Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

openSUSE 13.1 Advisory: 2016:3118-1 Important Kernel Privilege Escalation

opensuse
Calendar Grey December 13, 2016
Dist Opensuse Esm H88
Critical security patch for Fedora resolves serious kernel flaws. Maintain security by applying the most recent kernel updates.
An update that fixes two vulnerabilities is now available

Description

The openSUSE 13.1 kernel was updated to fix two security issues.

The following security bugs were fixed:

- CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver

allows users with write access to /dev/sg* or /dev/bsg* to elevate their

privileges (bsc#1013604).

- CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer

allowed local users to cause a denial of service, memory corruption or

possibly even to elevate their privileges (bsc#1013533).

Topics%20covered

Topics Covered

security advisory update privilege escalation important kernel dos openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2016-1454=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 13.1 (i586 x86_64):

cloop-2.639-11.40.1

cloop-debuginfo-2.639-11.40.1

cloop-debugsource-2.639-11.40.1

cloop-kmp-default-2.639_k3.12.67_64-11.40.1

cloop-kmp-default-debuginfo-2.639_k3.12.67_64-11.40.1

cloop-kmp-desktop-2.639_k3.12.67_64-11.40.1

cloop-kmp-desktop-debuginfo-2.639_k3.12.67_64-11.40.1

cloop-kmp-xen-2.639_k3.12.67_64-11.40.1

cloop-kmp-xen-debuginfo-2.639_k3.12.67_64-11.40.1

crash-7.0.2-2.40.1

crash-debuginfo-7.0.2-2.40.1

crash-debugsource-7.0.2-2.40.1

crash-devel-7.0.2-2.40.1

crash-doc-7.0.2-2.40.1

crash-eppic-7.0.2-2.40.1

crash-eppic-debuginfo-7.0.2-2.40.1

crash-gcore-7.0.2-2.40.1

crash-gcore-debuginfo-7.0.2-2.40.1

crash-kmp-default-7.0.2_k3.12.67_64-2.40.1

crash-kmp-default-debuginfo-7.0.2_k3.12.67_64-2.40.1

crash-kmp-desktop-7.0.2_k3.12.67_64-2.40.1

crash-kmp-desktop-debuginfo-7.0.2_k3.12.67_64-2.40.1

crash-kmp-xen-7.0.2_k3.12.67_64-2.40.1

crash-kmp-xen-debuginfo-7.0.2_k3.12.67_64-2.40.1

hdjmod-debugsource-1.28-16.40.1

hdjmod-kmp-default-1.28_k3.12.67_64-16.40.1

hdjmod-kmp-default-debugi...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2016-9576.html

https://www.suse.com/security/cve/CVE-2016-9794.html

https://bugzilla.suse.com/1013533

https://bugzilla.suse.com/1013604

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2016:3118-1
Rating: important
Affected Products: openSUSE 13.1 .

Topics%20covered

Topics Covered

security advisory update privilege escalation important kernel dos openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here