You are here
Home > Preporuke > Sigurnosni nedostaci Live Patching servisa

Sigurnosni nedostaci Live Patching servisa

SUSE Security Update: Security update for Linux Kernel Live Patch 0 for SLE 12 SP2
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:1303-1
Rating: important
References: #1030575 #1031440 #1031481 #1031660
Cross-References: CVE-2017-7294 CVE-2017-7308
Affected Products:
SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________

An update that solves two vulnerabilities and has two fixes
is now available.

Description:

This update for the Linux Kernel 4.4.21-69 fixes several issues.

The following security bugs were fixed:

– CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in
the Linux kernel did not properly validate certain block-size data,
which allowed local users to cause a denial of service (overflow) or
possibly have unspecified other impact via crafted system calls
(bsc#1030575, bsc#1031660).
– CVE-2017-7294: The vmw_surface_define_ioctl function in
drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not
validate addition of certain levels data, which allowed local users to
trigger an integer overflow and out-of-bounds write, and cause a denial
of service (system hang or crash) or possibly gain privileges, via a
crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440,
bsc#1031481).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Live Patching 12:

zypper in -t patch SUSE-SLE-Live-Patching-12-2017-784=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Live Patching 12 (x86_64):

kgraft-patch-4_4_21-69-default-6-17.2

References:

https://www.suse.com/security/cve/CVE-2017-7294.html
https://www.suse.com/security/cve/CVE-2017-7308.html
https://bugzilla.suse.com/1030575
https://bugzilla.suse.com/1031440
https://bugzilla.suse.com/1031481
https://bugzilla.suse.com/1031660


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE Security Update: Security update for Linux Kernel Live Patch 1 for SLE 12 SP2
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:1279-1
Rating: important
References: #1030575 #1031440 #1031481 #1031660
Cross-References: CVE-2017-7294 CVE-2017-7308
Affected Products:
SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________

An update that solves two vulnerabilities and has two fixes
is now available.

Description:

This update for the Linux Kernel 4.4.21-81 fixes several issues.

The following security bugs were fixed:

– CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in
the Linux kernel did not properly validate certain block-size data,
which allowed local users to cause a denial of service (overflow) or
possibly have unspecified other impact via crafted system calls
(bsc#1030575, bsc#1031660).
– CVE-2017-7294: The vmw_surface_define_ioctl function in
drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not
validate addition of certain levels data, which allowed local users to
trigger an integer overflow and out-of-bounds write, and cause a denial
of service (system hang or crash) or possibly gain privileges, via a
crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440,
bsc#1031481).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Live Patching 12:

zypper in -t patch SUSE-SLE-Live-Patching-12-2017-772=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Live Patching 12 (x86_64):

kgraft-patch-4_4_21-81-default-6-2.1

References:

https://www.suse.com/security/cve/CVE-2017-7294.html
https://www.suse.com/security/cve/CVE-2017-7308.html
https://bugzilla.suse.com/1030575
https://bugzilla.suse.com/1031440
https://bugzilla.suse.com/1031481
https://bugzilla.suse.com/1031660


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE Security Update: Security update for Linux Kernel Live Patch 2 for SLE 12 SP2
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:1277-1
Rating: important
References: #1030575 #1031440 #1031481 #1031660
Cross-References: CVE-2017-7294 CVE-2017-7308
Affected Products:
SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________

An update that solves two vulnerabilities and has two fixes
is now available.

Description:

This update for the Linux Kernel 4.4.21-84 fixes several issues.

The following security bugs were fixed:

– CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in
the Linux kernel did not properly validate certain block-size data,
which allowed local users to cause a denial of service (overflow) or
possibly have unspecified other impact via crafted system calls
(bsc#1030575, bsc#1031660).
– CVE-2017-7294: The vmw_surface_define_ioctl function in
drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not
validate addition of certain levels data, which allowed local users to
trigger an integer overflow and out-of-bounds write, and cause a denial
of service (system hang or crash) or possibly gain privileges, via a
crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440,
bsc#1031481).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Live Patching 12:

zypper in -t patch SUSE-SLE-Live-Patching-12-2017-771=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Live Patching 12 (x86_64):

kgraft-patch-4_4_21-84-default-5-2.1

References:

https://www.suse.com/security/cve/CVE-2017-7294.html
https://www.suse.com/security/cve/CVE-2017-7308.html
https://bugzilla.suse.com/1030575
https://bugzilla.suse.com/1031440
https://bugzilla.suse.com/1031481
https://bugzilla.suse.com/1031660


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE Security Update: Security update for Linux Kernel Live Patch 4 for SLE 12 SP2
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:1295-1
Rating: important
References: #1030575 #1031440 #1031481 #1031660
Cross-References: CVE-2017-7294 CVE-2017-7308
Affected Products:
SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________

An update that solves two vulnerabilities and has two fixes
is now available.

