Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

SUSE: 2017:2775-1 Important: Kernel Live Patch Critical Denial of Service

suse
Calendar Grey October 19, 2017
Dist Suse Esm H88
The latest Linux Kernel Live Patch 27 for SLE 12 addresses critical security flaws and vulnerabilities.
An update that solves four vulnerabilities and has one An update that solves four vulnerabilities and has one An update that solves four vulnerabilities and has one errata is now a...

Summary

This update for the Linux Kernel 3.12.61-52_92 fixes several issues. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000112: Updated patch for this issue to be in sync with the other livepatches. Description of the issue: Prevent race condition in net-packet code that could have been exploited by unprivileged users to gain root access (bsc#1052368, bsc#1052311). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c was too late in checking whether an overwrite of an skb data structure

References

#1042892 #1045327 #1046191 #1052311 #1052368

Cross- CVE-2017-1000112 CVE-2017-15274 CVE-2017-7645

CVE-2017-9242

Affected Products:

SUSE Linux Enterprise Server 12-LTSS

https://www.suse.com/security/cve/CVE-2017-1000112.html

https://www.suse.com/security/cve/CVE-2017-15274.html

https://www.suse.com/security/cve/CVE-2017-7645.html

https://www.suse.com/security/cve/CVE-2017-9242.html

https://bugzilla.suse.com/1042892

https://bugzilla.suse.com/1045327

https://bugzilla.suse.com/1046191

https://bugzilla.suse.com/1052311

https://bugzilla.suse.com/1052368

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:2775-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.