Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
100
security advisorydenial of servicekernel updateSUSE: 2018:0040-1 Important Kernel Security Update with Critical Fixes
An update that solves 32 vulnerabilities and has 7 fixes is now available.. SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0040-1 Rating: important References: #1010175 #1034862 #1045327 #1050231 #1052593 #1056982 #1057179 #1057389 #1058524 #1062520 #1063544 #1063667 #1066295 #1066472 #1066569 #1066573 #1066606 #1066618 #1066625 #1066650 #1066671 #1066693 #1066700 #1066705 #1067085 #1068032 #1068671 #1069702 #1069708 #1070771 #1071074 #1071470 #1071695 #1072561 #1072876 #1073792 #1073874 #1074033 #999245 Cross-References: CVE-2017-1000251 CVE-2017-11600 CVE-2017-13080 CVE-2017-13167 CVE-2017-14106 CVE-2017-14140 CVE-2017-14340 CVE-2017-15102 CVE-2017-15115 CVE-2017-15265 CVE-2017-15274 CVE-2017-15868 CVE-2017-16525 CVE-2017-16527 CVE-2017-16529 CVE-2017-16531 CVE-2017-16534 CVE-2017-16535 CVE-2017-16536 CVE-2017-16537 CVE-2017-16538 CVE-2017-16649 CVE-2017-16939 CVE-2017-17450 CVE-2017-17558 CVE-2017-17805 CVE-2017-17806 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-7472 CVE-2017-8824 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 32 vulnerabilities and has 7 fixes is now available. Description: The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security andbugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753: Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. - CVE-2017-5715: Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. Please contact your CPU / hardware vendor for potential microcode or BIOS updates needed for this fix. As this feature can have a performance impact, it can be disabled using the "nospec" kernel commandline option. - CVE-2017-5754: Local attackers on systems with modern CPUs featuring deep instruction pipelining could use code patterns in userspace to speculative executive code that would read otherwise read protected memory, an attack similar to CVE-2017-5753. This problem is mitigated by unmapping the Linux Kernel from the user address space during user code execution, following a approach called "KAISER". The terms used here are "KAISER" / "Kernel Address Isolation" and "PTI" / "Page Table Isolation". This feature is disabled on unaffected architectures. This feature can be enabled / disabled by the"pti=[on|off|auto]" or "nopti" commandline options. The following security bugs were fixed: - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bnc#1057389). - CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux kernel did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bnc#1050231). - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667). - CVE-2017-13167: An elevation of privilege vulnerability in the kernel sound timer was fixed. (bnc#1072876). - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982). - CVE-2017-14140: The move_pages system call in mm/migrate.c in the Linux kernel didn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR (bnc#1057179). - CVE-2017-14340: The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel did not verify that a filesystem has a realtime device, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory (bnc#1058524). - CVE-2017-15102: The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel allowed local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference (bnc#1066705). - CVE-2017-15115: The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel did not check whether the intended netns is used in a peel-off action, which allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls (bnc#1068671). - CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c (bnc#1062520). - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192 (bnc#1045327). - CVE-2017-15868: The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel did not ensure that an l2cap socket is available, which allowed local users to gain privileges via a crafted application (bnc#1071470). - CVE-2017-16525: The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup (bnc#1066618). - CVE-2017-16527: sound/usb/mixer.c in the Linux kernel allowed local users to cause a denialof service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066625). - CVE-2017-16529: The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066650). - CVE-2017-16531: drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor (bnc#1066671). - CVE-2017-16534: The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066693). - CVE-2017-16535: The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066700). - CVE-2017-16536: The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066606). - CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066573). - CVE-2017-16538: drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel allowed local users tocause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner) (bnc#1066569). - CVE-2017-16649: The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel allowed local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067085). - CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bnc#1069702 1069708). - CVE-2017-17450: net/netfilter/xt_osf.c in the Linux kernel did not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allowed local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces (bnc#1071695 1074033). - CVE-2017-17558: The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel did not consider the maximum number of configurations and interfaces before attempting to release resources, which allowed local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device (bnc#1072561). - CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecifiedother impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792). - CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux kernel did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874). - CVE-2017-7472: The KEYS subsystem in the Linux kernel allowed local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls (bnc#1034862). - CVE-2017-8824: The dccp_disconnect function in net/dccp/proto.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state (bnc#1070771). The following non-security bugs were fixed: - asm alternatives: remove incorrect alignment notes. - getcwd: Close race with d_move called by lustre (bsc#1052593). - kabi: silence spurious kabi error in net/sctp/socket.c (bsc#1068671). - kaiser: add "nokaiser" boot option, using ALTERNATIVE. - kaiser: fix ldt freeing. - kaiser: Kernel Address Isolation. - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - kaiser: work around kABI. - kvm: SVM: Do not intercept new speculative control MSRs (bsc#1068032). - kvm: x86: Add speculative control CPUID support for guests (bsc#1068032). - mac80211: do not compare TKIP TX MIC key in reinstall prevention (bsc#1066472). - mm/mmu_context, sched/core: Fix mmu_context.hassumption. - nfs: Remove asserts from the NFS XDR code (bsc#1063544). - ptrace: Add a new thread access check (bsc#1068032). - Revert "mac80211: accept key reinstall without changing anything" This reverts commit 1def0d4e1446974356bacd9f4be06eee32b66473. - s390: add ppa to system call and program check path (bsc#1068032). - s390: introduce CPU alternatives (bsc#1068032). - s390/spinlock: add gmb memory barrier (bsc#1068032). - sched/core: Add switch_mm_irqs_off() and use it in the scheduler. - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off(). - scsi: mpt2sas: fix cleanup on controller resource mapping failure (bsc#999245). - tcp: fix inet6_csk_route_req() for link-local addresses (bsc#1010175). - tcp: pass fl6 to inet6_csk_route_req() (bsc#1010175). - tcp: plug dst leak in tcp_v6_conn_request() (bsc#1010175). - tcp: use inet6_csk_route_req() in tcp_v6_send_synack() (bsc#1010175). - temporary fix (bsc#1068032). - usb: uas: fix bug in handling of alternate settings (bsc#1071074). - x86-64: Give vvars their own page. - x86-64: Map the HPET NX. - x86/alternatives: Add instruction padding. - x86/alternatives: Cleanup DPRINTK macro. - x86/alternatives: Make JMPs more robust. - x86/alternatives: Use optimized NOPs for padding. - x86/boot: Add early cmdline parsing for options with arguments. - x86, boot: Carve out early cmdline parsing function. - x86/CPU/AMD: Add speculative control support for AMD (bsc#1068032). - x86/CPU/AMD: Make the LFENCE instruction serialized (bsc#1068032). - x86/CPU/AMD: Remove now unused definition of MFENCE_RDTSC feature (bsc#1068032). - x86/CPU: Check speculation control CPUID bit (bsc#1068032). - x86/enter: Add macros to set/clear IBRS and set IBPB (bsc#1068032). - x86/entry: Add a function to overwrite the RSB (bsc#1068032). - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (bsc#1068032). - x86/entry: Use IBRS on entry to kernel space(bsc#1068032). - x86/feature: Enable the x86 feature to control Speculation (bsc#1068032). - x86/idle: Disable IBRS when offlining a CPU and re-enable on wakeup (bsc#1068032). - x86/idle: Toggle IBRS when going idle (bsc#1068032). - x86/kaiser: Check boottime cmdline params. - x86/kaiser: disable vmstat accounting. - x86/kaiser: Move feature detection up (bsc#1068032). - x86/kaiser: propagate info to /proc/cpuinfo. - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - x86/kvm: Add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm (bsc#1068032). - x86/kvm: Flush IBP when switching VMs (bsc#1068032). - x86/kvm: Pad RSB on VM transition (bsc#1068032). - x86/kvm: Toggle IBRS on VM entry and exit (bsc#1068032). - x86: Make alternative instruction pointers relative. - x86/microcode/AMD: Add support for fam17h microcode loading (bsc#1068032). - x86/mm/64: Fix reboot interaction with CR4.PCIDE. - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID. - x86/mm: Add INVPCID helpers. - x86/mm: Add the 'nopcid' boot option to turn off PCID. - x86/mm: Build arch/x86/mm/tlb.c even on !SMP. - x86/mm: Disable PCID on 32-bit kernels. - x86/mm: Enable CR4.PCIDE on supported systems. - x86/mm: fix bad backport to disable PCID on Xen. - x86/mm: Fix INVPCID asm constraint. - x86/mm: If INVPCID is available, use it to flush global mappings. - x86/mm/kaiser: re-enable vsyscalls. - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (bsc#1068032). - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code. - x86/mm, sched/core: Turn off IRQs in switch_mm(). - x86/mm, sched/core: Uninline switch_mm(). - x86/mm: Set IBPB upon context switch (bsc#1068032). - x86/MSR: Move native_*msr(.. u64) to msr.h (bsc#1068032). - x86/spec: Add IBRS control functions (bsc#1068032). - x86/spec: Add "nospec" chicken bit (bsc#1068032). - x86/spec: Check CPUID direclty postmicrocode reload to support IBPB feature (bsc#1068032). - x86/spec_ctrl: Add an Indirect Branch Predictor barrier (bsc#1068032). - x86/spec_ctrl: Check whether IBPB is enabled before using it (bsc#1068032). - x86/spec_ctrl: Check whether IBRS is enabled before using it (bsc#1068032). - x86/svm: Add code to clear registers on VM exit (bsc#1068032). - x86/svm: Clobber the RSB on VM exit (bsc#1068032). - x86/svm: Set IBPB when running a different VCPU (bsc#1068032). - x86/svm: Set IBRS value on VM entry and exit (bsc#1068032). - xen/kaiser: add "nokaiser" boot option, using ALTERNATIVE. - xen/KAISER: Kernel Address Isolation. - xen/kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - xen/kaiser: work around kABI. - xen/x86-64: Give vvars their own page. - xen/x86-64: Map the HPET NX. - xen/x86/alternatives: Add instruction padding. - xen/x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - xen/x86/mm: Enable CR4.PCIDE on supported systems. - xen/x86/mm/kaiser: re-enable vsyscalls. - xen/x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code. - xen: x86/mm, sched/core: Turn off IRQs in switch_mm(). - xen: x86/mm, sched/core: Uninline switch_mm(). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-kernel-20170109-13398=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-20170109-13398=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kernel-20170109-13398=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-20170109-13398=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.47.106.11.1 kernel-default-base-3.0.101-0.47.106.11.1 kernel-default-devel-3.0.101-0.47.106.11.1 kernel-source-3.0.101-0.47.106.11.1 kernel-syms-3.0.101-0.47.106.11.1 kernel-trace-3.0.101-0.47.106.11.1 kernel-trace-base-3.0.101-0.47.106.11.1 kernel-trace-devel-3.0.101-0.47.106.11.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.47.106.11.1 kernel-ec2-base-3.0.101-0.47.106.11.1 kernel-ec2-devel-3.0.101-0.47.106.11.1 kernel-xen-3.0.101-0.47.106.11.1 kernel-xen-base-3.0.101-0.47.106.11.1 kernel-xen-devel-3.0.101-0.47.106.11.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): kernel-bigsmp-3.0.101-0.47.106.11.1 kernel-bigsmp-base-3.0.101-0.47.106.11.1 kernel-bigsmp-devel-3.0.101-0.47.106.11.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x): kernel-default-man-3.0.101-0.47.106.11.