SuSE: 2017:1102-1: important: the Linux Kernel
Summary
The SLE-11 SP4 kernel was updated to 3.0.101.rt130-68 to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2017-5551: The simple_set_acl function in fs/posix_acl.c in the
Linux kernel preserved the setgid bit during a setxattr call involving a
tmpfs filesystem, which allowed local users to gain group privileges by
leveraging the existence of a setgid program with restrictions on
execute permissions. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2016-7097 (bnc#1021258).
- CVE-2016-7097: posix_acl: Clear SGID bit when setting file permissions
(bsc#995968).
- CVE-2016-10088: The sg implementation in the Linux kernel did not
properly restrict write operations in situations where the KERNEL_DS
option is set, which allowed local users to read or write to arbitrary
kernel memory locations or cause a denial of service (use-after-free) by
leveraging access to a /dev/sg device, related to block/bsg.c and
drivers/scsi/sg.c. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2016-9576 (bnc#1017710).
- CVE-2016-5696: TCP, when using a large Window Size, made it easier for
remote attackers to guess sequence numbers and cause a denial of service
(connection loss) to persistent TCP connections by repeatedly injecting
a TCP RST packet, especially in protocols that use long-lived
connections, such as BGP (bnc#989152).
- CVE-2015-1350: Denial of service in notify_change for filesystem xattrs (bsc#914939).
- CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the
Linux kernel did not validate the relationship between the minimum
fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer
overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831).
- CVE-2016-8399: An elevation of privilege vulnerability in the kernel
networking subsystem could have enabled a local malicious application to
execute arbitrary code within the context of the kernel. This issue is
rated as Moderate because it first requires compromising a privileged
process and current compiler optimizations restrict access to the
vulnerable code. (bnc#1014746).
- CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the
Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,
which allowed local users to cause a denial of service (memory
corruption and system crash)
or possibly have unspecified other impact by leveraging the
CAP_NET_ADMIN capability for a crafted setsockopt system call with the
(1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531).
- CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the
Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,
which allowed local users to cause a denial of service (memory
corruption and system crash)
or possibly have unspecified other impact by leveraging the
CAP_NET_ADMIN capability for a crafted setsockopt system call with the
(1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542).
- CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not
properly initialize Code Segment (CS) in certain error cases, which
allowed local users to obtain sensitive information from kernel stack
memory via a crafted application (bnc#1013038).
- CVE-2016-9576: splice: introduce FMODE_SPLICE_READ and
FMODE_SPLICE_WRITE (bsc#1013604)
- CVE-2016-9794: ALSA: pcm : Call kill_fasync() in stream lock
(bsc#1013533)
- CVE-2016-3841: KABI workaround for ipv6: add complete rcu protection
around np->opt (bsc#992566).
- CVE-2016-9685: Multiple memory leaks in error paths in
fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause
a denial of service (memory consumption) via crafted XFS filesystem
operations (bnc#1012832).
- CVE-2015-8962: Double free vulnerability in the sg_common_write function
in drivers/scsi/sg.c in the Linux kernel allowed local users to gain
privileges or cause a denial of service (memory corruption and system
crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).
- CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in
the Linux kernel lacks chunk-length checking for the first chunk, which
allowed remote attackers to cause a denial of service (out-of-bounds
slab access) or possibly have unspecified other impact via crafted SCTP
data (bnc#1011685).
- CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop
function in block/genhd.c in the Linux kernel allowed local users to
gain privileges by leveraging the execution of a certain stop
operation even if the corresponding start operation had failed
(bnc#1010716).
- CVE-2016-7911: Race condition in the get_task_ioprio function in
block/ioprio.c in the Linux kernel allowed local users to gain
privileges or cause a denial of service (use-after-free) via a crafted
ioprio_get system call (bnc#1010711).
- CVE-2013-6368: The KVM subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a
VAPIC synchronization operation involving a page-end address
(bnc#853052).
- CVE-2015-8964: The tty_set_termios_ldisc function in
drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to
obtain sensitive information from kernel memory by reading a tty data
structure (bnc#1010507).
