openSUSE Leap 42.2: 2017:1633-1 Critical: Kernel Local Issues
opensuse
June 21, 2017
An update that solves four vulnerabilities and has 35 fixes An update that solves four vulnerabilities and has 35 fixes An update that solves four vulnerabilities and has 35 fixes ...
Description
The openSUSE Leap 42.2 kernel was updated to 4.4.72 to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2017-1000364: An issue was discovered in the size of the stack guard
page on Linux, specifically a 4k stack guard page is not sufficiently
large and can be "jumped" over (the stack guard page is bypassed), this
affects Linux Kernel versions 4.11.5 and earlier (the stackguard page
was introduced in 2010) (bnc#1039348).
- CVE-2017-1000380: sound/core/timer.c in the Linux kernel is vulnerable
to a data race in the ALSA /dev/snd/timer driver resulting in local
users being able to read information belonging to other users, i.e.,
uninitialized memory contents may be disclosed when a read and an ioctl
happen at the same time (bnc#1044125).
- CVE-2017-7346: The vmw_gb_surface_define_ioctl function in
drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not
validate certain...
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-716=1
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE Leap 42.2 (noarch):
kernel-devel-4.4.72-18.12.1
kernel-docs-4.4.72-18.12.3
kernel-docs-html-4.4.72-18.12.3
kernel-docs-pdf-4.4.72-18.12.3
kernel-macros-4.4.72-18.12.1
kernel-source-4.4.72-18.12.1
kernel-source-vanilla-4.4.72-18.12.1
- openSUSE Leap 42.2 (x86_64):
kernel-debug-4.4.72-18.12.2
kernel-debug-base-4.4.72-18.12.2
kernel-debug-base-debuginfo-4.4.72-18.12.2
kernel-debug-debuginfo-4.4.72-18.12.2
kernel-debug-debugsource-4.4.72-18.12.2
kernel-debug-devel-4.4.72-18.12.2
kernel-debug-devel-debuginfo-4.4.72-18.12.2
kernel-default-4.4.72-18.12.2
kernel-default-base-4.4.72-18.12.2
kernel-default-base-debuginfo-4.4.72-18.12.2
kernel-default-debuginfo-4.4.72-18.12.2
kernel-default-debugsource-4.4.72-18.12.2
kernel-default-devel-4.4.72-18.12.2
kernel-obs-build-4.4.72-18.12.2
kernel-obs-build-debugsource-4.4.72-18.12.2
kernel-obs-qa-4.4.72-18.12.1
kernel-syms-4.4.72-18.12.1
kernel-vanilla-4.4.72-18.12.2
kernel-vanilla-base-4.4.72-18.12.2
kernel-vanilla-base-debuginfo-4.4.72-18.12.2
kernel-vanilla-debuginfo...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2017-1000364.html
https://www.suse.com/security/cve/CVE-2017-1000380.html
https://www.suse.com/security/cve/CVE-2017-7346.html
https://www.suse.com/security/cve/CVE-2017-9242.html
https://bugzilla.suse.com/1012060
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1012422
https://bugzilla.suse.com/1012829
https://bugzilla.suse.com/1015452
https://bugzilla.suse.com/1022595
https://bugzilla.suse.com/1031796
https://bugzilla.suse.com/1032339
https://bugzilla.suse.com/1036638
https://bugzilla.suse.com/1037840
https://bugzilla.suse.com/1038085
https://bugzilla.suse.com/1039348
https://bugzilla.suse.com/1039900
https://bugzilla.suse.com/1040855
https://bugzilla.suse.com/1041242
https://bugzilla.suse.com/1041431
https://bugzilla.suse.com/1041810
https://bugzilla.suse.com/1042286
https://bugzilla.suse.com/1042356
https://bugzilla.suse.com/1042421
https://bugzilla.suse.com/1042517
https://bugzilla.suse.com/1042535
https://bugzilla.suse.com/1042536
https://bugzilla.suse.com/1...
Read the Full Advisory
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2017:1633-1
Rating: important
Affected Products: openSUSE Leap 42.2
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!