openSUSE Leap 42.2: 2017:2169-1 Important Kernel Race Condition Fixes
opensuse
August 15, 2017
An update that solves three vulnerabilities and has 15 fixes is now available.
Description
The openSUSE Leap 42.2 kernel was updated to receive various security and
bugfixes.
The following security bugs were fixed:
- CVE-2017-1000111: Fixed a race condition in net-packet code that could
be exploited to cause out-of-bounds memory access (bsc#1052365).
- CVE-2017-1000112: Fixed a race condition in net-packet code that could
have been exploited by unprivileged users to gain root access.
(bsc#1052311).
- CVE-2017-8831: The saa7164_bus_get function in
drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed
local users to cause a denial of service (out-of-bounds array access) or
possibly have unspecified other impact by changing a certain
sequence-number value, aka a "double fetch" vulnerability (bnc#1037994).
The following non-security bugs were fixed:
- IB/hfi1: Wait for QSFP modules to initialize (bsc#1019151).
- bcache: force trigger gc (bsc#1038078).
- bcache: only recovery I/O error for...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-929=1
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE Leap 42.2 (x86_64):
kernel-debug-4.4.79-18.26.2
kernel-debug-base-4.4.79-18.26.2
kernel-debug-base-debuginfo-4.4.79-18.26.2
kernel-debug-debuginfo-4.4.79-18.26.2
kernel-debug-debugsource-4.4.79-18.26.2
kernel-debug-devel-4.4.79-18.26.2
kernel-debug-devel-debuginfo-4.4.79-18.26.2
kernel-default-4.4.79-18.26.2
kernel-default-base-4.4.79-18.26.2
kernel-default-base-debuginfo-4.4.79-18.26.2
kernel-default-debuginfo-4.4.79-18.26.2
kernel-default-debugsource-4.4.79-18.26.2
kernel-default-devel-4.4.79-18.26.2
kernel-obs-build-4.4.79-18.26.2
kernel-obs-build-debugsource-4.4.79-18.26.2
kernel-obs-qa-4.4.79-18.26.1
kernel-syms-4.4.79-18.26.1
kernel-vanilla-4.4.79-18.26.2
kernel-vanilla-base-4.4.79-18.26.2
kernel-vanilla-base-debuginfo-4.4.79-18.26.2
kernel-vanilla-debuginfo-4.4.79-18.26.2
kernel-vanilla-debugsource-4.4.79-18.26.2
kernel-vanilla-devel-4.4.79-18.26.2
- openSUSE Leap 42.2 (noarch):
kernel-devel-4.4.79-18.26.1
kernel-docs-4.4.79-18.26.3
kernel-docs-html-4.4.79-18.26.3
kernel-docs-pdf-4.4.79-18.26.3
k...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2017-1000111.html
https://www.suse.com/security/cve/CVE-2017-1000112.html
https://www.suse.com/security/cve/CVE-2017-8831.html
https://bugzilla.suse.com/1019151
https://bugzilla.suse.com/1023175
https://bugzilla.suse.com/1037404
https://bugzilla.suse.com/1037994
https://bugzilla.suse.com/1038078
https://bugzilla.suse.com/1038792
https://bugzilla.suse.com/1043652
https://bugzilla.suse.com/1047027
https://bugzilla.suse.com/1051399
https://bugzilla.suse.com/1051556
https://bugzilla.suse.com/1052049
https://bugzilla.suse.com/1052223
https://bugzilla.suse.com/1052311
https://bugzilla.suse.com/1052365
https://bugzilla.suse.com/1052533
https://bugzilla.suse.com/1052709
https://bugzilla.suse.com/1052773
https://bugzilla.suse.com/1052794
--
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2017:2169-1
Rating: important
Affected Products:
openSUSE Leap 42.2
le.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!