Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

SUSE: 2017:3165-1 Critical Update: Linux Kernel Denial of Service Fix

suse
Calendar Grey November 30, 2017
Dist Suse Esm H88
Crucial SUSE Security Patch for the Linux Kernel addresses significant concerns and weaknesses impacting overall system reliability.
An update that solves 5 vulnerabilities and has 17 fixes is An update that solves 5 vulnerabilities and has 17 fixes is An update that solves 5 vulnerabilities and has 17 fixes is ...

Summary

The SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667). - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192 (bnc#1045327). - CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel

References

#1022967 #1036286 #1044228 #1045327 #1052593

#1053317 #1056230 #1056504 #1057796 #1059051

#1059525 #1060245 #1060665 #1061017 #1061180

#1062520 #1062842 #1063301 #1063544 #1063667

#909484 #996376

Cross- CVE-2017-1000253 CVE-2017-13080 CVE-2017-14489

CVE-2017-15265 CVE-2017-15274

Affected Products:

SUSE Linux Enterprise Real Time Extension 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2017-1000253.html

https://www.suse.com/security/cve/CVE-2017-13080.html

https://www.suse.com/security/cve/CVE-2017-14489.html

https://www.suse.com/security/cve/CVE-2017-15265.html

https://www.suse.com/security/cve/CVE-2017-15274.html

https://bugzilla.suse.com/1022967

https://bugzilla.suse.com/1036286

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:3165-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.