Description:

This update for the Linux Kernel 4.4.38-93 fixes several issues.

The following security bugs were fixed:

– CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in
the Linux kernel did not properly validate certain block-size data,
which allowed local users to cause a denial of service (overflow) or
possibly have unspecified other impact via crafted system calls
(bsc#1030575, bsc#1031660).
– CVE-2017-7294: The vmw_surface_define_ioctl function in
drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not
validate addition of certain levels data, which allowed local users to
trigger an integer overflow and out-of-bounds write, and cause a denial
of service (system hang or crash) or possibly gain privileges, via a
crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440,
bsc#1031481).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Live Patching 12:

zypper in -t patch SUSE-SLE-Live-Patching-12-2017-770=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Live Patching 12 (x86_64):

kgraft-patch-4_4_38-93-default-5-2.1

References:

https://www.suse.com/security/cve/CVE-2017-7294.html
https://www.suse.com/security/cve/CVE-2017-7308.html
https://bugzilla.suse.com/1030575
https://bugzilla.suse.com/1031440
https://bugzilla.suse.com/1031481
https://bugzilla.suse.com/1031660


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE Security Update: Security update for Linux Kernel Live Patch 5 for SLE 12 SP2
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:1283-1
Rating: important
References: #1030575 #1031440 #1031481 #1031660
Cross-References: CVE-2017-7294 CVE-2017-7308
Affected Products:
SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________

An update that solves two vulnerabilities and has two fixes
is now available.

Description:

This update for the Linux Kernel 4.4.49-92_11 fixes several issues.

The following security bugs were fixed:

– CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in
the Linux kernel did not properly validate certain block-size data,
which allowed local users to cause a denial of service (overflow) or
possibly have unspecified other impact via crafted system calls
(bsc#1030575, bsc#1031660).
– CVE-2017-7294: The vmw_surface_define_ioctl function in
drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not
validate addition of certain levels data, which allowed local users to
trigger an integer overflow and out-of-bounds write, and cause a denial
of service (system hang or crash) or possibly gain privileges, via a
crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440,
bsc#1031481).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Live Patching 12:

zypper in -t patch SUSE-SLE-Live-Patching-12-2017-769=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Live Patching 12 (x86_64):

kgraft-patch-4_4_49-92_11-default-3-2.1

References:

https://www.suse.com/security/cve/CVE-2017-7294.html
https://www.suse.com/security/cve/CVE-2017-7308.html
https://bugzilla.suse.com/1030575
https://bugzilla.suse.com/1031440
https://bugzilla.suse.com/1031481
https://bugzilla.suse.com/1031660


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE Security Update: Security update for Linux Kernel Live Patch 6 for SLE 12 SP1
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:1293-1
Rating: important
References: #1030467 #1030575 #1031440 #1031481 #1031660

Cross-References: CVE-2017-7294 CVE-2017-7308
Affected Products:
SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________

An update that solves two vulnerabilities and has three
fixes is now available.

Description:

This update for the Linux Kernel 3.12.59-60_45 fixes several issues.

The following security bugs were fixed:

– CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in
the Linux kernel did not properly validate certain block-size data,
which allowed local users to cause a denial of service (overflow) or
possibly have unspecified other impact via crafted system calls
(bsc#1030575, bsc#1031660).
– CVE-2017-7294: The vmw_surface_define_ioctl function in
drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not
validate addition of certain levels data, which allowed local users to
trigger an integer overflow and out-of-bounds write, and cause a denial
of service (system hang or crash) or possibly gain privileges, via a
crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440,
bsc#1031481).
– bsc#1030467: Updated Dirty COW fix. The former patch caused some apps to
freeze in rare circumstances

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Live Patching 12:

zypper in -t patch SUSE-SLE-Live-Patching-12-2017-780=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Live Patching 12 (x86_64):

kgraft-patch-3_12_59-60_45-default-10-2.1
kgraft-patch-3_12_59-60_45-xen-10-2.1

References:

https://www.suse.com/security/cve/CVE-2017-7294.html
https://www.suse.com/security/cve/CVE-2017-7308.html
https://bugzilla.suse.com/1030467
https://bugzilla.suse.com/1030575
https://bugzilla.suse.com/1031440
https://bugzilla.suse.com/1031481
https://bugzilla.suse.com/1031660


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

 

SUSE Security Update: Security update for Linux Kernel Live Patch 6 for SLE 12 SP2
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:1308-1
Rating:             important
References:         #1030575 #1031440 #1031481 #1031660
Cross-References:   CVE-2017-7294 CVE-2017-7308
Affected Products:
                    SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________

   An update that solves two vulnerabilities and has two fixes
   is now available.

