Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

SUSE: 2017:0494-1 Important: Kernel Security Fixes and Updates

suse
Calendar Grey February 17, 2017
Dist Suse Esm H88
SUSE releases significant kernel enhancement designed to address various bugs and bolster security throughout its offerings.
An update that solves 27 vulnerabilities and has 48 fixes An update that solves 27 vulnerabilities and has 48 fixes An update that solves 27 vulnerabilities and has 48 fixes is now...

Summary

The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that did not supply a key, related to the lrw_crypt function in crypto/lrw.c (bnc#1008374). - CVE-2017-5551: Clear S_ISGID on tmpfs when setting posix ACLs (bsc#1021258). - CVE-2016-7097: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid

References

#1001419 #1002165 #1003077 #1003253 #1003925

#1004517 #1007944 #1008374 #1008645 #1008831

#1008833 #1008850 #1009875 #1010150 #1010467

#1010501 #1010507 #1010711 #1010713 #1010716

#1011685 #1011820 #1012183 #1012422 #1012832

#1012851 #1012852 #1012895 #1013038 #1013042

#1013531 #1013542 #1014454 #1014746 #1015878

#1017710 #1018446 #1019079 #1019783 #1021258

#821612 #824171 #914939 #929141 #935436 #956514

#961923 #966826 #967716 #969340 #973691 #979595

#987576 #989152 #989261 #991665 #992566 #992569

#992906 #992991 #993890 #993891 #994296 #994618

#994759 #995968 #996329 #996541 #996557 #997059

#997401 #997708 #998689 #999932 #999943

Cross- CVE-2004-0230 CVE-2012-6704 CVE-2015-1350

CVE-2015-8956 CVE-...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:0494-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.