Alerts This Week
Warning Icon 1 905
Alerts This Week
Warning Icon 1 905

SUSE Linux 12-SP2: 2017:3267-1 Important: Kernel Critical Flaws Resolved

suse
Calendar Grey December 12, 2017
Dist Suse Esm H88
Important SUSE Linux Kernel upgrade addressing security vulnerabilities and enhancing system reliability following various incidents.
An update that solves 5 vulnerabilities and has 56 fixes is An update that solves 5 vulnerabilities and has 56 fixes is An update that solves 5 vulnerabilities and has 56 fixes is ...

Summary

The SUSE Linux Enterprise 12 SP2 Realtime kernel was updated to 4.4.95 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-12153: A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel This function did not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash (bnc#1058410 1058624). - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667).

Topics%20covered

Topics Covered

security advisory denial of service kernel update kernel SUSE Linux security fixes critical flaws

References

#1012382 #1017461 #1020645 #1022595 #1022600

#1022914 #1022967 #1025461 #1028971 #1030061

#1034048 #1037890 #1052593 #1053919 #1055493

#1055567 #1055755 #1055896 #1056427 #1058135

#1058410 #1058624 #1059051 #1059465 #1059863

#1060197 #1060985 #1061017 #1061046 #1061064

#1061067 #1061172 #1061451 #1061831 #1061872

#1062520 #1062962 #1063460 #1063475 #1063501

#1063509 #1063520 #1063667 #1063695 #1064206

#1064388 #1064701 #964944 #966170 #966172

#966186 #966191 #966316 #966318 #969474 #969475

#969476 #969477 #971975 #974590 #996376

Cross- CVE-2017-12153 CVE-2017-13080 CVE-2017-14489

CVE-2017-15265 CVE-2017-15649

Affected Products:

SUSE Linux Enterprise Real Time Extension 12-SP2

https://www.suse.com/security/cve/CVE-2017...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:3267-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service kernel update kernel SUSE Linux security fixes critical flaws

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here