Description:

   This update for the Linux Kernel 4.4.49-92_14 fixes several issues.

   The following security bugs were fixed:

   – CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in
     the Linux kernel did not properly validate certain block-size data,
     which allowed local users to cause a denial of service (overflow) or
     possibly have unspecified other impact via crafted system calls
     (bsc#1030575, bsc#1031660).
   – CVE-2017-7294: The vmw_surface_define_ioctl function in
     drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not
     validate addition of certain levels data, which allowed local users to
     trigger an integer overflow and out-of-bounds write, and cause a denial
     of service (system hang or crash) or possibly gain privileges, via a
     crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440,
     bsc#1031481).

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   – SUSE Linux Enterprise Live Patching 12:

      zypper in -t patch SUSE-SLE-Live-Patching-12-2017-786=1

   To bring your system up-to-date, use “zypper patch”.

Package List:

   – SUSE Linux Enterprise Live Patching 12 (x86_64):

      kgraft-patch-4_4_49-92_14-default-2-2.1

References:

   https://www.suse.com/security/cve/CVE-2017-7294.html
   https://www.suse.com/security/cve/CVE-2017-7308.html
   https://bugzilla.suse.com/1030575
   https://bugzilla.suse.com/1031440
   https://bugzilla.suse.com/1031481
   https://bugzilla.suse.com/1031660


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE Security Update: Security update for Linux Kernel Live Patch 9 for SLE 12 SP1
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:1297-1
Rating: important
References: #1030575 #1031440 #1031481 #1031660
Cross-References: CVE-2017-7294 CVE-2017-7308
Affected Products:
SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________

An update that solves two vulnerabilities and has two fixes
is now available.

Description:

This update for the Linux Kernel 3.12.67-60_64_18 fixes several issues.

The following security bugs were fixed:

– CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in
the Linux kernel did not properly validate certain block-size data,
which allowed local users to cause a denial of service (overflow) or
possibly have unspecified other impact via crafted system calls
(bsc#1030575, bsc#1031660).
– CVE-2017-7294: The vmw_surface_define_ioctl function in
drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not
validate addition of certain levels data, which allowed local users to
trigger an integer overflow and out-of-bounds write, and cause a denial
of service (system hang or crash) or possibly gain privileges, via a
crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440,
bsc#1031481).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Live Patching 12:

zypper in -t patch SUSE-SLE-Live-Patching-12-2017-777=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Live Patching 12 (x86_64):

kgraft-patch-3_12_67-60_64_18-default-7-2.1
kgraft-patch-3_12_67-60_64_18-xen-7-2.1

References:

https://www.suse.com/security/cve/CVE-2017-7294.html
https://www.suse.com/security/cve/CVE-2017-7308.html
https://bugzilla.suse.com/1030575
https://bugzilla.suse.com/1031440
https://bugzilla.suse.com/1031481
https://bugzilla.suse.com/1031660


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE Security Update: Security update for Linux Kernel Live Patch 10 for SLE 12 SP1
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:1289-1
Rating: important
References: #1030575 #1031440 #1031481 #1031660
Cross-References: CVE-2017-7294 CVE-2017-7308
Affected Products:
SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________

An update that solves two vulnerabilities and has two fixes
is now available.

Description:

This update for the Linux Kernel 3.12.67-60_64_21 fixes several issues.

The following security bugs were fixed:

– CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in
the Linux kernel did not properly validate certain block-size data,
which allowed local users to cause a denial of service (overflow) or
possibly have unspecified other impact via crafted system calls
(bsc#1031660).
– CVE-2017-7294: The vmw_surface_define_ioctl function in
drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not
validate addition of certain levels data, which allowed local users to
trigger an integer overflow and out-of-bounds write, and cause a denial
of service (system hang or crash) or possibly gain privileges, via a
crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440,
bsc#1031481).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Live Patching 12:

zypper in -t patch SUSE-SLE-Live-Patching-12-2017-776=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Live Patching 12 (x86_64):

kgraft-patch-3_12_67-60_64_21-default-6-2.1
kgraft-patch-3_12_67-60_64_21-xen-6-2.1

References:

https://www.suse.com/security/cve/CVE-2017-7294.html
https://www.suse.com/security/cve/CVE-2017-7308.html
https://bugzilla.suse.com/1030575
https://bugzilla.suse.com/1031440
https://bugzilla.suse.com/1031481
https://bugzilla.suse.com/1031660


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE Security Update: Security update for Linux Kernel Live Patch 11 for SLE 12 SP1
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:1290-1
Rating: important
References: #1030575 #1031440 #1031481 #1031660
Cross-References: CVE-2017-7294 CVE-2017-7308
Affected Products:
SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________

An update that solves two vulnerabilities and has two fixes
is now available.

