Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

SUSE: 2017:0278-1 Important: Kernel Issues Resolved with Live Patch

suse
Calendar Grey January 25, 2017
Dist Suse Esm H88
SUSE Security Patch resolves various vulnerabilities in the Linux Kernel Live Patch 8 for SLE 12 SP1, offering crucial updates.
An update that solves three vulnerabilities and has one An update that solves three vulnerabilities and has one An update that solves three vulnerabilities and has one errata is no...

Summary

This update for the Linux Kernel 3.12.62-60_64_8 fixes several issues. The following security bugs were fixed: - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).

References

#1012852 #1013543 #1013604 #1014271

Cross- CVE-2016-8632 CVE-2016-9576 CVE-2016-9794

Affected Products:

SUSE Linux Enterprise Live Patching 12

https://www.suse.com/security/cve/CVE-2016-8632.html

https://www.suse.com/security/cve/CVE-2016-9576.html

https://www.suse.com/security/cve/CVE-2016-9794.html

https://bugzilla.suse.com/1012852

https://bugzilla.suse.com/1013543

https://bugzilla.suse.com/1013604

https://bugzilla.suse.com/1014271

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:0278-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.