Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 428
Alerts This Week
Warning Icon 1 428

SUSE: 2017:2103-1 Critical: Kernel Remote Exploit and Privilege Escalation

suse
Calendar Grey August 8, 2017
Dist Suse Esm H88
Critical security notice from SUSE regarding Linux Kernel Live Patch that addresses three significant vulnerabilities impacting SLE 12.
An update that solves three vulnerabilities and has one An update that solves three vulnerabilities and has one An update that solves three vulnerabilities and has one errata is no...

Summary

This update for the Linux Kernel 3.12.61-52_69 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - A SUSE Linux Enterprise specific regression in tearing down network namespaces was fixed (bsc#1044878) - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a

References

#1042892 #1044878 #1046191 #1050751

Cross- CVE-2017-7533 CVE-2017-7645 CVE-2017-9242

Affected Products:

SUSE Linux Enterprise Server for SAP 12

SUSE Linux Enterprise Server 12-LTSS

https://www.suse.com/security/cve/CVE-2017-7533.html

https://www.suse.com/security/cve/CVE-2017-7645.html

https://www.suse.com/security/cve/CVE-2017-9242.html

https://bugzilla.suse.com/1042892

https://bugzilla.suse.com/1044878

https://bugzilla.suse.com/1046191

https://bugzilla.suse.com/1050751

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:2103-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.