Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 538
Alerts This Week
Warning Icon 1 538

SUSE: 2017:3284-1 Important: Linux Kernel Live Patch Denial of Service

suse
Calendar Grey December 14, 2017
Dist Suse Esm H88
This patch resolves significant vulnerabilities within Ubuntu Linux Kernel 20.04 LTS, improving overall system security and resilience.
An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes ...

Summary

This update for the Linux Kernel 4.4.74-92_32 fixes several issues. The following security issues were fixed: - CVE-2017-1000405: Problematic use of pmd_mkdirty() in the touch_pmd() function allowed users to overwrite read-only huge pages (e.g. the zero huge page and sealed shmem files) (bsc#1070307). - CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708). This non-security issue was fixed: - bsc#1062847: Enable proper shut down if NIC teaming is enabled Patch Instructions: To install this SUSE Security Update use YaST online_update.

References

#1055567 #1062847 #1069708 #1070307

Cross- CVE-2017-1000405 CVE-2017-16939

Affected Products:

SUSE Linux Enterprise Live Patching 12

https://www.suse.com/security/cve/CVE-2017-1000405.html

https://www.suse.com/security/cve/CVE-2017-16939.html

https://bugzilla.suse.com/1055567

https://bugzilla.suse.com/1062847

https://bugzilla.suse.com/1069708

https://bugzilla.suse.com/1070307

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:3284-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.