SUSE: 2013:0856-1 Important: Kernel Security Issues and Bugs
suse
June 4, 2013
An update that solves two vulnerabilities and has 8 fixes An update that solves two vulnerabilities and has 8 fixes An update that solves two vulnerabilities and has 8 fixes is now...
Summary
The SUSE Linux Enterprise 10 SP4 kernel has been updated to fix various bugs and security issues. Security issues fixed: * CVE-2012-4444: The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel allowed remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. * CVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel lacked a certain error check, which might have allowed local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. Also the following bugs have been fixed: * hugetlb: Fix regression introduced by the original patch (bnc#790236, bnc#819403). * NFSv3/v2: Fix data corruption with NFS short reads (bnc#818337).
References
#760753 #789831 #790236 #810628 #812317 #813735
#815745 #817666 #818337 #819403
Cross- CVE-2012-4444 CVE-2013-1928
Affected Products:
SUSE Linux Enterprise Server 10 SP4
SUSE Linux Enterprise Desktop 10 SP4
SLE SDK 10 SP4
https://www.suse.com/security/cve/CVE-2012-4444.html
https://www.suse.com/security/cve/CVE-2013-1928.html
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2013:0856-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!