openSUSE Security Announce
Threads by month
- ----- 2024 -----
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
August 2014
- 1 participants
- 13 discussions
[security-announce] SUSE-SU-2014:0961-1: important: Security update for openjdk
by opensuse-security@opensuse.org 04 Aug '14
by opensuse-security@opensuse.org 04 Aug '14
04 Aug '14
SUSE Security Update: Security update for openjdk
______________________________________________________________________________
Announcement ID: SUSE-SU-2014:0961-1
Rating: important
References: #887530
Cross-References: CVE-2014-2483 CVE-2014-2490 CVE-2014-4208
CVE-2014-4209 CVE-2014-4216 CVE-2014-4218
CVE-2014-4219 CVE-2014-4220 CVE-2014-4221
CVE-2014-4223 CVE-2014-4227 CVE-2014-4244
CVE-2014-4247 CVE-2014-4252 CVE-2014-4262
CVE-2014-4263 CVE-2014-4264 CVE-2014-4265
CVE-2014-4266 CVE-2014-4268
Affected Products:
SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________
An update that fixes 20 vulnerabilities is now available.
It includes one version update.
Description:
This Critical Patch Update contains 20 new security fixes for Oracle Java
SE. All of these vulnerabilities could have been remotely exploitable
without authentication, i.e., could be exploited over a network without
the need for a username and password.
Security Issues:
* CVE-2014-4227
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4227>
* CVE-2014-4219
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4219>
* CVE-2014-2490
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2490>
* CVE-2014-4216
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4216>
* CVE-2014-4247
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4247>
* CVE-2014-2483
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2483>
* CVE-2014-4223
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4223>
* CVE-2014-4262
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4262>
* CVE-2014-4209
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4209>
* CVE-2014-4265
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4265>
* CVE-2014-4220
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4220>
* CVE-2014-4218
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4218>
* CVE-2014-4252
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4252>
* CVE-2014-4266
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4266>
* CVE-2014-4268
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4268>
* CVE-2014-4264
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4264>
* CVE-2014-4221
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4221>
* CVE-2014-4244
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4244>
* CVE-2014-4263
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4263>
* CVE-2014-4208
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4208>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-java-1_7_0-openjdk-9543
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.7.0.65]:
java-1_7_0-openjdk-1.7.0.65-0.7.4
java-1_7_0-openjdk-demo-1.7.0.65-0.7.4
java-1_7_0-openjdk-devel-1.7.0.65-0.7.4
References:
http://support.novell.com/security/cve/CVE-2014-2483.html
http://support.novell.com/security/cve/CVE-2014-2490.html
http://support.novell.com/security/cve/CVE-2014-4208.html
http://support.novell.com/security/cve/CVE-2014-4209.html
http://support.novell.com/security/cve/CVE-2014-4216.html
http://support.novell.com/security/cve/CVE-2014-4218.html
http://support.novell.com/security/cve/CVE-2014-4219.html
http://support.novell.com/security/cve/CVE-2014-4220.html
http://support.novell.com/security/cve/CVE-2014-4221.html
http://support.novell.com/security/cve/CVE-2014-4223.html
http://support.novell.com/security/cve/CVE-2014-4227.html
http://support.novell.com/security/cve/CVE-2014-4244.html
http://support.novell.com/security/cve/CVE-2014-4247.html
http://support.novell.com/security/cve/CVE-2014-4252.html
http://support.novell.com/security/cve/CVE-2014-4262.html
http://support.novell.com/security/cve/CVE-2014-4263.html
http://support.novell.com/security/cve/CVE-2014-4264.html
http://support.novell.com/security/cve/CVE-2014-4265.html
http://support.novell.com/security/cve/CVE-2014-4266.html
http://support.novell.com/security/cve/CVE-2014-4268.html
https://bugzilla.novell.com/887530
http://download.suse.com/patch/finder/?keywords=74138caa13d284bb5cbd73e4f76…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE-SU-2014:0960-1: important: Security update for Mozilla Firefox
by opensuse-security@opensuse.org 01 Aug '14
by opensuse-security@opensuse.org 01 Aug '14
01 Aug '14
SUSE Security Update: Security update for Mozilla Firefox
______________________________________________________________________________
Announcement ID: SUSE-SU-2014:0960-1
Rating: important
References: #887746
Cross-References: CVE-2014-1544 CVE-2014-1547 CVE-2014-1548
CVE-2014-1555 CVE-2014-1556 CVE-2014-1557
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP2 LTSS
SUSE Linux Enterprise Server 11 SP1 LTSS
SUSE Linux Enterprise Server 10 SP4 LTSS
SUSE Linux Enterprise Server 10 SP3 LTSS
SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available. It
includes two new package versions.
