Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

SUSE: 2017:3226-1 Critical: Kernel Memory Corruption Issues

suse
Calendar Grey December 6, 2017
Dist Suse Esm H88
SUSE Linux has issued an update for its kernel addressing two identified security vulnerabilities. Detailed instructions on how to apply the necessary patches are now accessible.
An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one errata is now avai...

Summary

The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000405: A bug in the THP CoW support could be used by local attackers to corrupt memory of other processes and cause them to crash (bnc#1069496). - CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bnc#1069702). The following non-security bugs were fixed: Fix a build issue on ppc64le systems (bsc#1070805) Patch Instructions: To install this SUSE Security Update use YaST online_update.

References

#1069496 #1069702 #1070805

Cross- CVE-2017-1000405 CVE-2017-16939

Affected Products:

SUSE Linux Enterprise Workstation Extension 12-SP2

SUSE Linux Enterprise Software Development Kit 12-SP2

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2

SUSE Linux Enterprise Server 12-SP2

SUSE Linux Enterprise Live Patching 12

SUSE Linux Enterprise High Availability 12-SP2

SUSE Linux Enterprise Desktop 12-SP2

OpenStack Cloud Magnum Orchestration 7

https://www.suse.com/security/cve/CVE-2017-1000405.html

https://www.suse.com/security/cve/CVE-2017-16939.html

https://bugzilla.suse.com/1069496

https://bugzilla.suse.com/1069702

https://bugzilla.suse.com/1070805

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:3226-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.