Hi, Can someone tell me if the latest kernel-default-3.0.101-0.7.19.1 in SLES 11 SP2 is affected by CVE-2014-3153? Can I test if my kernel is affected? Background: I saw this announcement aboutCVE-2014-3153. It is reported against SLES 11 SP3 and there are some references to SLES 11 SP1 LTSS but nothing about SP2. Thanks, --george Original mail: SUSE Security Update: Security update for Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0807-1 Rating: important References: #630970 #661605 #663516 #761774 #792407 #852553 #852967 #854634 #854743 #856756 #857643 #863335 #865310 #866102 #868049 #868488 #868653 #869563 #871561 #873070 #874108 #875690 #875798 #876102 #878289 #880892 Cross-References: CVE-2012-6647 CVE-2013-6382 CVE-2013-6885 CVE-2013-7027 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7339 CVE-2014-0101 CVE-2014-0196 CVE-2014-1737 CVE-2014-1738 CVE-2014-1874 CVE-2014-2523 CVE-2014-2678 CVE-2014-3122 CVE-2014-3153 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 17 vulnerabilities and has 9 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise Server 11 SP1 LTSS kernel received a roll-up update to fix security and non-security issues. The following security issues have been fixed: * CVE-2014-3153: The futex acquisition code in kernel/futex.c can be used to gain ring0 access via the futex syscall. This could be used for privilege escalation for non root users. (bnc#880892) -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org