SUSE: 2015:1489-1 Important Live Patch For Kernel Issues

suse

September 4, 2015

An update that fixes 12 vulnerabilities is now available

Summary

This update contains a kernel live patch for the 3.12.32-33 SUSE Linux Enterprise Server 12 Kernel, fixing following security issues. - CVE-2015-3339: A race condition in the prepare_binprm function in fs/exec.c in the Linux kernel allowed local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. (bsc#939263 bsc#939044) - CVE-2015-1465: The IPv4 implementation in the Linux kernel did not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allowed remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets. (bsc#939044 bsc#916225)

Topics Covered

security advisory denial of service local privilege escalation important kernel issues SUSE Linux Enterprise live patch

References

#902349 #916225 #939044 #939240 #939241 #939260

#939262 #939263 #939270 #939273 #939276 #939277

Cross- CVE-2014-3687 CVE-2014-7822 CVE-2014-8159

CVE-2014-9710 CVE-2015-1465 CVE-2015-1805

CVE-2015-3331 CVE-2015-3339 CVE-2015-3636

CVE-2015-4700 CVE-2015-5364 CVE-2015-5366

Affected Products:

SUSE Linux Enterprise Live Patching 12

https://www.suse.com/security/cve/CVE-2014-3687.html

https://www.suse.com/security/cve/CVE-2014-7822.html

https://www.suse.com/security/cve/CVE-2014-8159.html

https://www.suse.com/security/cve/CVE-2014-9710.html

https://www.suse.com/security/cve/CVE-2015-1465.html

https://www.suse.com/security/cve/CVE-2015-1805.html

https://www.suse.com/security/cve/CVE-2015-3331.html

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2015:1489-1

Rating: important

Topics Covered

security advisory denial of service local privilege escalation important kernel issues SUSE Linux Enterprise live patch

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2015:1489-1 Important Live Patch For Kernel Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2015:1489-1 Important Live Patch For Kernel Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!