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): kernel-pae-3.0.101-0.47.106.11.1 kernel-pae-base-3.0.101-0.47.106.11.1 kernel-pae-devel-3.0.101-0.47.106.11.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.47.106.11.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-0.47.106.11.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-bigsmp-extra-3.0.101-0.47.106.11.1 kernel-trace-extra-3.0.101-0.47.106.11.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-0.47.106.11.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-0.47.106.11.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kernel-default-3.0.101-0.47.106.11.1 kernel-default-base-3.0.101-0.47.106.11.1 kernel-default-devel-3.0.101-0.47.106.11.1 kernel-ec2-3.0.101-0.47.106.11.1 kernel-ec2-base-3.0.101-0.47.106.11.1 kernel-ec2-devel-3.0.101-0.47.106.11.1 kernel-pae-3.0.101-0.47.106.11.1 kernel-pae-base-3.0.101-0.47.106.11.1 kernel-pae-devel-3.0.101-0.47.106.11.1 kernel-source-3.0.101-0.47.106.11.1 kernel-syms-3.0.101-0.47.106.11.1 kernel-trace-3.0.101-0.47.106.11.1 kernel-trace-base-3.0.101-0.47.106.11.1 kernel-trace-devel-3.0.101-0.47.106.11.1 kernel-xen-3.0.101-0.47.106.11.1 kernel-xen-base-3.0.101-0.47.106.11.1 kernel-xen-devel-3.0.101-0.47.106.11.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.47.106.11.1 kernel-default-debugsource-3.0.101-0.47.106.11.1 kernel-trace-debuginfo-3.0.101-0.47.106.11.1 kernel-trace-debugsource-3.0.101-0.47.106.11.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.47.106.11.1 kernel-ec2-debugsource-3.0.101-0.47.106.11.1 kernel-xen-debuginfo-3.0.101-0.47.106.11.1 kernel-xen-debugsource-3.0.101-0.47.106.11.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-bigsmp-debuginfo-3.0.101-0.47.106.11.1 kernel-bigsmp-debugsource-3.0.101-0.47.106.11.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586): kernel-pae-debuginfo-3.0.101-0.47.106.11.1 kernel-pae-debugsource-3.0.101-0.47.106.11.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-11600.html https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-13167.html https://www.suse.com/security/cve/CVE-2017-14106.html https://www.suse.com/security/cve/CVE-2017-14140.html https://www.suse.com/security/cve/CVE-2017-14340.html https://www.suse.com/security/cve/CVE-2017-15102.html https://www.suse.com/security/cve/CVE-2017-15115.html https://www.suse.com/security/cve/CVE-2017-15265.html https://www.suse.com/security/cve/CVE-2017-15274.html https://www.suse.com/security/cve/CVE-2017-15868.html https://www.suse.com/security/cve/CVE-2017-16525.html https://www.suse.com/security/cve/CVE-2017-16527.html https://www.suse.com/security/cve/CVE-2017-16529.html https://www.suse.com/security/cve/CVE-2017-16531.html https://www.suse.com/security/cve/CVE-2017-16534.html https://www.suse.com/security/cve/CVE-2017-16535.html https://www.suse.com/security/cve/CVE-2017-16536.html https://www.suse.com/security/cve/CVE-2017-16537.html https://www.suse.com/security/cve/CVE-2017-16538.html https://www.suse.com/security/cve/CVE-2017-16649.html https://www.suse.com/security/cve/CVE-2017-16939.html https://www.suse.com/security/cve/CVE-2017-17450.html https://www.suse.com/security/cve/CVE-2017-17558.html https://www.suse.com/security/cve/CVE-2017-17805.html https://www.suse.com/security/cve/CVE-2017-17806.html https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2017-5754.html https://www.suse.com/security/cve/CVE-2017-7472.html https://www.suse.com/security/cve/CVE-2017-8824.html https://bugzilla.suse.com/1010175 https://bugzilla.suse.com/1034862 https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1050231 https://bugzilla.suse.com/1052593 https://bugzilla.suse.com/1056982 https://bugzilla.suse.com/1057179 https://bugzilla.suse.com/1057389 https://bugzilla.suse.com/1058524 https://bugzilla.suse.com/1062520 https://bugzilla.suse.com/1063544 https://bugzilla.suse.com/1063667 https://bugzilla.suse.com/1066295 https://bugzilla.suse.com/1066472 https://bugzilla.suse.com/1066569 https://bugzilla.suse.com/1066573 https://bugzilla.suse.com/1066606 https://bugzilla.suse.com/1066618 https://bugzilla.suse.com/1066625 https://bugzilla.suse.com/1066650 https://bugzilla.suse.com/1066671 https://bugzilla.suse.com/1066693 https://bugzilla.suse.com/1066700 https://bugzilla.suse.com/1066705 https://bugzilla.suse.com/1067085 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1068671 