SUSE: 2018:0282-1 Important: Kernel Live Patch 10 Privilege Escalation
suse
January 30, 2018
An update that solves two vulnerabilities and has one errata is now available.
Summary
This update for the Linux Kernel 4.4.74-92_29 fixes several issues. The following security issues were fixed: - CVE-2017-17712: The raw_sendmsg() function had a race condition that lead to uninitialized stack pointer usage. This allowed a local user to execute code and gain privileges (bsc#1073230). - CVE-2017-16939: The XFRM dump policy implementation allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2018-200=1
Topics Covered
References
#1069708 #1070307 #1073230
Cross- CVE-2017-16939 CVE-2017-17712
Affected Products:
SUSE Linux Enterprise Live Patching 12
https://www.suse.com/security/cve/CVE-2017-16939.html
https://www.suse.com/security/cve/CVE-2017-17712.html
https://bugzilla.suse.com/1069708
https://bugzilla.suse.com/1070307
https://bugzilla.suse.com/1073230
--
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2018:0282-1
Rating: important
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!