
Dist Opensuse Esm H88
Crucial openSUSE kernel upgrade addresses 53 security flaws with comprehensive solutions. Maintain safety by applying the newest updates.
An update that solves 53 vulnerabilities and has 28 fixes is now available.

Description

The openSUSE 13.2 kernel was updated to fix various bugs and security

issues.

The following security bugs were fixed:

- CVE-2016-1583: Prevent the usage of mmap when the lower file system does

not allow it. This could have lead to local privilege escalation when

ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid

(bsc#983143).

- CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c

in the Linux kernel mishandles NM (aka alternate name) entries

containing \0 characters, which allowed local users to obtain sensitive

information from kernel memory or possibly have unspecified other impact

via a crafted isofs filesystem (bnc#980725).

- CVE-2016-4580: The x25_negotiate_facilities function in

net/x25/x25_facilities.c in the Linux kernel did not properly initialize

a certain data structure, which allowed attackers to obtain sensitive

information from kernel stack memory via an X.25...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2016-1015=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 13.2 (i586 x86_64):

bbswitch-0.8-3.20.3

bbswitch-debugsource-0.8-3.20.3

bbswitch-kmp-default-0.8_k3.16.7_42-3.20.3

bbswitch-kmp-default-debuginfo-0.8_k3.16.7_42-3.20.3

bbswitch-kmp-desktop-0.8_k3.16.7_42-3.20.3

bbswitch-kmp-desktop-debuginfo-0.8_k3.16.7_42-3.20.3

bbswitch-kmp-xen-0.8_k3.16.7_42-3.20.3

bbswitch-kmp-xen-debuginfo-0.8_k3.16.7_42-3.20.3

cloop-2.639-14.20.3

cloop-debuginfo-2.639-14.20.3

cloop-debugsource-2.639-14.20.3

cloop-kmp-default-2.639_k3.16.7_42-14.20.3

cloop-kmp-default-debuginfo-2.639_k3.16.7_42-14.20.3

cloop-kmp-desktop-2.639_k3.16.7_42-14.20.3

cloop-kmp-desktop-debuginfo-2.639_k3.16.7_42-14.20.3

cloop-kmp-xen-2.639_k3.16.7_42-14.20.3

cloop-kmp-xen-debuginfo-2.639_k3.16.7_42-14.20.3

crash-7.0.8-20.3

crash-debuginfo-7.0.8-20.3

crash-debugsource-7.0.8-20.3

crash-devel-7.0.8-20.3

crash-doc-7.0.8-20.3

crash-eppic-7.0.8-20.3

crash-eppic-debuginfo-7.0.8-20.3

crash-gcore-7.0.8-20.3

crash-gcore-debuginfo-7.0.8-20.3

crash-kmp-default-7.0.8_k3.16.7_42-20.3

crash-kmp-default-debuginfo-7.0.8_...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2012-6701.html

https://www.suse.com/security/cve/CVE-2013-7446.html

https://www.suse.com/security/cve/CVE-2014-9904.html

https://www.suse.com/security/cve/CVE-2015-3288.html

https://www.suse.com/security/cve/CVE-2015-6526.html

https://www.suse.com/security/cve/CVE-2015-7566.html

https://www.suse.com/security/cve/CVE-2015-8709.html

https://www.suse.com/security/cve/CVE-2015-8785.html

https://www.suse.com/security/cve/CVE-2015-8812.html

https://www.suse.com/security/cve/CVE-2015-8816.html

https://www.suse.com/security/cve/CVE-2015-8830.html

https://www.suse.com/security/cve/CVE-2016-0758.html

https://www.suse.com/security/cve/CVE-2016-1583.html

https://www.suse.com/security/cve/CVE-2016-2053.html

https://www.suse.com/security/cve/CVE-2016-2184.html

https://www.suse.com/security/cve/CVE-2016-2185.html

https://www.suse.com/security/cve/CVE-2016-2186.html

https://www.suse.com/security/cve/CVE-2016-2187.html

https://www.suse.com/security/cve/CVE-2016-2188.html

https://www....

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2016:2144-1
Rating: important
Affected Products: openSUSE 13.2 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.