https://bugzilla.suse.com/1069702 https://bugzilla.suse.com/1069708 https://bugzilla.suse.com/1070771 https://bugzilla.suse.com/1071074 https://bugzilla.suse.com/1071470 https://bugzilla.suse.com/1071695 https://bugzilla.suse.com/1072561 https://bugzilla.suse.com/1072876 https://bugzilla.suse.com/1073792 https://bugzilla.suse.com/1073874 https://bugzilla.suse.com/1074033 https://bugzilla.suse.com/999245 -- . Important notice regarding the SUSE Linux Kernel addressing multiple security flaws to improve overall system protection. Prompt measures recommended.. SUSE Security Update, Kernel Update, System Fixes, Local Threats. . Severity: Important. LinuxSecurity.com Team
Jan 08, 2018
•Important
SuSE
172
security advisorymoderatelocal threatsUbuntu 16.04 LTS USN-3161-4 Moderate: Linux Kernel Local Threats
Several security issues were fixed in the kernel.. =========================================================================Ubuntu Security Notice USN-3161-4 December 20, 2016 linux-snapdragon vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in the kernel. Software Description: - linux-snapdragon: Linux kernel for Snapdragon Processors Details: Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2015-8964) It was discovered that the Video For Linux Two (v4l2) implementation in the Linux kernel did not properly handle multiple planes when processing a VIDIOC_DQBUF ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-4568) CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6213) Andreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did not clear the setgid bit during a setxattr call. A local attacker could use this to possibly elevate group privileges. (CVE-2016-7097) Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service (system crash) or possibly gain privileges. (CVE-2016-7425) It was discovered that the KVM implementation for x86/x86_64 in the Linux kernel could dereference a null pointer. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the KVM host. (CVE-2016-8630) Eyal Itkin discoveredthat the IP over IEEE 1394 (FireWire) implementation in the Linux kernel contained a buffer overflow when handling fragmented packets. A remote attacker could use this to possibly execute arbitrary code with administrative privileges. (CVE-2016-8633) Marco Grassi discovered that the TCP implementation in the Linux kernel mishandles socket buffer (skb) truncation. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-8645) Daxing Guo discovered a stack-based buffer overflow in the Broadcom IEEE802.11n FullMAC driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain privileges. (CVE-2016-8658) Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service (system crash). (CVE-2016-9555) It was discovered that the __get_user_asm_ex implementation in the Linux kernel for x86/x86_64 contained extended asm statements that were incompatible with the exception table. A local attacker could use this to gain administrative privileges. (CVE-2016-9644) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: linux-image-4.4.0-1042-snapdragon 4.4.0-1042.46 linux-image-snapdragon 4.4.0.1042.34 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-3161-4 https://ubuntu.com/security/notices/USN-3161-1 CVE-2015-8964, CVE-2016-4568, CVE-2016-6213, CVE-2016-7097, CVE-2016-7425, CVE-2016-8630, CVE-2016-8633, CVE-2016-8645, CVE-2016-8658, CVE-2016-9555, CVE-2016-9644 Package Information: https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1042.46 . Numerous vulnerabilities within the core kernel have been resolved, encompassing TTY management, v4l2 interactions, and additional concerns in Ubuntu 16.04.. Linux Kernel, Snapdragon, Ubuntu Security, System Update, Local Threats. . Severity: Important. LinuxSecurity.com Team
Dec 20, 2016
•Important
Ubuntu
87
security advisorysecurity updatedebianDebian 11 DSA 752-1 Moderate: Gzip Local And Remote Threats Fix
Two problems have been discovered in gzip, the GNU compression utility.. - --------------------------------------------------------------------------Debian Security Advisory DSA 752-1
Jul 11, 2005
Debian
100
security advisorymoderateSuSESuSE: 2003:002 Moderate: CUPS Vulnerabilities for Local and Remote Access
