You are here
Home > Preporuke > Sigurnosni nedostaci Live Patching servisa

Sigurnosni nedostaci Live Patching servisa

by ncert - 0

SUSE Security Update: Security update for Linux Kernel Live Patch 17 for SLE 12
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2093-1
Rating: important
References: #1027575 #1042892 #1046191 #1050751
Cross-References: CVE-2017-2636 CVE-2017-7533 CVE-2017-7645
CVE-2017-9242
Affected Products:
SUSE Linux Enterprise Server for SAP 12
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:

This update for the Linux Kernel 3.12.60-52_60 fixes several issues.

The following security bugs were fixed:

– CVE-2017-7533: A bug in inotify code allowed local users to escalate
privilege (bsc#1050751).
– CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux
kernel allowed remote attackers to cause a denial of service (system
crash) via a long RPC reply, related to net/sunrpc/svc.c,
fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).
– CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux
kernel allowed local users to gain privileges or cause a denial of
service (double free) by setting the HDLC line discipline (bsc#1027575).
– CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c
in the Linux kernel is too late in checking whether an overwrite of an
skb data structure may occur, which allowed local users to cause a
denial of service (system crash) via crafted system calls (bsc#1042892).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server for SAP 12:

zypper in -t patch SUSE-SLE-SAP-12-2017-1296=1

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1296=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server for SAP 12 (x86_64):

kgraft-patch-3_12_60-52_60-default-7-2.1
kgraft-patch-3_12_60-52_60-xen-7-2.1

– SUSE Linux Enterprise Server 12-LTSS (x86_64):

kgraft-patch-3_12_60-52_60-default-7-2.1
kgraft-patch-3_12_60-52_60-xen-7-2.1

References:

https://www.suse.com/security/cve/CVE-2017-2636.html
https://www.suse.com/security/cve/CVE-2017-7533.html
https://www.suse.com/security/cve/CVE-2017-7645.html
https://www.suse.com/security/cve/CVE-2017-9242.html
https://bugzilla.suse.com/1027575
https://bugzilla.suse.com/1042892
https://bugzilla.suse.com/1046191
https://bugzilla.suse.com/1050751


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE Security Update: Security update for Linux Kernel Live Patch 18 for SLE 12
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2095-1
Rating: important
References: #1027575 #1042892 #1046191 #1050751
Cross-References: CVE-2017-2636 CVE-2017-7533 CVE-2017-7645
CVE-2017-9242
Affected Products:
SUSE Linux Enterprise Server for SAP 12
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:

This update for the Linux Kernel 3.12.60-52_63 fixes several issues.

The following security bugs were fixed:

– CVE-2017-7533: A bug in inotify code allowed local users to escalate
privilege (bsc#1050751).
– CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux
kernel allowed remote attackers to cause a denial of service (system
crash) via a long RPC reply, related to net/sunrpc/svc.c,
fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).
– CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux
kernel allowed local users to gain privileges or cause a denial of
service (double free) by setting the HDLC line discipline (bsc#1027575).
– CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c
in the Linux kernel is too late in checking whether an overwrite of an
skb data structure may occur, which allowed local users to cause a
denial of service (system crash) via crafted system calls (bsc#1042892).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server for SAP 12:

zypper in -t patch SUSE-SLE-SAP-12-2017-1297=1

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1297=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server for SAP 12 (x86_64):

kgraft-patch-3_12_60-52_63-default-7-2.1
kgraft-patch-3_12_60-52_63-xen-7-2.1

– SUSE Linux Enterprise Server 12-LTSS (x86_64):

kgraft-patch-3_12_60-52_63-default-7-2.1
kgraft-patch-3_12_60-52_63-xen-7-2.1

References:

https://www.suse.com/security/cve/CVE-2017-2636.html
https://www.suse.com/security/cve/CVE-2017-7533.html
https://www.suse.com/security/cve/CVE-2017-7645.html
https://www.suse.com/security/cve/CVE-2017-9242.html
https://bugzilla.suse.com/1027575
https://bugzilla.suse.com/1042892
https://bugzilla.suse.com/1046191
https://bugzilla.suse.com/1050751


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE Security Update: Security update for Linux Kernel Live Patch 19 for SLE 12
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2096-1
Rating: important
References: #1027575 #1042892 #1044878 #1046191 #1050751

Cross-References: CVE-2017-2636 CVE-2017-7533 CVE-2017-7645
CVE-2017-9242
Affected Products:
SUSE Linux Enterprise Server for SAP 12
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

An update that solves four vulnerabilities and has one
errata is now available.

Description:

This update for the Linux Kernel 3.12.61-52_66 fixes several issues.

