Explore top 10 tips to secure your open-source projects now. Read More
×
The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that did not supply a key, related to the lrw_crypt function in crypto/lrw.c (bnc#1008374). - CVE-2017-5551: Clear S_ISGID on tmpfs when setting posix ACLs (bsc#1021258). - CVE-2016-7097: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid
#1001419 #1002165 #1003077 #1003253 #1003925
#1004517 #1007944 #1008374 #1008645 #1008831
#1008833 #1008850 #1009875 #1010150 #1010467
#1010501 #1010507 #1010711 #1010713 #1010716
#1011685 #1011820 #1012183 #1012422 #1012832
#1012851 #1012852 #1012895 #1013038 #1013042
#1013531 #1013542 #1014454 #1014746 #1015878
#1017710 #1018446 #1019079 #1019783 #1021258
#821612 #824171 #914939 #929141 #935436 #956514
#961923 #966826 #967716 #969340 #973691 #979595
#987576 #989152 #989261 #991665 #992566 #992569
#992906 #992991 #993890 #993891 #994296 #994618
#994759 #995968 #996329 #996541 #996557 #997059
#997401 #997708 #998689 #999932 #999943
Cross- CVE-2004-0230 CVE-2012-6704 CVE-2015-1350
CVE-2015-8956 CVE-...
Read the Full Advisory
Get the latest Linux and open source security news straight to your inbox.