Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.0967 SUSE Security Update: Security update for Linux Kernel 12 June 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kernel Publisher: SUSE Operating System: SUSE Impact/Access: Root Compromise -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2014-3153 Reference: ESB-2014.0894 ESB-2014.0893 - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0775-1 Rating: critical References: #880892 Cross-References: CVE-2014-3153 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix a critical privilege escalation security issue: * CVE-2014-3153: The futex acquisition code in kernel/futex.c can be used to gain ring0 access via the futex syscall. This could be used for privilege escalation by non-root users. (bnc#880892) Security Issue reference: * CVE-2014-3153 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153> Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-kernel-9328 slessp3-kernel-9329 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kernel-9328 slessp3-kernel-9329 slessp3-kernel-9330 slessp3-kernel-9331 slessp3-kernel-9346 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-kernel-9328 slehasp3-kernel-9329 slehasp3-kernel-9330 slehasp3-kernel-9331 slehasp3-kernel-9346 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-kernel-9328 sledsp3-kernel-9329 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.31.1 kernel-default-base-3.0.101-0.31.1 kernel-default-devel-3.0.101-0.31.1 kernel-source-3.0.101-0.31.1 kernel-syms-3.0.101-0.31.1 kernel-trace-3.0.101-0.31.1 kernel-trace-base-3.0.101-0.31.1 kernel-trace-devel-3.0.101-0.31.1 kernel-xen-devel-3.0.101-0.31.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.31.1 kernel-pae-base-3.0.101-0.31.1 kernel-pae-devel-3.0.101-0.31.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.31.1 kernel-default-base-3.0.101-0.31.1 kernel-default-devel-3.0.101-0.31.1 kernel-source-3.0.101-0.31.1 kernel-syms-3.0.101-0.31.1 kernel-trace-3.0.101-0.31.1 kernel-trace-base-3.0.101-0.31.1 kernel-trace-devel-3.0.101-0.31.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64) [New Version: 3.0.101]: kernel-ec2-3.0.101-0.31.1 kernel-ec2-base-3.0.101-0.31.1 kernel-ec2-devel-3.0.101-0.31.1 kernel-xen-3.0.101-0.31.1 kernel-xen-base-3.0.101-0.31.1 kernel-xen-devel-3.0.101-0.31.1 xen-kmp-default-4.2.4_02_3.0.101_0.31-0.7.33 - SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 3.0.101]: kernel-default-man-3.0.101-0.31.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64) [New Version: 3.0.101]: kernel-ppc64-3.0.101-0.31.1 kernel-ppc64-base-3.0.101-0.31.1 kernel-ppc64-devel-3.0.101-0.31.1 - SUSE Linux Enterprise Server 11 SP3 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.31.1 kernel-pae-base-3.0.101-0.31.1 kernel-pae-devel-3.0.101-0.31.1 xen-kmp-pae-4.2.4_02_3.0.101_0.31-0.7.33 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.101_0.31-2.27.69 cluster-network-kmp-trace-1.4_3.0.101_0.31-2.27.69 gfs2-kmp-default-2_3.0.101_0.31-0.16.75 gfs2-kmp-trace-2_3.0.101_0.31-0.16.75 ocfs2-kmp-default-1.6_3.0.101_0.31-0.20.69 ocfs2-kmp-trace-1.6_3.0.101_0.31-0.20.69 