There are several security issues with CUPS that can lead to local and remote root compromise.. ______________________________________________________________________________ SuSE Security Announcement Package: cups Announcement-ID: SuSE-SA:2003:002 Date: Thursday, Jan 2nd 2003 09:30 MEST Affected products: 7.1, 7.2, 7.3, 8.0, 8.1 SuSE Linux Enterprise Server 8 UnitedLinux 1.0 Vulnerability Type: local and remote privilege escalation Severity (1-10): 7 SuSE default package: since 8.1: yes prior 8.1: no Cross References: CAN-2002-1366 CAN-2002-1367 CAN-2002-1368 CAN-2002-1369 CAN-2002-1371 CAN-2002-1372 CAN-2002-1383 CAN-2002-1384 Content of this advisory: 1) security vulnerability resolved: several bugs problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds: - none 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information CUPS is a well known and widely used printing system for unix-like systems. iDFENSE reported several security issues with CUPS that can lead to local and remote root compromise. The following list includes all vulnerabilities: - integer overflow in HTTP interface to gain remote access with CUPS privileges - local file race condition to gain root (bug mentioned above has to be exploited first) - remotely add printers -remote denial-of-service attack due to negative length in memcpy() call - integer overflow in image handling code to gain higher privileges - gain local root due to buffer overflow of 'options' buffer - design problem to gain local root (needs added printer, see above) - wrong handling of zero width images can be abused to gain higher privileges - file descriptor leak and denial-of-service due to missing checks of return values of file/socket operations Since SuSE 8.1 CUPS is the default printing system. As a temporary workaround CUPS can be disabled and an alternative printing system like LPRng can be installed instead. New CUPS packages are available on our FTP servers. Please, install them to fix your system. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update. Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web. Intel i386 Platform: SuSE-8.1: 2531f8cf2c7ffbc45f5bdabbad31b312 patch rpm(s): 048c97ac172f3a838bb3e4789250cd56 3daffc6cac8a067c2a8b52768ada25a0 patch rpm(s): 74045133ea1780aa311dab78af0ea7a5 593fedd856a9568147f76e70cdd32b94 patch rpm(s): 9a67ef7fd0162283d662581866a68263 source rpm(s): cad9236a0f71d1ad263c4c79e6d4337f SuSE-8.0: 9d1d9c3cc395e6355da6f8f1b9ccee5c patch rpm(s): b17bfb78daac61a05c92e938e2d89463 9ec263cb51c223798818509f50246ec9 patch rpm(s): a59edfa5ba38116ccd4c264863c4bbf8 fef9316839a2747111201b5e035295ad patch rpm(s): 80525203e712a959badab348d07f81a9 source rpm(s): 4cad7db5ae424516502c820d29402989 SuSE-7.3: e456c6027c8e63a8e3c1773cc2d4d531 53bfc694bc74e4220eba66f569dd837b 7ed2406d49693fa148eaf27ac3083010 source rpm(s): 0e33f13aedce730069b3e1788eb19a0e SuSE-7.2: f6651e3f296ac2e19edb6403c2f92e7e source rpm(s): 42015fbabce4f6bc22cf4d94061ca657 SuSE-7.1: f9b1f8aee6cad0ef7787dffc2a4309b1 source rpm(s): f1db871d4a9b921bdffe71023fb294f9 Sparc Platform: SuSE-7.3: 0c614102570716b33a96723867d071df d15e6354a448240275966dd46f7e02ed b21ce5aaa79dd60897eed762e119a65d source rpm(s): 83bd4b66daeba343549d0f8abd80a537 AXP Alpha Platform: SuSE-7.1: f68f6f596934365ae44d8dafc7aaa897 source rpm(s): f10402e4bada55969e6a1fb651c8f37b PPC Power PC Platform: SuSE-7.3: 3b15601c7838620311514cc244e45078 c1ca0adfa7c4091260c64e3c58ea20f1 b63eef9ec012b5e17bfcfce558829f94 source rpm(s): 58850c0f45f62a79146fa536fc91ded7 SuSE-7.1: 1a31de608674e8a1224b22bd3b9a792a source rpm(s): ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - none ______________________________________________________________________________ 3) standard appendix: authenticity verification, additional information - Package authenticity verification: SuSE update packages are available on many mirror ftp servers all over the world. While this service is being considered valuable and important to the free and open source software community, many users wish to be sure about the origin of the package and its content before installing the package. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file orrpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpm package. 1) execute the command md5sum after you downloaded the file from a SuSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key
Jan 02, 2003
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!