Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 522
Alerts This Week
Warning Icon 1 522

SUSE: 2017:0294-1 Important: Linux Kernel Live Patch Resolves DoS

suse
Calendar Grey January 26, 2017
Dist Suse Esm H88
SUSE issued a vital Security Update for Linux Kernel Live Patch 10 that tackles significant vulnerabilities in SLE 12 SP1, enhancing overall system protection.
An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one errata is now avai...

Summary

This update for the Linux Kernel 3.12.67-60_64_21 fixes several issues. The following security bugs were fixed: - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). Patch Instructions:

References

#1013543 #1013604 #1014271

Cross- CVE-2016-9576 CVE-2016-9794

Affected Products:

SUSE Linux Enterprise Live Patching 12

https://www.suse.com/security/cve/CVE-2016-9576.html

https://www.suse.com/security/cve/CVE-2016-9794.html

https://bugzilla.suse.com/1013543

https://bugzilla.suse.com/1013604

https://bugzilla.suse.com/1014271

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:0294-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.