Description:

This update for the Linux Kernel 3.12.67-60_64_24 fixes several issues.

The following security bugs were fixed:

– CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in
the Linux kernel did not properly validate certain block-size data,
which allowed local users to cause a denial of service (overflow) or
possibly have unspecified other impact via crafted system calls
(bsc#1031660).
– CVE-2017-7294: The vmw_surface_define_ioctl function in
drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not
validate addition of certain levels data, which allowed local users to
trigger an integer overflow and out-of-bounds write, and cause a denial
of service (system hang or crash) or possibly gain privileges, via a
crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440,
bsc#1031481).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Live Patching 12:

zypper in -t patch SUSE-SLE-Live-Patching-12-2017-775=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Live Patching 12 (x86_64):

kgraft-patch-3_12_67-60_64_24-default-5-2.1
kgraft-patch-3_12_67-60_64_24-xen-5-2.1

References:

https://www.suse.com/security/cve/CVE-2017-7294.html
https://www.suse.com/security/cve/CVE-2017-7308.html
https://bugzilla.suse.com/1030575
https://bugzilla.suse.com/1031440
https://bugzilla.suse.com/1031481
https://bugzilla.suse.com/1031660


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE Security Update: Security update for Linux Kernel Live Patch 12 for SLE 12 SP1
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:1294-1
Rating: important
References: #1030575 #1031440 #1031481 #1031660
Cross-References: CVE-2017-7294 CVE-2017-7308
Affected Products:
SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________

An update that solves two vulnerabilities and has two fixes
is now available.

Description:

This update for the Linux Kernel 3.12.69-60_64_29 fixes several issues.

The following security bugs were fixed:

– CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in
the Linux kernel did not properly validate certain block-size data,
which allowed local users to cause a denial of service (overflow) or
possibly have unspecified other impact via crafted system calls
(bsc#1031660).
– CVE-2017-7294: The vmw_surface_define_ioctl function in
drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not
validate addition of certain levels data, which allowed local users to
trigger an integer overflow and out-of-bounds write, and cause a denial
of service (system hang or crash) or possibly gain privileges, via a
crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440,
bsc#1031481).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Live Patching 12:

zypper in -t patch SUSE-SLE-Live-Patching-12-2017-774=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Live Patching 12 (x86_64):

kgraft-patch-3_12_69-60_64_29-default-4-2.1
kgraft-patch-3_12_69-60_64_29-xen-4-2.1

References:

https://www.suse.com/security/cve/CVE-2017-7294.html
https://www.suse.com/security/cve/CVE-2017-7308.html
https://bugzilla.suse.com/1030575
https://bugzilla.suse.com/1031440
https://bugzilla.suse.com/1031481
https://bugzilla.suse.com/1031660


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE Security Update: Security update for Linux Kernel Live Patch 13 for SLE 12 SP1
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:1280-1
Rating: important
References: #1030575 #1031440 #1031481 #1031660
Cross-References: CVE-2017-7294 CVE-2017-7308
Affected Products:
SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________

An update that solves two vulnerabilities and has two fixes
is now available.

Description:

This update for the Linux Kernel 3.12.69-60_64_32 fixes several issues.

The following security bugs were fixed:

– CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in
the Linux kernel did not properly validate certain block-size data,
which allowed local users to cause a denial of service (overflow) or
possibly have unspecified other impact via crafted system calls
(bsc#1031660).
– CVE-2017-7294: The vmw_surface_define_ioctl function in
drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not
validate addition of certain levels data, which allowed local users to
trigger an integer overflow and out-of-bounds write, and cause a denial
of service (system hang or crash) or possibly gain privileges, via a
crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440,
bsc#1031481).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Live Patching 12:

zypper in -t patch SUSE-SLE-Live-Patching-12-2017-773=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Live Patching 12 (x86_64):

kgraft-patch-3_12_69-60_64_32-default-3-2.1
kgraft-patch-3_12_69-60_64_32-xen-3-2.1

References:

https://www.suse.com/security/cve/CVE-2017-7294.html
https://www.suse.com/security/cve/CVE-2017-7308.html
https://bugzilla.suse.com/1030575
https://bugzilla.suse.com/1031440
https://bugzilla.suse.com/1031481
https://bugzilla.suse.com/1031660


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostaci Live Patching servisa

Izdana je nadogradnja za Live Patching servis za operacijski sustav SUSE. Otkriveni nedostaci potencijalnim lokalnim napadačima omogućuju stjecanje uvećanih ovlasti,...

Close