Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 436
Alerts This Week
Warning Icon 1 436

openSUSE Leap 42.1: 2016:2583-1 Important Security Update

opensuse
Calendar Grey October 21, 2016
Dist Opensuse Esm H88
This significant announcement tackles vital safety concerns within the Linux kernel for openSUSE, improving overall system security.
An update that solves four vulnerabilities and has 21 fixes is now available.

Description

The openSUSE Leap 42.1 kernel was updated to 4.1.34, fixing bugs and

security issues.

The following security bugs were fixed:

- CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed,

which is reportedly exploited in the wild (bsc#1004418).

- CVE-2016-8658: Stack-based buffer overflow in the

brcmf_cfg80211_start_ap function in

drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux

kernel allowed local users to cause a denial of service (system crash)

or possibly have unspecified other impact via a long SSID Information

Element in a command to a Netlink socket (bnc#1004462).

- CVE-2016-7039: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly

have unspecified other impact by triggering use of the GRO path for

large crafted packets, as demonstrated by packets that contain only VLAN

headers, a related issue...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2016-1212=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.1 (i686 x86_64):

kernel-debug-4.1.34-33.1

kernel-debug-base-4.1.34-33.1

kernel-debug-base-debuginfo-4.1.34-33.1

kernel-debug-debuginfo-4.1.34-33.1

kernel-debug-debugsource-4.1.34-33.1

kernel-debug-devel-4.1.34-33.1

kernel-debug-devel-debuginfo-4.1.34-33.1

kernel-ec2-4.1.34-33.1

kernel-ec2-base-4.1.34-33.1

kernel-ec2-base-debuginfo-4.1.34-33.1

kernel-ec2-debuginfo-4.1.34-33.1

kernel-ec2-debugsource-4.1.34-33.1

kernel-ec2-devel-4.1.34-33.1

kernel-pv-4.1.34-33.1

kernel-pv-base-4.1.34-33.1

kernel-pv-base-debuginfo-4.1.34-33.1

kernel-pv-debuginfo-4.1.34-33.1

kernel-pv-debugsource-4.1.34-33.1

kernel-pv-devel-4.1.34-33.1

kernel-vanilla-4.1.34-33.1

kernel-vanilla-debuginfo-4.1.34-33.1

kernel-vanilla-debugsource-4.1.34-33.1

kernel-vanilla-devel-4.1.34-33.1

kernel-xen-4.1.34-33.1

kernel-xen-base-4.1.34-33.1

kernel-xen-base-debuginfo-4.1.34-33.1

kernel-xen-debuginfo-4.1.34-33.1

kernel-xen-debugsource-4.1.34-33.1

kernel-xen-devel-4.1.34-33.1

- openSUSE Leap 42.1 (i586 x86_64):

hdjmod-debugsource-1.28-26.1

hdjm...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2016-5195.html

https://www.suse.com/security/cve/CVE-2016-7039.html

https://www.suse.com/security/cve/CVE-2016-7425.html

https://www.suse.com/security/cve/CVE-2016-8658.html

https://bugzilla.suse.com/1000287

https://bugzilla.suse.com/1000304

https://bugzilla.suse.com/1000907

https://bugzilla.suse.com/1001462

https://bugzilla.suse.com/1001486

https://bugzilla.suse.com/1004418

https://bugzilla.suse.com/1004462

https://bugzilla.suse.com/1005101

https://bugzilla.suse.com/799133

https://bugzilla.suse.com/881008

https://bugzilla.suse.com/909994

https://bugzilla.suse.com/911687

https://bugzilla.suse.com/922634

https://bugzilla.suse.com/963655

https://bugzilla.suse.com/972460

https://bugzilla.suse.com/978094

https://bugzilla.suse.com/979681

https://bugzilla.suse.com/987703

https://bugzilla.suse.com/991247

https://bugzilla.suse.com/991665

https://bugzilla.suse.com/993890

https://bugzilla.suse.com/993891

https://bugzilla.suse.com/996664

https://bugzilla.suse.com/999600

https://bugzilla...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2016:2583-1
Rating: important
Affected Products: openSUSE Leap 42.1 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.