SUSE 12: 2015:1491-1 Important Live Kernel Patch Addresses Security Issues

suse

September 4, 2015

An update that fixes 8 vulnerabilities is now available

Summary

This update contains a kernel live patch for the 3.12.39-47 SUSE Linux Enterprise Server 12 Kernel, fixing following security issues. - CVE-2015-3339: A race condition in the prepare_binprm function in fs/exec.c in the Linux kernel allowed local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. (bsc#939263 bsc#939044) - CVE-2015-3636: The ping_unhash function in net/ipv4/ping.c in the Linux kernel did not initialize a certain list data structure during an unhash operation, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP

Topics Covered

security advisory denial of service local privilege escalation kernel patch important security issue live patching SUSE 12

References

#939044 #939241 #939262 #939263 #939270 #939273

#939276 #939277

Cross- CVE-2014-8159 CVE-2015-1805 CVE-2015-3331

CVE-2015-3339 CVE-2015-3636 CVE-2015-4700

CVE-2015-5364 CVE-2015-5366

Affected Products:

SUSE Linux Enterprise Live Patching 12

https://www.suse.com/security/cve/CVE-2014-8159.html

https://www.suse.com/security/cve/CVE-2015-1805.html

https://www.suse.com/security/cve/CVE-2015-3331.html

https://www.suse.com/security/cve/CVE-2015-3339.html

https://www.suse.com/security/cve/CVE-2015-3636.html

https://www.suse.com/security/cve/CVE-2015-4700.html

https://www.suse.com/security/cve/CVE-2015-5364.html

https://www.suse.com/security/cve/CVE-2015-5366.html

https://bugzilla.suse.com/show_bug.cgi?id=939044

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2015:1491-1

Rating: important

Topics Covered

security advisory denial of service local privilege escalation kernel patch important security issue live patching SUSE 12

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE 12: 2015:1491-1 Important Live Kernel Patch Addresses Security Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE 12: 2015:1491-1 Important Live Kernel Patch Addresses Security Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!