Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

SUSE: 2017:3291-1 Critical: Kernel Privilege Escalation and DoS Issues

suse
Calendar Grey December 14, 2017
Dist Suse Esm H88
The newest Red Hat release tackles vital kernel vulnerabilities, boosting overall system safety and performance.
An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes An update that solves two vulnerabilities and has two fixes ...

Summary

This update for the Linux Kernel 4.4.49-92_14 fixes several issues. The following security issues were fixed: - CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708). - CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bsc#1053153). This non-security issue was fixed: - bsc#1062847: Enable proper shut down if NIC teaming is enabled Patch Instructions:

References

#1053153 #1055567 #1062847 #1069708

Cross- CVE-2017-10661 CVE-2017-16939

Affected Products:

SUSE Linux Enterprise Live Patching 12

https://www.suse.com/security/cve/CVE-2017-10661.html

https://www.suse.com/security/cve/CVE-2017-16939.html

https://bugzilla.suse.com/1053153

https://bugzilla.suse.com/1055567

https://bugzilla.suse.com/1062847

https://bugzilla.suse.com/1069708

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:3291-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.