Description:
Mozilla Firefox has been updated to the 24.7ESR security release.
Security issues fixed in this release:
* CVE-2014-1544 -
https://www.mozilla.org/security/announce/2014/mfsa2014-63.html
<https://www.mozilla.org/security/announce/2014/mfsa2014-63.html>
* CVE-2014-1548 -
https://www.mozilla.org/security/announce/2014/mfsa2014-56.html
<https://www.mozilla.org/security/announce/2014/mfsa2014-56.html>
* CVE-2014-1549 -
https://www.mozilla.org/security/announce/2014/mfsa2014-57.html
<https://www.mozilla.org/security/announce/2014/mfsa2014-57.html>
* CVE-2014-1550 -
https://www.mozilla.org/security/announce/2014/mfsa2014-58.html
<https://www.mozilla.org/security/announce/2014/mfsa2014-58.html>
* CVE-2014-1551 -
https://www.mozilla.org/security/announce/2014/mfsa2014-59.html
<https://www.mozilla.org/security/announce/2014/mfsa2014-59.html>
* CVE-2014-1552 -
https://www.mozilla.org/security/announce/2014/mfsa2014-66.html
<https://www.mozilla.org/security/announce/2014/mfsa2014-66.html>
* CVE-2014-1555 -
https://www.mozilla.org/security/announce/2014/mfsa2014-61.html
<https://www.mozilla.org/security/announce/2014/mfsa2014-61.html>
* CVE-2014-1556 -
https://www.mozilla.org/security/announce/2014/mfsa2014-62.html
<https://www.mozilla.org/security/announce/2014/mfsa2014-62.html>
* CVE-2014-1557 -
https://www.mozilla.org/security/announce/2014/mfsa2014-64.html
<https://www.mozilla.org/security/announce/2014/mfsa2014-64.html>
* CVE-2014-1558, CVE-2014-1559, CVE-2014-1560 -
https://www.mozilla.org/security/announce/2014/mfsa2014-65.html
<https://www.mozilla.org/security/announce/2014/mfsa2014-65.html>
* CVE-2014-1561 -
https://www.mozilla.org/security/announce/2014/mfsa2014-60.html
<https://www.mozilla.org/security/announce/2014/mfsa2014-60.html>
Security Issues:
* CVE-2014-1557
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1557>
* CVE-2014-1547
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1547>
* CVE-2014-1548
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1548>
* CVE-2014-1556
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1556>
* CVE-2014-1544
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544>
* CVE-2014-1555
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1555>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP3:
zypper in -t patch sdksp3-firefox-201407-9569
- SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-firefox-201407-9569
- SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-firefox-201407-9569
- SUSE Linux Enterprise Server 11 SP2 LTSS:
zypper in -t patch slessp2-firefox-201407-9555
- SUSE Linux Enterprise Server 11 SP1 LTSS:
zypper in -t patch slessp1-firefox-201407-9554
- SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-firefox-201407-9569
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.16.2]:
MozillaFirefox-devel-24.7.0esr-0.8.2
mozilla-nss-devel-3.16.2-0.8.1
- SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 24.7.0esr and 3.16.2]:
MozillaFirefox-24.7.0esr-0.8.2
MozillaFirefox-translations-24.7.0esr-0.8.2
libfreebl3-3.16.2-0.8.1
libsoftokn3-3.16.2-0.8.1
mozilla-nss-3.16.2-0.8.1
mozilla-nss-tools-3.16.2-0.8.1
- SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 3.16.2]:
libfreebl3-32bit-3.16.2-0.8.1
libsoftokn3-32bit-3.16.2-0.8.1
mozilla-nss-32bit-3.16.2-0.8.1
- SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 24.7.0esr and 3.16.2]:
MozillaFirefox-24.7.0esr-0.8.2
MozillaFirefox-translations-24.7.0esr-0.8.2
libfreebl3-3.16.2-0.8.1
libsoftokn3-3.16.2-0.8.1
mozilla-nss-3.16.2-0.8.1
mozilla-nss-tools-3.16.2-0.8.1
- SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 3.16.2]:
libfreebl3-32bit-3.16.2-0.8.1
libsoftokn3-32bit-3.16.2-0.8.1
mozilla-nss-32bit-3.16.2-0.8.1
- SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 3.16.2]:
libfreebl3-x86-3.16.2-0.8.1
libsoftokn3-x86-3.16.2-0.8.1
mozilla-nss-x86-3.16.2-0.8.1
- SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 24.7.0esr and 3.16.2]:
MozillaFirefox-24.7.0esr-0.3.1
MozillaFirefox-translations-24.7.0esr-0.3.1
libfreebl3-3.16.2-0.3.1
mozilla-nss-3.16.2-0.3.1
mozilla-nss-devel-3.16.2-0.3.1
mozilla-nss-tools-3.16.2-0.3.1
- SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64) [New Version: 3.16.2]:
libfreebl3-32bit-3.16.2-0.3.1
mozilla-nss-32bit-3.16.2-0.3.1
- SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 24.7.0esr and 3.16.2]:
MozillaFirefox-24.7.0esr-0.3.1
MozillaFirefox-translations-24.7.0esr-0.3.1
libfreebl3-3.16.2-0.3.1
mozilla-nss-3.16.2-0.3.1
mozilla-nss-tools-3.16.2-0.3.1
- SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 3.16.2]:
libfreebl3-32bit-3.16.2-0.3.1
mozilla-nss-32bit-3.16.2-0.3.1
- SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 3.16.2]:
mozilla-nss-3.16.2-0.5.1
mozilla-nss-devel-3.16.2-0.5.1
mozilla-nss-tools-3.16.2-0.5.1
- SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64) [New Version: 3.16.2]:
mozilla-nss-32bit-3.16.2-0.5.1
- SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x):
MozillaFirefox-24.7.0esr-0.5.1
MozillaFirefox-translations-24.7.0esr-0.5.1
- SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64) [New Version: 3.16.2]:
mozilla-nss-3.16.2-0.5.1
mozilla-nss-devel-3.16.2-0.5.1
mozilla-nss-tools-3.16.2-0.5.1
- SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64) [New Version: 3.16.2]:
mozilla-nss-32bit-3.16.2-0.5.1
- SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x):
MozillaFirefox-24.7.0esr-0.5.1
MozillaFirefox-translations-24.7.0esr-0.5.1
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 24.7.0esr and 3.16.2]:
MozillaFirefox-24.7.0esr-0.8.2
MozillaFirefox-translations-24.7.0esr-0.8.2
libfreebl3-3.16.2-0.8.1
libsoftokn3-3.16.2-0.8.1
mozilla-nss-3.16.2-0.8.1
mozilla-nss-tools-3.16.2-0.8.1
- SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 3.16.2]:
libfreebl3-32bit-3.16.2-0.8.1
libsoftokn3-32bit-3.16.2-0.8.1
mozilla-nss-32bit-3.16.2-0.8.1
References:
http://support.novell.com/security/cve/CVE-2014-1544.html
http://support.novell.com/security/cve/CVE-2014-1547.html
http://support.novell.com/security/cve/CVE-2014-1548.html
http://support.novell.com/security/cve/CVE-2014-1555.html
http://support.novell.com/security/cve/CVE-2014-1556.html
http://support.novell.com/security/cve/CVE-2014-1557.html
https://bugzilla.novell.com/887746
http://download.suse.com/patch/finder/?keywords=196914b4be33c9d122303fc5b0d…
http://download.suse.com/patch/finder/?keywords=2d6344b3abcf62e1e68e8c9dda3…
http://download.suse.com/patch/finder/?keywords=a771192da5dca3c7e01bde7b62b…
http://download.suse.com/patch/finder/?keywords=aeabea2b6efdbb9fcccb116e660…
http://download.suse.com/patch/finder/?keywords=f2f8ae117761a6715e1f6766fd3…
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2014:0957-1: important: kernel: security and bugfix update
by opensuse-security@opensuse.org 01 Aug '14
by opensuse-security@opensuse.org 01 Aug '14
01 Aug '14
openSUSE Security Update: kernel: security and bugfix update
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0957-1
Rating: important
References: #788080 #867531 #867723 #877257 #880484 #882189
#883518 #883724 #883795 #885422 #885725
Cross-References: CVE-2014-0131 CVE-2014-2309 CVE-2014-3144
CVE-2014-3145 CVE-2014-3917 CVE-2014-4014
CVE-2014-4171 CVE-2014-4508 CVE-2014-4652
CVE-2014-4653 CVE-2014-4654 CVE-2014-4655
CVE-2014-4656 CVE-2014-4667 CVE-2014-4699
Affected Products:
openSUSE 12.3
______________________________________________________________________________
An update that fixes 15 vulnerabilities is now available.
Description:
The Linux Kernel was updated to fix various bugs and security issues.
