SUSE-SU-2017:2069-1: important: Security update for Linux Kernel Live Patch 10 for SLE 12 SP2

The following information has been provided by the opensuse security announce mailing list.

SUSE Security Update: Security update for Linux Kernel Live Patch 10 for SLE 12 SP2
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2069-1
Rating:             important
References:         #1050751
Cross-References:   CVE-2017-7533
Affected Products:
SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________
Continue reading “SUSE-SU-2017:2069-1: important: Security update for Linux Kernel Live Patch 10 for SLE 12 SP2”

SUSE-SU-2017:2067-1: important: Security update for Linux Kernel Live Patch 1 for SLE 12 SP2

The following information has been provided by the opensuse security announce mailing list.

SUSE Security Update: Security update for Linux Kernel Live Patch 1 for SLE 12 SP2
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2067-1
Rating:             important
References:         #1027575 #1038564 #1042364 #1042892 #1046191
#1046202 #1046206 #1050751
Cross-References:   CVE-2017-2636 CVE-2017-7533 CVE-2017-7645
CVE-2017-8797 CVE-2017-8890 CVE-2017-9077
CVE-2017-9242
Affected Products:
SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________
Continue reading “SUSE-SU-2017:2067-1: important: Security update for Linux Kernel Live Patch 1 for SLE 12 SP2”

SUSE-SU-2017:2066-1: important: Security update for Linux Kernel Live Patch 9 for SLE 12 SP2

The following information has been provided by the opensuse security announce mailing list.

SUSE Security Update: Security update for Linux Kernel Live Patch 9 for SLE 12 SP2
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2066-1
Rating:             important
References:         #1038564 #1042364 #1042892 #1046191 #1046202
#1046206 #1047518 #1050751
Cross-References:   CVE-2017-7533 CVE-2017-7645 CVE-2017-8797
CVE-2017-8890 CVE-2017-9077 CVE-2017-9242

Affected Products:
SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________
Continue reading “SUSE-SU-2017:2066-1: important: Security update for Linux Kernel Live Patch 9 for SLE 12 SP2”

SUSE-SU-2017:2065-1: important: Security update for Linux Kernel Live Patch 4 for SLE 12 SP2

The following information has been provided by the opensuse security announce mailing list.

  SUSE Security Update: Security update for Linux Kernel Live Patch 4 for SLE 12 SP2
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2065-1
Rating:             important
References:         #1027575 #1038564 #1042364 #1042892 #1046191
#1046202 #1046206 #1050751
Cross-References:   CVE-2017-2636 CVE-2017-7533 CVE-2017-7645
CVE-2017-8797 CVE-2017-8890 CVE-2017-9077
CVE-2017-9242
Affected Products:
SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________

An update that solves 7 vulnerabilities and has one errata
is now available.

Description:

This update for the Linux Kernel 4.4.38-93 fixes several issues.

The following security bugs were fixed:

– CVE-2017-7533: A bug in inotify code allowed local users to escalate
privilege (bsc#1050751).
– CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly
validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or
LAYOUTGET operand in a UDP packet from a remote attacker. This type
value is uninitialized upon encountering certain error conditions. This
value is used as an array index for dereferencing, which leads to an
OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system
(bsc#1046202)
– CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux
kernel allowed remote attackers to cause a denial of service (system
crash) via a long RPC reply, related to net/sunrpc/svc.c,
fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).
– CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux
kernel allowed local users to gain privileges or cause a denial of
service (double free) by setting the HDLC line discipline (bsc#1027575).
– CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c
in the Linux kernel is too late in checking whether an overwrite of an
skb data structure may occur, which allowed local users to cause a
denial of service (system crash) via crafted system calls (bsc#1042892).
– CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c
in the Linux kernel mishandled inheritance, which allowed local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364).
– CVE-2017-8890: The inet_csk_clone_lock function in
net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to
cause a denial of service (double free) or possibly have unspecified
other impact by leveraging use of the accept system call (bsc#1038564).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Live Patching 12:

zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1267=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Live Patching 12 (x86_64):

kgraft-patch-4_4_38-93-default-7-2.1

References:

https://www.suse.com/security/cve/CVE-2017-2636.html
https://www.suse.com/security/cve/CVE-2017-7533.html
https://www.suse.com/security/cve/CVE-2017-7645.html
https://www.suse.com/security/cve/CVE-2017-8797.html
https://www.suse.com/security/cve/CVE-2017-8890.html
https://www.suse.com/security/cve/CVE-2017-9077.html
https://www.suse.com/security/cve/CVE-2017-9242.html
https://bugzilla.suse.com/1027575
https://bugzilla.suse.com/1038564
https://bugzilla.suse.com/1042364
https://bugzilla.suse.com/1042892
https://bugzilla.suse.com/1046191
https://bugzilla.suse.com/1046202
https://bugzilla.suse.com/1046206
https://bugzilla.suse.com/1050751

Continue reading “SUSE-SU-2017:2065-1: important: Security update for Linux Kernel Live Patch 4 for SLE 12 SP2”

SUSE-SU-2017:2064-1: important: Security update for Linux Kernel Live Patch 7 for SLE 12 SP2

The following information has been provided by the opensuse security announce mailing list.

SUSE Security Update: Security update for Linux Kernel Live Patch 7 for SLE 12 SP2
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2064-1
Rating:             important
References:         #1038564 #1042364 #1042892 #1046191 #1046202
#1046206 #1047518 #1050751
Cross-References:   CVE-2017-7533 CVE-2017-7645 CVE-2017-8797
CVE-2017-8890 CVE-2017-9077 CVE-2017-9242

Affected Products:
SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________
Continue reading “SUSE-SU-2017:2064-1: important: Security update for Linux Kernel Live Patch 7 for SLE 12 SP2”

SUSE-SU-2017:2062-1: important: Security update for Linux Kernel Live Patch 0 for SLE 12 SP2

The following information has been provided by the opensuse security announce mailing list.

SUSE Security Update: Security update for Linux Kernel Live Patch 0 for SLE 12 SP2
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2062-1
Rating:             important
References:         #1027575 #1038564 #1042364 #1042892 #1046191
#1046202 #1046206 #1050751
Cross-References:   CVE-2017-2636 CVE-2017-7533 CVE-2017-7645
CVE-2017-8797 CVE-2017-8890 CVE-2017-9077
CVE-2017-9242
Affected Products:
SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________
Continue reading “SUSE-SU-2017:2062-1: important: Security update for Linux Kernel Live Patch 0 for SLE 12 SP2”

SUSE-SU-2017:2060-1: important: Security update for Linux Kernel Live Patch 7 for SLE 12 SP1

The following information has been provided by the opensuse security announce mailing list.

SUSE Security Update: Security update for Linux Kernel Live Patch 7 for SLE 12 SP1
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2060-1
Rating:             important
References:         #1027575 #1038564 #1042892 #1046191 #1050751

Cross-References:   CVE-2017-2636 CVE-2017-7533 CVE-2017-7645
CVE-2017-8890 CVE-2017-9242
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server 12-SP1-LTSS
______________________________________________________________________________

Continue reading “SUSE-SU-2017:2060-1: important: Security update for Linux Kernel Live Patch 7 for SLE 12 SP1”

SUSE-SU-2017:2049-1: important: Security update for Linux Kernel Live Patch 12 for SLE 12 SP1

The following information has been provided by the opensuse security announce mailing list.

SUSE Security Update: Security update for Linux Kernel Live Patch 12 for SLE 12 SP1
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2049-1
Rating:             important
References:         #1027575 #1038564 #1042892 #1046191 #1050751

Cross-References:   CVE-2017-2636 CVE-2017-7533 CVE-2017-7645
CVE-2017-8890 CVE-2017-9242
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server 12-SP1-LTSS
______________________________________________________________________________

An update that fixes 5 vulnerabilities is now available.