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.101_0.31-2.27.69 gfs2-kmp-xen-2_3.0.101_0.31-0.16.75 ocfs2-kmp-xen-1.6_3.0.101_0.31-0.20.69 - SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.101_0.31-2.27.69 gfs2-kmp-ppc64-2_3.0.101_0.31-0.16.75 ocfs2-kmp-ppc64-1.6_3.0.101_0.31-0.20.69 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586): cluster-network-kmp-pae-1.4_3.0.101_0.31-2.27.69 gfs2-kmp-pae-2_3.0.101_0.31-0.16.75 ocfs2-kmp-pae-1.6_3.0.101_0.31-0.20.69 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.31.1 kernel-default-base-3.0.101-0.31.1 kernel-default-devel-3.0.101-0.31.1 kernel-default-extra-3.0.101-0.31.1 kernel-source-3.0.101-0.31.1 kernel-syms-3.0.101-0.31.1 kernel-trace-devel-3.0.101-0.31.1 kernel-xen-3.0.101-0.31.1 kernel-xen-base-3.0.101-0.31.1 kernel-xen-devel-3.0.101-0.31.1 kernel-xen-extra-3.0.101-0.31.1 xen-kmp-default-4.2.4_02_3.0.101_0.31-0.7.33 - SUSE Linux Enterprise Desktop 11 SP3 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.31.1 kernel-pae-base-3.0.101-0.31.1 kernel-pae-devel-3.0.101-0.31.1 kernel-pae-extra-3.0.101-0.31.1 xen-kmp-pae-4.2.4_02_3.0.101_0.31-0.7.33 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.31.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): kernel-xen-extra-3.0.101-0.31.1 - SLE 11 SERVER Unsupported Extras (ppc64): kernel-ppc64-extra-3.0.101-0.31.1 - SLE 11 SERVER Unsupported Extras (i586): kernel-pae-extra-3.0.101-0.31.1 References: http://support.novell.com/security/cve/CVE-2014-3153.html https://bugzilla.novell.com/880892 http://download.suse.com/patch/finder/?keywords=0cdcfea3b263f03fc7b11c9e27c68106 http://download.suse.com/patch/finder/?keywords=2394b6ce8b434732566fe3cbf2a956f7 http://download.suse.com/patch/finder/?keywords=5d5df6a9a600dbe5fe09c19d8dc24b0e http://download.suse.com/patch/finder/?keywords=8a869bd2122273831bd282fab2377076 http://download.suse.com/patch/finder/?keywords=a8f8feb5552e1da3b52f48f677f467cf http://download.suse.com/patch/finder/?keywords=a9d9490d68822582cd43af9c0c2aa6d7 http://download.suse.com/patch/finder/?keywords=c905f5237a7e0ae4f9fdf0c325c0dbb2 http://download.suse.com/patch/finder/?keywords=f6e7ea94e8ad3ddbdf3d897e2a3ff6b8 http://download.suse.com/patch/finder/?keywords=fab06fd0fffc9ae59673101aeace943a http://download.suse.com/patch/finder/?keywords=fd1bf222c9f9ff4cc32dae8bac451528 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU5lFYBLndAQH1ShLAQJ1Eg//bhIPU57Z5zD7V6wiO8qH1RMZI7BpvsQw 7Fluy4YcknzBj4voKu9Ctfjq5EEfgDtCguSWMjkxoAdjvavW4oZrQEZhDNn7PAHP ywicEFCNq95bknwC/zzb8ZfQO/swp58oinOmiAs5yP3cX1WeCoB6HEsGmlUqxXPT PS2fsao+O4J+O1xlGGM8y4e3ir+f2BSmALa8/MklSgmWcxvEcm74ghcGfB4jxAe0 Lb+jhQVGKJzGankM3f5zSPbaeAn5bq1mFEyGD7pHnr1wCN+gS06Py+k2mk2YugVG enlNtKqBpAQBAyJZQsfX3gA7NOmdB6LDEGcendwG5mMsBUFgqgRSCf/fsQKoIoXa rjjqeLlXDtEy7iZ+3syf2ab4/7wdw2icqq5LOpWXxS47pCOnLHr+nHK+/0e2athv RD2sxK3RCffix+B1c8cVRm1YLalSV5hTsJKQGx4cpAHqwntsgxk934A6RBDQ3Bh1 ypsBz7kcUo3fmdnHHHeSYPhHqQqy7xyhOGOAPCeXhIez8+4aJI+2KtpBxsDXuA5h mpowHgV5nGVNCDBVp5x4yzL7IFxQE1QQwTLttVV0LOP8GzvvJWTwVIbLobn8Nrj3 w30XbIlnz0/C0y9GZhMkWSGgZNe/E9Q3Hk/xnVpuyjEuh2Rblw0sUZ5DJg9gygzs 7c83F2T+uTQ= =FmLe -----END PGP SIGNATURE-----