- CVE-2016-7916: Revert "proc: prevent accessing /proc/
References
#1003077 #1003344 #1003568 #1003677 #1003813
#1003866 #1003925 #1004517 #1004520 #1005857
#1005877 #1005896 #1005903 #1006917 #1006919
#1007615 #1007944 #1008557 #1008645 #1008831
#1008833 #1008893 #1009875 #1010150 #1010175
#1010201 #1010467 #1010501 #1010507 #1010711
#1010716 #1011685 #1011820 #1012411 #1012422
#1012832 #1012851 #1012917 #1013018 #1013038
#1013042 #1013070 #1013531 #1013533 #1013542
#1013604 #1014410 #1014454 #1014746 #1015561
#1015752 #1015760 #1015796 #1015803 #1015817
#1015828 #1015844 #1015848 #1015878 #1015932
#1016320 #1016505 #1016520 #1016668 #1016688
#1016824 #1016831 #1017686 #1017710 #1019148
#1019165 #1019348 #1019783 #1020214 #1021258
#748806 #763198 #771065 #786036 #790588 #795297
#799133 #800999 #803320 #821612 #824171 #851603
#853052 #860441 #863873 #865783 #871728 #901809
#907611 #908458 #908684 #909077 #909350 #909484
#909491 #909618 #913387 #914939 #919382 #922634
#924708 #925065 #928138 #929141 #953233 #956514
#960689 #961589 #962846 #963655 #967716 #968010
#969340 #973203 #973691 #979681 #984194 #986337
#987333 #987576 #989152 #989680 #989764 #989896
#990245 #992566 #992991 #993739 #993832 #995968
#996541 #996557 #997401 #998689 #999101 #999907
Cross- CVE-2004-0230 CVE-2012-6704 CVE-2013-6368
CVE-2015-1350 CVE-2015-8956 CVE-2015-8962
CVE-2015-8964 CVE-2016-10088 CVE-2016-3841
CVE-2016-5696 CVE-2016-7042 CVE-2016-7097
CVE-2016-7117 CVE-2016-7910 CVE-2016-7911
CVE-2016-7916 CVE-2016-8399 CVE-2016-8632
CVE-2016-8633 CVE-2016-8646 CVE-2016-9555
CVE-2016-9576 CVE-2016-9685 CVE-2016-9756
CVE-2016-9793 CVE-2016-9794 CVE-2017-5551
Affected Products:
SUSE Linux Enterprise Real Time Extension 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
https://www.suse.com/security/cve/CVE-2004-0230.html
https://www.suse.com/security/cve/CVE-2012-6704.html
https://www.suse.com/security/cve/CVE-2013-6368.html
https://www.suse.com/security/cve/CVE-2015-1350.html
https://www.suse.com/security/cve/CVE-2015-8956.html
https://www.suse.com/security/cve/CVE-2015-8962.html
https://www.suse.com/security/cve/CVE-2015-8964.html
https://www.suse.com/security/cve/CVE-2016-10088.html
https://www.suse.com/security/cve/CVE-2016-3841.html
https://www.suse.com/security/cve/CVE-2016-5696.html
https://www.suse.com/security/cve/CVE-2016-7042.html
https://www.suse.com/security/cve/CVE-2016-7097.html
https://www.suse.com/security/cve/CVE-2016-7117.html
https://www.suse.com/security/cve/CVE-2016-7910.html
https://www.suse.com/security/cve/CVE-2016-7911.html
https://www.suse.com/security/cve/CVE-2016-7916.html
https://www.suse.com/security/cve/CVE-2016-8399.html
https://www.suse.com/security/cve/CVE-2016-8632.html
https://www.suse.com/security/cve/CVE-2016-8633.html
https://www.suse.com/security/cve/CVE-2016-8646.html
https://www.suse.com/security/cve/CVE-2016-9555.html
https://www.suse.com/security/cve/CVE-2016-9576.html
https://www.suse.com/security/cve/CVE-2016-9685.html
https://www.suse.com/security/cve/CVE-2016-9756.html
https://www.suse.com/security/cve/CVE-2016-9793.html
https://www.suse.com/security/cve/CVE-2016-9794.html
https://www.suse.com/security/cve/CVE-2017-5551.html
https://bugzilla.suse.com/1003077
https://bugzilla.suse.com/1003344
https://bugzilla.suse.com/1003568
https://bugzilla.suse.com/1003677
https://bugzilla.suse.com/1003813
https://bugzilla.suse.com/1003866
https://bugzilla.suse.com/1003925
https://bugzilla.suse.com/1004517
https://bugzilla.suse.com/1004520
https://bugzilla.suse.com/1005857
https://bugzilla.suse.com/1005877
https://bugzilla.suse.com/1005896
https://bugzilla.suse.com/1005903
https://bugzilla.suse.com/1006917
https://bugzilla.suse.com/1006919
https://bugzilla.suse.com/1007615
https://bugzilla.suse.com/1007944
https://bugzilla.suse.com/1008557
https://bugzilla.suse.com/1008645
https://bugzilla.suse.com/1008831
https://bugzilla.suse.com/1008833
https://bugzilla.suse.com/1008893
