SUSE: 2016:0386-1 Important: Local User Threats in Kernel Live Patch

suse

February 8, 2016

An update that solves 5 vulnerabilities and has two fixes An update that solves 5 vulnerabilities and has two fixes An update that solves 5 vulnerabilities and has two fixes is now...

Summary

This kernel live patch for Linux Kernel 3.12.44-52.10.1 fixes security issues and bugs: Security issues fixed: - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958601). - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable Datagram Sockets (RDS) implementation allowing a local user to cause system DoS. A verification was missing that the underlying transport exists when a connection was created. (bsc#953052) - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#953052). - CVE-2015-7872: Possible crash when trying to garbage collect an uninstantiated keyring (bsc#951542). - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux

Topics Covered

security advisory DoS kernel patch SUSE security issues bugfix user privilege

References

#916225 #940342 #951542 #951625 #953052 #954005

#958601

Cross- CVE-2015-2925 CVE-2015-6937 CVE-2015-7872

CVE-2015-7990 CVE-2015-8539

Affected Products:

SUSE Linux Enterprise Live Patching 12

https://www.suse.com/security/cve/CVE-2015-2925.html

https://www.suse.com/security/cve/CVE-2015-6937.html

https://www.suse.com/security/cve/CVE-2015-7872.html

https://www.suse.com/security/cve/CVE-2015-7990.html

https://www.suse.com/security/cve/CVE-2015-8539.html

https://bugzilla.suse.com/916225

https://bugzilla.suse.com/940342

https://bugzilla.suse.com/951542

https://bugzilla.suse.com/951625

https://bugzilla.suse.com/953052

https://bugzilla.suse.com/954005

https://bugzilla.suse.com/958601

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2016:0386-1

Rating: important

Topics Covered

security advisory DoS kernel patch SUSE security issues bugfix user privilege

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2016:0386-1 Important: Local User Threats in Kernel Live Patch

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2016:0386-1 Important: Local User Threats in Kernel Live Patch

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!