The following security bugs were fixed:

– CVE-2017-7533: A bug in inotify code allowed local users to escalate
privilege (bsc#1050751).
– CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux
kernel allowed remote attackers to cause a denial of service (system
crash) via a long RPC reply, related to net/sunrpc/svc.c,
fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).
– CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux
kernel allowed local users to gain privileges or cause a denial of
service (double free) by setting the HDLC line discipline (bsc#1027575).
– A SUSE Linux Enterprise specific regression in tearing down network
namespaces was fixed (bsc#1044878)
– CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c
in the Linux kernel is too late in checking whether an overwrite of an
skb data structure may occur, which allowed local users to cause a
denial of service (system crash) via crafted system calls (bsc#1042892).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server for SAP 12:

zypper in -t patch SUSE-SLE-SAP-12-2017-1298=1

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1298=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server for SAP 12 (x86_64):

kgraft-patch-3_12_61-52_66-default-6-2.1
kgraft-patch-3_12_61-52_66-xen-6-2.1

– SUSE Linux Enterprise Server 12-LTSS (x86_64):

kgraft-patch-3_12_61-52_66-default-6-2.1
kgraft-patch-3_12_61-52_66-xen-6-2.1

References:

https://www.suse.com/security/cve/CVE-2017-2636.html
https://www.suse.com/security/cve/CVE-2017-7533.html
https://www.suse.com/security/cve/CVE-2017-7645.html
https://www.suse.com/security/cve/CVE-2017-9242.html
https://bugzilla.suse.com/1027575
https://bugzilla.suse.com/1042892
https://bugzilla.suse.com/1044878
https://bugzilla.suse.com/1046191
https://bugzilla.suse.com/1050751


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE Security Update: Security update for Linux Kernel Live Patch 16 for SLE 12
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2099-1
Rating:             important
References:         #1027575 #1042892 #1046191 #1050751
Cross-References:   CVE-2017-2636 CVE-2017-7533 CVE-2017-7645
                    CVE-2017-9242
Affected Products:
                    SUSE Linux Enterprise Server for SAP 12
                    SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

   An update that fixes four vulnerabilities is now available.

Description:

   This update for the Linux Kernel 3.12.60-52_57 fixes several issues.

   The following security bugs were fixed:

   – CVE-2017-7533: A bug in inotify code allowed local users to escalate
     privilege (bsc#1050751).
   – CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux
     kernel allowed remote attackers to cause a denial of service (system
     crash) via a long RPC reply, related to net/sunrpc/svc.c,
     fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).
   – CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux
     kernel allowed local users to gain privileges or cause a denial of
     service (double free) by setting the HDLC line discipline (bsc#1027575).
   – CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c
     in the Linux kernel is too late in checking whether an overwrite of an
     skb data structure may occur, which allowed local users to cause a
     denial of service (system crash) via crafted system calls (bsc#1042892).

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   – SUSE Linux Enterprise Server for SAP 12:

      zypper in -t patch SUSE-SLE-SAP-12-2017-1304=1

   – SUSE Linux Enterprise Server 12-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-2017-1304=1

   To bring your system up-to-date, use “zypper patch”.

Package List:

   – SUSE Linux Enterprise Server for SAP 12 (x86_64):

      kgraft-patch-3_12_60-52_57-default-8-2.1
      kgraft-patch-3_12_60-52_57-xen-8-2.1

   – SUSE Linux Enterprise Server 12-LTSS (x86_64):

      kgraft-patch-3_12_60-52_57-default-8-2.1
      kgraft-patch-3_12_60-52_57-xen-8-2.1

References:

   https://www.suse.com/security/cve/CVE-2017-2636.html
   https://www.suse.com/security/cve/CVE-2017-7533.html
   https://www.suse.com/security/cve/CVE-2017-7645.html
   https://www.suse.com/security/cve/CVE-2017-9242.html
   https://bugzilla.suse.com/1027575
   https://bugzilla.suse.com/1042892
   https://bugzilla.suse.com/1046191
   https://bugzilla.suse.com/1050751


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE Security Update: Security update for Linux Kernel Live Patch 20 for SLE 12
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2103-1
Rating:             important
References:         #1042892 #1044878 #1046191 #1050751
Cross-References:   CVE-2017-7533 CVE-2017-7645 CVE-2017-9242
                  
Affected Products:
                    SUSE Linux Enterprise Server for SAP 12
                    SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

   An update that solves three vulnerabilities and has one
   errata is now available.

Description:

   This update for the Linux Kernel 3.12.61-52_69 fixes several issues.

   The following security bugs were fixed:

   – CVE-2017-7533: A bug in inotify code allowed local users to escalate
     privilege (bsc#1050751).
   – CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux
     kernel allowed remote attackers to cause a denial of service (system
     crash) via a long RPC reply, related to net/sunrpc/svc.c,
     fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).
   – A SUSE Linux Enterprise specific regression in tearing down network
     namespaces was fixed (bsc#1044878)
   – CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c
     in the Linux kernel is too late in checking whether an overwrite of an
     skb data structure may occur, which allowed local users to cause a
     denial of service (system crash) via crafted system calls (bsc#1042892).

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   – SUSE Linux Enterprise Server for SAP 12:

      zypper in -t patch SUSE-SLE-SAP-12-2017-1303=1

   – SUSE Linux Enterprise Server 12-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-2017-1303=1

   To bring your system up-to-date, use “zypper patch”.