CVE-2014-4699: The Linux kernel on Intel processors did not properly
restrict use of a non-canonical value for the saved RIP address in the
case of a system call that does not use IRET, which allowed local users to
leverage a race condition and gain privileges, or cause a denial of
service (double fault), via a crafted application that makes ptrace and
fork system calls.
CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c
in the Linux kernel did not properly manage a certain backlog value, which
allowed remote attackers to cause a denial of service (socket
outage) via a crafted SCTP packet.
CVE-2014-4171: mm/shmem.c in the Linux kernel did not properly implement
the interaction between range notification and hole punching, which
allowed local users to cause a denial of service (i_mutex hold) by using
the mmap system call to access a hole, as demonstrated by interfering with
intended shmem activity by blocking completion of (1) an MADV_REMOVE
madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call.
CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit
x86 platforms, when syscall auditing is enabled and the sep CPU feature
flag is set, allowed local users to cause a denial of service (OOPS and
system crash) via an invalid syscall number, as demonstrated by number
1000.
CVE-2014-4656: Multiple integer overflows in sound/core/control.c in the
ALSA control implementation in the Linux kernel allowed local users to
cause a denial of service by leveraging /dev/snd/controlCX access, related
to (1) index values in the snd_ctl_add function and (2) numid values in
the snd_ctl_remove_numid_conflict function.
CVE-2014-4655: The snd_ctl_elem_add function in sound/core/control.c in
the ALSA control implementation in the Linux kernel did not properly
maintain the user_ctl_count value, which allowed local users to cause a
denial of service (integer overflow and limit bypass) by leveraging
/dev/snd/controlCX access for a large number of
SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.
CVE-2014-4654: The snd_ctl_elem_add function in sound/core/control.c in
the ALSA control implementation in the Linux kernel did not check
authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allowed
local users to remove kernel controls and cause a denial of service
(use-after-free and system crash) by leveraging /dev/snd/controlCX access
for an ioctl call.
CVE-2014-4653: sound/core/control.c in the ALSA control implementation in
the Linux kernel did not ensure possession of a read/write lock, which
allowed local users to cause a denial of service (use-after-free) and
obtain sensitive information from kernel memory by leveraging
/dev/snd/controlCX access.
CVE-2014-4652: Race condition in the tlv handler functionality in the
snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control
implementation in the Linux kernel allowed local users to obtain sensitive
information from kernel memory by leveraging /dev/snd/controlCX access.
CVE-2014-4014: The capabilities implementation in the Linux kernel did not
properly consider that namespaces are inapplicable to inodes, which
allowed local users to bypass intended chmod restrictions by first
creating a user namespace, as demonstrated by setting the setgid bit on a
file with group ownership of root.
CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the Linux
kernel did not properly count the addition of routes, which allowed remote
attackers to cause a denial of service (memory consumption) via a flood of
ICMPv6 Router Advertisement packets.
CVE-2014-3917: kernel/auditsc.c in the Linux kernel, when
CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allowed local
users to obtain potentially sensitive single-bit values from kernel memory
or cause a denial of service (OOPS) via a large value of a syscall number.
CVE-2014-0131: Use-after-free vulnerability in the skb_segment function in
net/core/skbuff.c in the Linux kernel allowed attackers to obtain
sensitive information from kernel memory by leveraging the absence of a
certain orphaning operation.
CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST
extension implementations in the sk_run_filter function in
net/core/filter.c in the Linux kernel did not check whether a certain
length value is sufficiently large, which allowed local users to cause a
denial of service (integer underflow and system crash) via crafted BPF
instructions.
CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension implementation in the