Continue reading “SUSE-SU-2017:2049-1: important: Security update for Linux Kernel Live Patch 12 for SLE 12 SP1”

SUSE-SU-2017:2046-1: important: Security update for Linux Kernel Live Patch 8 for SLE 12 SP2

The following information has been provided by the opensuse security announce mailing list.

SUSE Security Update: Security update for Linux Kernel Live Patch 8 for SLE 12 SP2
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2046-1
Rating:             important
References:         #1038564 #1042364 #1042892 #1046191 #1046202
#1046206 #1047518 #1050751
Cross-References:   CVE-2017-7533 CVE-2017-7645 CVE-2017-8797
CVE-2017-8890 CVE-2017-9077 CVE-2017-9242

Affected Products:
SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________
Continue reading “SUSE-SU-2017:2046-1: important: Security update for Linux Kernel Live Patch 8 for SLE 12 SP2”

SUSE-SU-2017:2043-1: important: Security update for Linux Kernel Live Patch 3 for SLE 12 SP2

The following information has been provided by the opensuse security announce mailing list.

SUSE Security Update: Security update for Linux Kernel Live Patch 3 for SLE 12 SP2
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2043-1
Rating:             important
References:         #1027575 #1038564 #1042364 #1042892 #1046191
#1046202 #1046206 #1050751
Cross-References:   CVE-2017-2636 CVE-2017-7533 CVE-2017-7645
CVE-2017-8797 CVE-2017-8890 CVE-2017-9077
CVE-2017-9242
Affected Products:
SUSE Linux Enterprise Live Patching 12
______________________________________________________________________________
Continue reading “SUSE-SU-2017:2043-1: important: Security update for Linux Kernel Live Patch 3 for SLE 12 SP2”

SUSE-SU-2017:2042-1: important: Security update for the Linux Kernel

The following information has been provided by the opensuse security announce mailing list.

SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2042-1
Rating:             important
References:         #1049483
Cross-References:   CVE-2017-7533
Affected Products:
SUSE OpenStack Cloud 6
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server 12-SP1-LTSS
SUSE Linux Enterprise Module for Public Cloud 12
______________________________________________________________________________

Continue reading “SUSE-SU-2017:2042-1: important: Security update for the Linux Kernel”

SUSE-SU-2017:2041-1: important: Security update for the Linux Kernel

The following information has been provided by the opensuse security announce mailing list.

SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2041-1
Rating:             important
References:         #1049483
Cross-References:   CVE-2017-7533
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP2
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Live Patching 12
SUSE Linux Enterprise High Availability 12-SP2
SUSE Linux Enterprise Desktop 12-SP2
SUSE Container as a Service Platform ALL
OpenStack Cloud Magnum Orchestration 7
______________________________________________________________________________
Continue reading “SUSE-SU-2017:2041-1: important: Security update for the Linux Kernel”

SUSE-SU-2017:2040-1: important: Security update for libzypp, zypper

The following information has been provided by the opensuse security announce mailing lIST.

SUSE Security Update: Security update for libzypp, zypper
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2040-1
Rating:             important
References:         #1009745 #1031756 #1033236 #1038132 #1038984
#1043218 #1045735 #1047785 #1048315
Cross-References:   CVE-2017-7435 CVE-2017-7436 CVE-2017-9269

Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP2
OpenStack Cloud Magnum Orchestration 7
______________________________________________________________________________

Continue reading “SUSE-SU-2017:2040-1: important: Security update for libzypp, zypper”

openSUSE-SU-2017:1948-1: important: Security update for rubygem-puppet I

The following information has been provided by the opensuse security announce mailing lIST

openSUSE Security Update: Security update for rubygem-puppet
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2017:1948-1
Rating:             important
References:         #1040151
Cross-References:   CVE-2017-2295
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for rubygem-puppet fixes the following issues:

– CVE-2017-2295: A remote attacker could have forced unsafe YAML
deserialization which could have led to code execution (bsc#1040151)

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-835=1

– openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-835=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.3 (i586 x86_64):

ruby2.1-rubygem-puppet-3.8.7-20.1
ruby2.1-rubygem-puppet-doc-3.8.7-20.1
ruby2.1-rubygem-puppet-testsuite-3.8.7-20.1
ruby2.2-rubygem-puppet-3.8.7-20.1
ruby2.2-rubygem-puppet-doc-3.8.7-20.1
ruby2.2-rubygem-puppet-testsuite-3.8.7-20.1
ruby2.3-rubygem-puppet-3.8.7-20.1
ruby2.3-rubygem-puppet-doc-3.8.7-20.1
ruby2.3-rubygem-puppet-testsuite-3.8.7-20.1
ruby2.4-rubygem-puppet-3.8.7-20.1
ruby2.4-rubygem-puppet-doc-3.8.7-20.1
ruby2.4-rubygem-puppet-testsuite-3.8.7-20.1
rubygem-puppet-3.8.7-20.1
rubygem-puppet-master-3.8.7-20.1

– openSUSE Leap 42.3 (noarch):

rubygem-puppet-emacs-3.8.7-20.1
rubygem-puppet-master-unicorn-3.8.7-20.1
rubygem-puppet-vim-3.8.7-20.1

– openSUSE Leap 42.2 (i586 x86_64):

ruby2.1-rubygem-puppet-3.8.7-17.3.1
ruby2.1-rubygem-puppet-doc-3.8.7-17.3.1
ruby2.1-rubygem-puppet-testsuite-3.8.7-17.3.1
rubygem-puppet-3.8.7-17.3.1
rubygem-puppet-master-3.8.7-17.3.1

– openSUSE Leap 42.2 (noarch):

rubygem-puppet-emacs-3.8.7-17.3.1
rubygem-puppet-master-unicorn-3.8.7-17.3.1
rubygem-puppet-vim-3.8.7-17.3.1

References:

https://www.suse.com/security/cve/CVE-2017-2295.html
https://bugzilla.suse.com/1040151

SUSE-SU-2017:1946-1: important: Security update for Linux Kernel Live Patch 10 for SLE 12 SP1

The following information has been provided by the opensuse security announce mailing lIST

SUSE Security Update: Security update for Linux Kernel Live Patch 10 for SLE 12 SP1
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:1946-1
Rating:             important
References:         #1013543 #1014271 #1021417 #1025013 #1025254
#1030575 #1031481 #1031660 #1039496
Cross-References:   CVE-2017-1000364
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server 12-SP1-LTSS
______________________________________________________________________________

An update that solves one vulnerability and has 8 fixes is
now available.

Description:

This update for the Linux Kernel 3.12.67-60_64_21 fixes several issues.

The following security bugs were fixed:

– CVE-2017-1000364: An issue was discovered in the size of the stack guard
page on Linux, specifically a 4k stack guard page is not sufficiently
large and can be “jumped” over (the stack guard page is bypassed)
(bsc#1039496).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server for SAP 12-SP1:

zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1212=1

– SUSE Linux Enterprise Server 12-SP1-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1212=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64):

kgraft-patch-3_12_67-60_64_21-default-7-3.1
kgraft-patch-3_12_67-60_64_21-xen-7-3.1

– SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64):

kgraft-patch-3_12_67-60_64_21-default-7-3.1
kgraft-patch-3_12_67-60_64_21-xen-7-3.1

References:

https://www.suse.com/security/cve/CVE-2017-1000364.html
https://bugzilla.suse.com/1013543
https://bugzilla.suse.com/1014271
https://bugzilla.suse.com/1021417
https://bugzilla.suse.com/1025013
https://bugzilla.suse.com/1025254
https://bugzilla.suse.com/1030575
https://bugzilla.suse.com/1031481
https://bugzilla.suse.com/1031660
https://bugzilla.suse.com/1039496