You are here
Home > Preporuke > Sigurnosni nedostatak u jezgri operacijskog sustava

Sigurnosni nedostatak u jezgri operacijskog sustava

SUSE Security Update: Security update for Linux Kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2014:0775-1
Rating: critical
References: #880892
Cross-References: CVE-2014-3153
Affected Products:
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise High Availability Extension 11 SP3
SUSE Linux Enterprise Desktop 11 SP3
SLE 11 SERVER Unsupported Extras
______________________________________________________________________________

An update that fixes one vulnerability is now available. It
includes one version update.

Description:

The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix a
critical privilege escalation security issue:

* CVE-2014-3153: The futex acquisition code in kernel/futex.c can be
used to gain ring0 access via the futex syscall. This could be used
for privilege escalation by non-root users. (bnc#880892)

Security Issue reference:

* CVE-2014-3153
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153>

Indications:

Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 11 SP3 for VMware:

zypper in -t patch slessp3-kernel-9328 slessp3-kernel-9329

– SUSE Linux Enterprise Server 11 SP3:

zypper in -t patch slessp3-kernel-9328 slessp3-kernel-9329 slessp3-kernel-9330 slessp3-kernel-9331 slessp3-kernel-9346

– SUSE Linux Enterprise High Availability Extension 11 SP3:

zypper in -t patch slehasp3-kernel-9328 slehasp3-kernel-9329 slehasp3-kernel-9330 slehasp3-kernel-9331 slehasp3-kernel-9346

– SUSE Linux Enterprise Desktop 11 SP3:

zypper in -t patch sledsp3-kernel-9328 sledsp3-kernel-9329

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 3.0.101]:

kernel-default-3.0.101-0.31.1
kernel-default-base-3.0.101-0.31.1
kernel-default-devel-3.0.101-0.31.1
kernel-source-3.0.101-0.31.1
kernel-syms-3.0.101-0.31.1
kernel-trace-3.0.101-0.31.1
kernel-trace-base-3.0.101-0.31.1
kernel-trace-devel-3.0.101-0.31.1
kernel-xen-devel-3.0.101-0.31.1

– SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version: 3.0.101]:

kernel-pae-3.0.101-0.31.1
kernel-pae-base-3.0.101-0.31.1
kernel-pae-devel-3.0.101-0.31.1

– SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.101]:

kernel-default-3.0.101-0.31.1
kernel-default-base-3.0.101-0.31.1
kernel-default-devel-3.0.101-0.31.1
kernel-source-3.0.101-0.31.1
kernel-syms-3.0.101-0.31.1
kernel-trace-3.0.101-0.31.1
kernel-trace-base-3.0.101-0.31.1
kernel-trace-devel-3.0.101-0.31.1

– SUSE Linux Enterprise Server 11 SP3 (i586 x86_64) [New Version: 3.0.101]:

kernel-ec2-3.0.101-0.31.1
kernel-ec2-base-3.0.101-0.31.1
kernel-ec2-devel-3.0.101-0.31.1
kernel-xen-3.0.101-0.31.1
kernel-xen-base-3.0.101-0.31.1
kernel-xen-devel-3.0.101-0.31.1
xen-kmp-default-4.2.4_02_3.0.101_0.31-0.7.33

– SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 3.0.101]:

kernel-default-man-3.0.101-0.31.1

– SUSE Linux Enterprise Server 11 SP3 (ppc64) [New Version: 3.0.101]:

kernel-ppc64-3.0.101-0.31.1
kernel-ppc64-base-3.0.101-0.31.1
kernel-ppc64-devel-3.0.101-0.31.1

– SUSE Linux Enterprise Server 11 SP3 (i586) [New Version: 3.0.101]:

kernel-pae-3.0.101-0.31.1
kernel-pae-base-3.0.101-0.31.1
kernel-pae-devel-3.0.101-0.31.1
xen-kmp-pae-4.2.4_02_3.0.101_0.31-0.7.33

– SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64):

cluster-network-kmp-default-1.4_3.0.101_0.31-2.27.69
cluster-network-kmp-trace-1.4_3.0.101_0.31-2.27.69
gfs2-kmp-default-2_3.0.101_0.31-0.16.75
gfs2-kmp-trace-2_3.0.101_0.31-0.16.75
ocfs2-kmp-default-1.6_3.0.101_0.31-0.20.69
ocfs2-kmp-trace-1.6_3.0.101_0.31-0.20.69

– SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 x86_64):

cluster-network-kmp-xen-1.4_3.0.101_0.31-2.27.69
gfs2-kmp-xen-2_3.0.101_0.31-0.16.75
ocfs2-kmp-xen-1.6_3.0.101_0.31-0.20.69

– SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64):

cluster-network-kmp-ppc64-1.4_3.0.101_0.31-2.27.69
gfs2-kmp-ppc64-2_3.0.101_0.31-0.16.75
ocfs2-kmp-ppc64-1.6_3.0.101_0.31-0.20.69

– SUSE Linux Enterprise High Availability Extension 11 SP3 (i586):

cluster-network-kmp-pae-1.4_3.0.101_0.31-2.27.69
gfs2-kmp-pae-2_3.0.101_0.31-0.16.75
ocfs2-kmp-pae-1.6_3.0.101_0.31-0.20.69

– SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.0.101]:

kernel-default-3.0.101-0.31.1
kernel-default-base-3.0.101-0.31.1
kernel-default-devel-3.0.101-0.31.1
kernel-default-extra-3.0.101-0.31.1
kernel-source-3.0.101-0.31.1
kernel-syms-3.0.101-0.31.1
kernel-trace-devel-3.0.101-0.31.1
kernel-xen-3.0.101-0.31.1
kernel-xen-base-3.0.101-0.31.1
kernel-xen-devel-3.0.101-0.31.1
kernel-xen-extra-3.0.101-0.31.1
xen-kmp-default-4.2.4_02_3.0.101_0.31-0.7.33

– SUSE Linux Enterprise Desktop 11 SP3 (i586) [New Version: 3.0.101]:

kernel-pae-3.0.101-0.31.1
kernel-pae-base-3.0.101-0.31.1
kernel-pae-devel-3.0.101-0.31.1
kernel-pae-extra-3.0.101-0.31.1
xen-kmp-pae-4.2.4_02_3.0.101_0.31-0.7.33

– SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):

kernel-default-extra-3.0.101-0.31.1

– SLE 11 SERVER Unsupported Extras (i586 x86_64):

kernel-xen-extra-3.0.101-0.31.1

– SLE 11 SERVER Unsupported Extras (ppc64):

kernel-ppc64-extra-3.0.101-0.31.1

– SLE 11 SERVER Unsupported Extras (i586):

kernel-pae-extra-3.0.101-0.31.1

References:

http://support.novell.com/security/cve/CVE-2014-3153.html
https://bugzilla.novell.com/880892
http://download.suse.com/patch/finder/?keywords=0cdcfea3b263f03fc7b11c9e27c68106
http://download.suse.com/patch/finder/?keywords=2394b6ce8b434732566fe3cbf2a956f7
http://download.suse.com/patch/finder/?keywords=5d5df6a9a600dbe5fe09c19d8dc24b0e
http://download.suse.com/patch/finder/?keywords=8a869bd2122273831bd282fab2377076
http://download.suse.com/patch/finder/?keywords=a8f8feb5552e1da3b52f48f677f467cf
http://download.suse.com/patch/finder/?keywords=a9d9490d68822582cd43af9c0c2aa6d7
http://download.suse.com/patch/finder/?keywords=c905f5237a7e0ae4f9fdf0c325c0dbb2
http://download.suse.com/patch/finder/?keywords=f6e7ea94e8ad3ddbdf3d897e2a3ff6b8
http://download.suse.com/patch/finder/?keywords=fab06fd0fffc9ae59673101aeace943a
http://download.suse.com/patch/finder/?keywords=fd1bf222c9f9ff4cc32dae8bac451528


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa qemu-kvm

Otkriveni su sigurnosni nedostaci u programskom paketu qemu-kvm za operacijski sustav Red Hat. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje napada...

Close