Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.1900 SUSE Security Update: Security update for Linux Kernel Live Patch 0 for SLE 12 SP1 5 August 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux kernel Publisher: SUSE Operating System: SUSE Impact/Access: Root Compromise -- Existing Account Denial of Service -- Existing Account Reduced Security -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2016-4565 CVE-2016-4470 CVE-2016-3134 CVE-2016-2053 CVE-2016-1583 CVE-2016-0758 CVE-2015-8816 CVE-2015-8019 CVE-2013-7446 Reference: ASB-2016.0071 ESB-2016.1183 ESB-2015.3170 - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for Linux Kernel Live Patch 0 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1961-1 Rating: important References: #971793 #973570 #979064 #979074 #979078 #980856 #980883 #983144 #984764 Cross-References: CVE-2013-7446 CVE-2015-8019 CVE-2015-8816 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3134 CVE-2016-4470 CVE-2016-4565 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.49-11.1 fixes the several issues. These security issues were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel did not accept a length argument, which allowed local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call (bsc#979078). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). This non-security issue was fixed: - bsc#973570: The fix for CVE-2013-7446 introduced a bug that could have possibly lead to a softlockup. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1157=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_49-11-default-5-14.2 kgraft-patch-3_12_49-11-xen-5-14.2 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-8019.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4565.html https://bugzilla.suse.com/971793 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/979064 https://bugzilla.suse.com/979074 https://bugzilla.suse.com/979078 https://bugzilla.suse.com/980856 https://bugzilla.suse.com/980883 https://bugzilla.suse.com/983144 https://bugzilla.suse.com/984764 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV6PsoYx+lLeg9Ub1AQh/fBAAq9zqKfXdtCmSSYA/T9tg9bSAk28Gl0Ov plXHNWgtN/pFQ/GkE7y+1yh0E+MlEogB9lGrOOyqkhSeg6dDqvqgan+fOAyC97zd IMFhzRribkrQPuZAn02oAg/XiCkRvXjIA/A3YuyIhbvQkrplcdh+MUUMCF94T6eC UN6Lrcpq+3KF/yTbnmw4RleQsfNkgpG0/q3cZtoc8lbmWH2VNE9x7JHzQHq/xKTT TYqTj3W+R6t39LcyD8WPyCwzDMTznwBec4z/UAH4JRSqDb0vv6zQL35nT0Che9ae Alr/1hrMJHvuE6ihsetc5aQ27fuQWuKV5NfKvrsYauhwWD0HUJvwPk3ZyhYhzXDD 25CBh+yM30BD8OZdlL01N7VIludFaJn49ezqNzxDwPwNJBJuqai5jJgjer/pgO27 u+7eEZarUhYkvdIdd+fUCbvOIak7ykEDqMgMkkouLW+o0oIXbf/CKnHUjHeONNev lR2TQDNypFS6AoOIFi/jar272GfaTyUV8Ul4vGXQFfDtUYm6qJLkgc29kYzqx5Ep QWQqTo1nwKRbAzAloV1b14Oe3mfAd9yKKKw9ux8z7rcMMUVCj6LY/NKKgBGQjLWT OK8ByIkKlukh2fztddl90OcG5UgOxyvvAkeVEEfjHMsOmMwOnXlhE663C59w1R5d 4Bvamr7lEcs= =352R -----END PGP SIGNATURE-----