Hi, We have updates in QA. If you want to test them, add http://download.opensuse.org/update/DISTRO-test/ Where DISTRO is 12.3, 13.1 or 13.2 depending on your opensuse version. A SR to openSUSE Tumbleweed is also pending review (from Kernel:stable/kernel-source ). Ciao, Marcus On Fri, Dec 19, 2014 at 09:18:11AM -0500, Anton Aylward wrote:

http://www.phoronix.com/scan.php?page=news_item&px=MTg2NzY

<quote>

With CVE-2014-9322 that's now public, there's a local privilege escalation issue affecting all kernel versions prior to Linux 3.17.5. CVE-2014-9322 is described as "privilege escalation due to incorrect handling of a #SS fault caused by an IRET instruction. In particular, if IRET executes on a writeable kernel stack (this was always the case before 3.16 and is sometimes the case on 3.16 and newer), the assembly function general_protection will execute with the user's gsbase and the kernel's gsbase swapped. This is likely to be easy to exploit for privilege escalation, except on systems with SMAP or UDEREF. On those systems, assuming that the mitigation works correctly, the impact of this bug may be limited to massive memory corruption and an eventual crash or reboot."

</quote>

Drat that "writeable stack"!

Currently running 3.18.0-1.gfc82a91-desktop Repository: kernel_Stable Vendor: obs://build.opensuse.org/Kernel

What are you running?

-- /"\ \ / ASCII Ribbon Campaign X Against HTML Mail / \ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

El 19/12/14 a las 11:18, Anton Aylward escribió: "except on systems

with SMAP"

Oh.. another reason to upgrade boxen' CPUs :-D -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org