Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

SUSE Linux Enterprise 12 - Key Security Update on Kernel for DoS Risks

suse
Calendar Grey May 11, 2017
Scroller Suse
Crucial SUSE patch for the Linux Kernel addressing 25 vulnerabilities, encompassing solutions for denial of service risks.
An update that solves 25 vulnerabilities and has 10 fixes An update that solves 25 vulnerabilities and has 10 fixes An update that solves 25 vulnerabilities and has 10 fixes is now...

Summary

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enabled scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697).

References

#1003077 #1015703 #1021256 #1021762 #1023377

#1023762 #1023992 #1024938 #1025235 #1026024

#1026722 #1026914 #1027066 #1027149 #1027178

#1027189 #1027190 #1028415 #1028895 #1029986

#1030118 #1030213 #1030901 #1031003 #1031052

#1031440 #1031579 #1032344 #1033336 #914939

#954763 #968697 #979215 #983212 #989056

Cross- CVE-2015-1350 CVE-2016-10044 CVE-2016-10200

CVE-2016-10208 CVE-2016-2117 CVE-2016-3070

CVE-2016-5243 CVE-2016-7117 CVE-2016-9588

CVE-2017-2671 CVE-2017-5669 CVE-2017-5897

CVE-2017-5970 CVE-2017-5986 CVE-2017-6074

CVE-2017-6214 CVE-2017-6345 CVE-2017-6346

CVE-2017-6348 CVE-2017-6353 CVE-2017-7187

CVE-2017-7261 CVE-2017-7294 CVE-2017-7308

CVE-2017-7616

Affected Products:

SUSE Lin...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:1247-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.