sk_run_filter function in net/core/filter.c in the Linux kernel used the
reverse order in a certain subtraction, which allowed local users to cause
a denial of service (over-read and system crash) via crafted BPF
instructions. NOTE: the affected code was moved to the
__skb_get_nlattr_nest function before the vulnerability was announced.
Additional Bug fixed:
- HID: logitech-dj: Fix USB 3.0 issue (bnc#788080).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.3:
zypper in -t patch openSUSE-2014-478
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.3 (i586 x86_64):
kernel-default-3.7.10-1.40.1
kernel-default-base-3.7.10-1.40.1
kernel-default-base-debuginfo-3.7.10-1.40.1
kernel-default-debuginfo-3.7.10-1.40.1
kernel-default-debugsource-3.7.10-1.40.1
kernel-default-devel-3.7.10-1.40.1
kernel-default-devel-debuginfo-3.7.10-1.40.1
kernel-syms-3.7.10-1.40.1
- openSUSE 12.3 (i686 x86_64):
kernel-debug-3.7.10-1.40.1
kernel-debug-base-3.7.10-1.40.1
kernel-debug-base-debuginfo-3.7.10-1.40.1
kernel-debug-debuginfo-3.7.10-1.40.1
kernel-debug-debugsource-3.7.10-1.40.1
kernel-debug-devel-3.7.10-1.40.1
kernel-debug-devel-debuginfo-3.7.10-1.40.1
kernel-desktop-3.7.10-1.40.1
kernel-desktop-base-3.7.10-1.40.1
kernel-desktop-base-debuginfo-3.7.10-1.40.1
kernel-desktop-debuginfo-3.7.10-1.40.1
kernel-desktop-debugsource-3.7.10-1.40.1
kernel-desktop-devel-3.7.10-1.40.1
kernel-desktop-devel-debuginfo-3.7.10-1.40.1
kernel-ec2-3.7.10-1.40.1
kernel-ec2-base-3.7.10-1.40.1
kernel-ec2-base-debuginfo-3.7.10-1.40.1
kernel-ec2-debuginfo-3.7.10-1.40.1
kernel-ec2-debugsource-3.7.10-1.40.1
kernel-ec2-devel-3.7.10-1.40.1
kernel-ec2-devel-debuginfo-3.7.10-1.40.1
kernel-trace-3.7.10-1.40.1
kernel-trace-base-3.7.10-1.40.1
kernel-trace-base-debuginfo-3.7.10-1.40.1
kernel-trace-debuginfo-3.7.10-1.40.1
kernel-trace-debugsource-3.7.10-1.40.1
kernel-trace-devel-3.7.10-1.40.1
kernel-trace-devel-debuginfo-3.7.10-1.40.1
kernel-vanilla-3.7.10-1.40.1
kernel-vanilla-debuginfo-3.7.10-1.40.1
kernel-vanilla-debugsource-3.7.10-1.40.1
kernel-vanilla-devel-3.7.10-1.40.1
kernel-vanilla-devel-debuginfo-3.7.10-1.40.1
kernel-xen-3.7.10-1.40.1
kernel-xen-base-3.7.10-1.40.1
kernel-xen-base-debuginfo-3.7.10-1.40.1
kernel-xen-debuginfo-3.7.10-1.40.1
kernel-xen-debugsource-3.7.10-1.40.1
kernel-xen-devel-3.7.10-1.40.1
kernel-xen-devel-debuginfo-3.7.10-1.40.1
- openSUSE 12.3 (noarch):
kernel-devel-3.7.10-1.40.1
kernel-docs-3.7.10-1.40.2
kernel-source-3.7.10-1.40.1
kernel-source-vanilla-3.7.10-1.40.1
- openSUSE 12.3 (i686):
kernel-pae-3.7.10-1.40.1
kernel-pae-base-3.7.10-1.40.1
kernel-pae-base-debuginfo-3.7.10-1.40.1
kernel-pae-debuginfo-3.7.10-1.40.1
kernel-pae-debugsource-3.7.10-1.40.1
kernel-pae-devel-3.7.10-1.40.1
kernel-pae-devel-debuginfo-3.7.10-1.40.1
References:
http://support.novell.com/security/cve/CVE-2014-0131.html
http://support.novell.com/security/cve/CVE-2014-2309.html
http://support.novell.com/security/cve/CVE-2014-3144.html
http://support.novell.com/security/cve/CVE-2014-3145.html
http://support.novell.com/security/cve/CVE-2014-3917.html
http://support.novell.com/security/cve/CVE-2014-4014.html
http://support.novell.com/security/cve/CVE-2014-4171.html
http://support.novell.com/security/cve/CVE-2014-4508.html
http://support.novell.com/security/cve/CVE-2014-4652.html
http://support.novell.com/security/cve/CVE-2014-4653.html
http://support.novell.com/security/cve/CVE-2014-4654.html
http://support.novell.com/security/cve/CVE-2014-4655.html
http://support.novell.com/security/cve/CVE-2014-4656.html
http://support.novell.com/security/cve/CVE-2014-4667.html
http://support.novell.com/security/cve/CVE-2014-4699.html
https://bugzilla.novell.com/788080
https://bugzilla.novell.com/867531
https://bugzilla.novell.com/867723
https://bugzilla.novell.com/877257
https://bugzilla.novell.com/880484
https://bugzilla.novell.com/882189
https://bugzilla.novell.com/883518
https://bugzilla.novell.com/883724
https://bugzilla.novell.com/883795
https://bugzilla.novell.com/885422
https://bugzilla.novell.com/885725
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0