Package List:

   – SUSE Linux Enterprise Server for SAP 12 (x86_64):

      kgraft-patch-3_12_61-52_69-default-4-2.1
      kgraft-patch-3_12_61-52_69-xen-4-2.1

   – SUSE Linux Enterprise Server 12-LTSS (x86_64):

      kgraft-patch-3_12_61-52_69-default-4-2.1
      kgraft-patch-3_12_61-52_69-xen-4-2.1

References:

   https://www.suse.com/security/cve/CVE-2017-7533.html
   https://www.suse.com/security/cve/CVE-2017-7645.html
   https://www.suse.com/security/cve/CVE-2017-9242.html
   https://bugzilla.suse.com/1042892
   https://bugzilla.suse.com/1044878
   https://bugzilla.suse.com/1046191
   https://bugzilla.suse.com/1050751


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE Security Update: Security update for Linux Kernel Live Patch 22 for SLE 12
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2102-1
Rating:             important
References:         #1042892 #1046191 #1050751
Cross-References:   CVE-2017-7533 CVE-2017-7645 CVE-2017-9242
                  
Affected Products:
                    SUSE Linux Enterprise Server for SAP 12
                    SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:

   This update for the Linux Kernel 3.12.61-52_77 fixes several issues.

   The following security bugs were fixed:

   – CVE-2017-7533: A bug in inotify code allowed local users to escalate
     privilege (bsc#1050751).
   – CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux
     kernel allowed remote attackers to cause a denial of service (system
     crash) via a long RPC reply, related to net/sunrpc/svc.c,
     fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).
   – CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c
     in the Linux kernel is too late in checking whether an overwrite of an
     skb data structure may occur, which allowed local users to cause a
     denial of service (system crash) via crafted system calls (bsc#1042892).

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   – SUSE Linux Enterprise Server for SAP 12:

      zypper in -t patch SUSE-SLE-SAP-12-2017-1301=1

   – SUSE Linux Enterprise Server 12-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-2017-1301=1

   To bring your system up-to-date, use “zypper patch”.

Package List:

   – SUSE Linux Enterprise Server for SAP 12 (x86_64):

      kgraft-patch-3_12_61-52_77-default-3-2.1
      kgraft-patch-3_12_61-52_77-xen-3-2.1

   – SUSE Linux Enterprise Server 12-LTSS (x86_64):

      kgraft-patch-3_12_61-52_77-default-3-2.1
      kgraft-patch-3_12_61-52_77-xen-3-2.1

References:

   https://www.suse.com/security/cve/CVE-2017-7533.html
   https://www.suse.com/security/cve/CVE-2017-7645.html
   https://www.suse.com/security/cve/CVE-2017-9242.html
   https://bugzilla.suse.com/1042892
   https://bugzilla.suse.com/1046191
   https://bugzilla.suse.com/1050751


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE Security Update: Security update for Linux Kernel Live Patch 23 for SLE 12
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2098-1
Rating:             important
References:         #1042892 #1046191 #1050751
Cross-References:   CVE-2017-7533 CVE-2017-7645 CVE-2017-9242
                  
Affected Products:
                    SUSE Linux Enterprise Server for SAP 12
                    SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:

   This update for the Linux Kernel 3.12.61-52_80 fixes several issues.

   The following security bugs were fixed:

   – CVE-2017-7533: A bug in inotify code allowed local users to escalate
     privilege (bsc#1050751).
   – CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux
     kernel allowed remote attackers to cause a denial of service (system
     crash) via a long RPC reply, related to net/sunrpc/svc.c,
     fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).
   – CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c
     in the Linux kernel is too late in checking whether an overwrite of an
     skb data structure may occur, which allowed local users to cause a
     denial of service (system crash) via crafted system calls (bsc#1042892).

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   – SUSE Linux Enterprise Server for SAP 12:

      zypper in -t patch SUSE-SLE-SAP-12-2017-1300=1

   – SUSE Linux Enterprise Server 12-LTSS:

      zypper in -t patch SUSE-SLE-SERVER-12-2017-1300=1

   To bring your system up-to-date, use “zypper patch”.

Package List:

   – SUSE Linux Enterprise Server for SAP 12 (x86_64):

      kgraft-patch-3_12_61-52_80-default-2-2.1
      kgraft-patch-3_12_61-52_80-xen-2-2.1

   – SUSE Linux Enterprise Server 12-LTSS (x86_64):

      kgraft-patch-3_12_61-52_80-default-2-2.1
      kgraft-patch-3_12_61-52_80-xen-2-2.1

References:

   https://www.suse.com/security/cve/CVE-2017-7533.html
   https://www.suse.com/security/cve/CVE-2017-7645.html
   https://www.suse.com/security/cve/CVE-2017-9242.html
   https://bugzilla.suse.com/1042892
   https://bugzilla.suse.com/1046191
   https://bugzilla.suse.com/1050751


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

ncert
Top
More in Preporuke
Sigurnosni nedostaci Live Patching servisa

Izdana je nadogradnja za Live Patching servis za operacijski sustav SUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju stjecanje uvećanih ovlasti, izvođenje...

Close