Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

SUSE: 2023:2234-2 Critical: Security Flaws in Linux Kernel Fixed

suse
Calendar Grey April 25, 2017
Scroller Suse
Fedora releases a software patch addressing 32 vulnerabilities, improving data protection and system efficiency alongside user experience.
An update that solves 27 vulnerabilities and has 114 fixes An update that solves 27 vulnerabilities and has 114 fixes An update that solves 27 vulnerabilities and has 114 fixes is ...

Summary

The SLE-11 SP4 kernel was updated to 3.0.101.rt130-68 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5551: The simple_set_acl function in fs/posix_acl.c in the Linux kernel preserved the setgid bit during a setxattr call involving a tmpfs filesystem, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097 (bnc#1021258). - CVE-2016-7097: posix_acl: Clear SGID bit when setting file permissions (bsc#995968). - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS

References

#1003077 #1003344 #1003568 #1003677 #1003813

#1003866 #1003925 #1004517 #1004520 #1005857

#1005877 #1005896 #1005903 #1006917 #1006919

#1007615 #1007944 #1008557 #1008645 #1008831

#1008833 #1008893 #1009875 #1010150 #1010175

#1010201 #1010467 #1010501 #1010507 #1010711

#1010716 #1011685 #1011820 #1012411 #1012422

#1012832 #1012851 #1012917 #1013018 #1013038

#1013042 #1013070 #1013531 #1013533 #1013542

#1013604 #1014410 #1014454 #1014746 #1015561

#1015752 #1015760 #1015796 #1015803 #1015817

#1015828 #1015844 #1015848 #1015878 #1015932

#1016320 #1016505 #1016520 #1016668 #1016688

#1016824 #1016831 #1017686 #1017710 #1019148

#1019165 #1019348 #1019783 #1020214 #1021258

#748806 #7631...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:1102-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.