https://bugzilla.suse.com/1009875
https://bugzilla.suse.com/1010150
https://bugzilla.suse.com/1010175
https://bugzilla.suse.com/1010201
https://bugzilla.suse.com/1010467
https://bugzilla.suse.com/1010501
https://bugzilla.suse.com/1010507
https://bugzilla.suse.com/1010711
https://bugzilla.suse.com/1010716
https://bugzilla.suse.com/1011685
https://bugzilla.suse.com/1011820
https://bugzilla.suse.com/1012411
https://bugzilla.suse.com/1012422
https://bugzilla.suse.com/1012832
https://bugzilla.suse.com/1012851
https://bugzilla.suse.com/1012917
https://bugzilla.suse.com/1013018
https://bugzilla.suse.com/1013038
https://bugzilla.suse.com/1013042
https://bugzilla.suse.com/1013070
https://bugzilla.suse.com/1013531
https://bugzilla.suse.com/1013533
https://bugzilla.suse.com/1013542
https://bugzilla.suse.com/1013604
https://bugzilla.suse.com/1014410
https://bugzilla.suse.com/1014454
https://bugzilla.suse.com/1014746
https://bugzilla.suse.com/1015561
https://bugzilla.suse.com/1015752
https://bugzilla.suse.com/1015760
https://bugzilla.suse.com/1015796
https://bugzilla.suse.com/1015803
https://bugzilla.suse.com/1015817
https://bugzilla.suse.com/1015828
https://bugzilla.suse.com/1015844
https://bugzilla.suse.com/1015848
https://bugzilla.suse.com/1015878
https://bugzilla.suse.com/1015932
https://bugzilla.suse.com/1016320
https://bugzilla.suse.com/1016505
https://bugzilla.suse.com/1016520
https://bugzilla.suse.com/1016668
https://bugzilla.suse.com/1016688
https://bugzilla.suse.com/1016824
https://bugzilla.suse.com/1016831
https://bugzilla.suse.com/1017686
https://bugzilla.suse.com/1017710
https://bugzilla.suse.com/1019148
https://bugzilla.suse.com/1019165
https://bugzilla.suse.com/1019348
https://bugzilla.suse.com/1019783
https://bugzilla.suse.com/1020214
https://bugzilla.suse.com/1021258
https://bugzilla.suse.com/748806
https://bugzilla.suse.com/763198
https://bugzilla.suse.com/771065
https://bugzilla.suse.com/786036
https://bugzilla.suse.com/790588
https://bugzilla.suse.com/795297
https://bugzilla.suse.com/799133
https://bugzilla.suse.com/800999
https://bugzilla.suse.com/803320
https://bugzilla.suse.com/821612
https://bugzilla.suse.com/824171
https://bugzilla.suse.com/851603
https://bugzilla.suse.com/853052
https://bugzilla.suse.com/860441
https://bugzilla.suse.com/863873
https://bugzilla.suse.com/865783
https://bugzilla.suse.com/871728
https://bugzilla.suse.com/901809
https://bugzilla.suse.com/907611
https://bugzilla.suse.com/908458
https://bugzilla.suse.com/908684
https://bugzilla.suse.com/909077
https://bugzilla.suse.com/909350
https://bugzilla.suse.com/909484
https://bugzilla.suse.com/909491
https://bugzilla.suse.com/909618
https://bugzilla.suse.com/913387
https://bugzilla.suse.com/914939
https://bugzilla.suse.com/919382
https://bugzilla.suse.com/922634
https://bugzilla.suse.com/924708
https://bugzilla.suse.com/925065
https://bugzilla.suse.com/928138
https://bugzilla.suse.com/929141
https://bugzilla.suse.com/953233
https://bugzilla.suse.com/956514
https://bugzilla.suse.com/960689
https://bugzilla.suse.com/961589
https://bugzilla.suse.com/962846
https://bugzilla.suse.com/963655
https://bugzilla.suse.com/967716
https://bugzilla.suse.com/968010
https://bugzilla.suse.com/969340
https://bugzilla.suse.com/973203
https://bugzilla.suse.com/973691
https://bugzilla.suse.com/979681
https://bugzilla.suse.com/984194
https://bugzilla.suse.com/986337
https://bugzilla.suse.com/987333
https://bugzilla.suse.com/987576
https://bugzilla.suse.com/989152
https://bugzilla.suse.com/989680
https://bugzilla.suse.com/989764
https://bugzilla.suse.com/989896
https://bugzilla.suse.com/990245
https://bugzilla.suse.com/992566
https://bugzilla.suse.com/992991
https://bugzilla.suse.com/993739
https://bugzilla.suse.com/993832
https://bugzilla.suse.com/995968
https://bugzilla.suse.com/996541
https://bugzilla.suse.com/996557
https://bugzilla.suse.com/997401
https://bugzilla.suse.com/998689
https://bugzilla.suse.com/999101
https://bugzilla.suse.com/999907