Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 429
Alerts This Week
Warning Icon 1 429

openSUSE 42.2: 2017:2110-1 Important Denial Of Service Threats

opensuse
Calendar Grey August 9, 2017
Dist Opensuse Esm H88
This significant announcement for Fedora resolves essential kernel vulnerabilities, improving general system integrity and performance.
An update that solves 5 vulnerabilities and has 61 fixes is An update that solves 5 vulnerabilities and has 61 fixes is An update that solves 5 vulnerabilities and has 61 fixes is ...

Description

The openSUSE Leap 42.2 kernel was updated to 4.4.79 to receive various

security and bugfixes.

The following security bugs were fixed:

- CVE-2017-7542: The ip6_find_1stfragopt function in

net/ipv6/output_core.c in the Linux kernel allowed local users to cause

a denial of service (integer overflow and infinite loop) by leveraging

the ability to open a raw socket (bnc#1049882).

- CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function

in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603).

- CVE-2017-7533: A bug in inotify code allowed local users to escalate

privilege (bnc#1049483).

- CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in

drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux

kernel allowed local users to cause a denial of service (buffer overflow

and system crash) or possibly gain privileges...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-891=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.2 (x86_64):

kernel-debug-4.4.79-18.23.1

kernel-debug-base-4.4.79-18.23.1

kernel-debug-base-debuginfo-4.4.79-18.23.1

kernel-debug-debuginfo-4.4.79-18.23.1

kernel-debug-debugsource-4.4.79-18.23.1

kernel-debug-devel-4.4.79-18.23.1

kernel-debug-devel-debuginfo-4.4.79-18.23.1

kernel-default-4.4.79-18.23.1

kernel-default-base-4.4.79-18.23.1

kernel-default-base-debuginfo-4.4.79-18.23.1

kernel-default-debuginfo-4.4.79-18.23.1

kernel-default-debugsource-4.4.79-18.23.1

kernel-default-devel-4.4.79-18.23.1

kernel-obs-build-4.4.79-18.23.1

kernel-obs-build-debugsource-4.4.79-18.23.1

kernel-obs-qa-4.4.79-18.23.1

kernel-syms-4.4.79-18.23.1

kernel-vanilla-4.4.79-18.23.1

kernel-vanilla-base-4.4.79-18.23.1

kernel-vanilla-base-debuginfo-4.4.79-18.23.1

kernel-vanilla-debuginfo-4.4.79-18.23.1

kernel-vanilla-debugsource-4.4.79-18.23.1

kernel-vanilla-devel-4.4.79-18.23.1

- openSUSE Leap 42.2 (noarch):

kernel-devel-4.4.79-18.23.1

kernel-docs-4.4.79-18.23.2

kernel-docs-html-4.4.79-18.23.2

kernel-docs-pdf-4.4.79-18.23.2

k...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2017-10810.html

https://www.suse.com/security/cve/CVE-2017-11473.html

https://www.suse.com/security/cve/CVE-2017-7533.html

https://www.suse.com/security/cve/CVE-2017-7541.html

https://www.suse.com/security/cve/CVE-2017-7542.html

https://bugzilla.suse.com/1006180

https://bugzilla.suse.com/1011913

https://bugzilla.suse.com/1012829

https://bugzilla.suse.com/1013887

https://bugzilla.suse.com/1022476

https://bugzilla.suse.com/1028173

https://bugzilla.suse.com/1028286

https://bugzilla.suse.com/1029693

https://bugzilla.suse.com/1030552

https://bugzilla.suse.com/1031515

https://bugzilla.suse.com/1031717

https://bugzilla.suse.com/1033587

https://bugzilla.suse.com/1034075

https://bugzilla.suse.com/1034762

https://bugzilla.suse.com/1036303

https://bugzilla.suse.com/1036632

https://bugzilla.suse.com/1037344

https://bugzilla.suse.com/1038078

https://bugzilla.suse.com/1038616

https://bugzilla.suse.com/1039915

https://bugzilla.suse.com/1040307

https://bugzilla.suse.com/1040351

https://bugz...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2017:2110-1
Rating: important
Affected Products: openSUSE Leap 42.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.