Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

openSUSE 13.2: 2016:3061-1 Critical Update for Kernel Security Issues

opensuse
Calendar Grey December 8, 2016
Scroller Opensuse
A recent security patch for openSUSE 13.2 Kernel resolves 12 vulnerabilities aimed at reducing the risk of local privilege elevation and denial of service (DoS) concerns.
An update that solves 12 vulnerabilities and has 8 fixes is An update that solves 12 vulnerabilities and has 8 fixes is An update that solves 12 vulnerabilities and has 8 fixes is ...

Description

The openSUSE 13.2 kernel was updated to receive various security and

bugfixes.

The following security bugs were fixed:

- CVE-2015-8962: Double free vulnerability in the sg_common_write function

in drivers/scsi/sg.c in the Linux kernel allowed local users to gain

privileges or cause a denial of service (memory corruption and system

crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).

- CVE-2015-8963: Race condition in kernel/events/core.c in the Linux

kernel allowed local users to gain privileges or cause a denial of

service (use-after-free) by leveraging incorrect handling of an swevent

data structure during a CPU unplug operation (bnc#1010502).

- CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in

the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc)

stack protector is enabled, uses an incorrect buffer size for certain

timeout data, which allowed local users to...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2016-1431=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 13.2 (i686 x86_64):

kernel-debug-3.16.7-53.1

kernel-debug-base-3.16.7-53.1

kernel-debug-base-debuginfo-3.16.7-53.1

kernel-debug-debuginfo-3.16.7-53.1

kernel-debug-debugsource-3.16.7-53.1

kernel-debug-devel-3.16.7-53.1

kernel-debug-devel-debuginfo-3.16.7-53.1

kernel-desktop-3.16.7-53.1

kernel-desktop-base-3.16.7-53.1

kernel-desktop-base-debuginfo-3.16.7-53.1

kernel-desktop-debuginfo-3.16.7-53.1

kernel-desktop-debugsource-3.16.7-53.1

kernel-desktop-devel-3.16.7-53.1

kernel-ec2-base-debuginfo-3.16.7-53.1

kernel-ec2-debuginfo-3.16.7-53.1

kernel-ec2-debugsource-3.16.7-53.1

kernel-vanilla-3.16.7-53.1

kernel-vanilla-debuginfo-3.16.7-53.1

kernel-vanilla-debugsource-3.16.7-53.1

kernel-vanilla-devel-3.16.7-53.1

kernel-xen-3.16.7-53.1

kernel-xen-base-3.16.7-53.1

kernel-xen-base-debuginfo-3.16.7-53.1

kernel-xen-debuginfo-3.16.7-53.1

kernel-xen-debugsource-3.16.7-53.1

kernel-xen-devel-3.16.7-53.1

- openSUSE 13.2 (i586 x86_64):

bbswitch-0.8-3.26.1

bbswitch-debugsource-0.8-3.26.1

bbswitch-kmp-default-0.8_k3.16.7_53-3.2...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2015-8962.html

https://www.suse.com/security/cve/CVE-2015-8963.html

https://www.suse.com/security/cve/CVE-2016-7042.html

https://www.suse.com/security/cve/CVE-2016-7910.html

https://www.suse.com/security/cve/CVE-2016-7911.html

https://www.suse.com/security/cve/CVE-2016-7913.html

https://www.suse.com/security/cve/CVE-2016-7914.html

https://www.suse.com/security/cve/CVE-2016-7916.html

https://www.suse.com/security/cve/CVE-2016-8633.html

https://www.suse.com/security/cve/CVE-2016-8646.html

https://www.suse.com/security/cve/CVE-2016-8655.html

https://www.suse.com/security/cve/CVE-2016-9555.html

https://bugzilla.suse.com/show_bug.cgi?id=1001486

https://bugzilla.suse.com/show_bug.cgi?id=1004517

https://bugzilla.suse.com/show_bug.cgi?id=1007615

https://bugzilla.suse.com/show_bug.cgi?id=1008833

https://bugzilla.suse.com/show_bug.cgi?id=1010040

https://bugzilla.suse.com/show_bug.cgi?id=1010150

https://bugzilla.suse.com/show_bug.cgi?id=1010467

https://bugzilla.suse.com/show_bu...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2016:3061-1
Rating: important
Affected Products: openSUSE 13.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.