[opensuse-security] Re: [security-announce] SUSE-SU-2014:0775-1, USE-SU-2014:0807-1: critical: Security update for Linux Kernel CVE-2014-3153
Hi, Can someone tell me if the latest kernel-default-3.0.101-0.7.19.1 in SLES 11 SP2 is affected by CVE-2014-3153? Can I test if my kernel is affected? Background: I saw this announcement aboutCVE-2014-3153. It is reported against SLES 11 SP3 and there are some references to SLES 11 SP1 LTSS but nothing about SP2. Thanks, --george Original mail: SUSE Security Update: Security update for Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0807-1 Rating: important References: #630970 #661605 #663516 #761774 #792407 #852553 #852967 #854634 #854743 #856756 #857643 #863335 #865310 #866102 #868049 #868488 #868653 #869563 #871561 #873070 #874108 #875690 #875798 #876102 #878289 #880892 Cross-References: CVE-2012-6647 CVE-2013-6382 CVE-2013-6885 CVE-2013-7027 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7339 CVE-2014-0101 CVE-2014-0196 CVE-2014-1737 CVE-2014-1738 CVE-2014-1874 CVE-2014-2523 CVE-2014-2678 CVE-2014-3122 CVE-2014-3153 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 17 vulnerabilities and has 9 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise Server 11 SP1 LTSS kernel received a roll-up update to fix security and non-security issues. The following security issues have been fixed: * CVE-2014-3153: The futex acquisition code in kernel/futex.c can be used to gain ring0 access via the futex syscall. This could be used for privilege escalation for non root users. (bnc#880892) -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
Hi, Yes, it is affected. The update for SLES 11 SP2 LTSS is currently in QA, targeted for release next week. Ciao, Marcus On Fri, Jun 20, 2014 at 05:24:02AM -0700, George Dimitrov wrote:
Hi,
Can someone tell me if the latest kernel-default-3.0.101-0.7.19.1 in SLES 11 SP2 is affected by CVE-2014-3153? Can I test if my kernel is affected?
Background: I saw this announcement aboutCVE-2014-3153. It is reported against SLES 11 SP3 and there are some references to SLES 11 SP1 LTSS but nothing about SP2.
Thanks,
--george
Original mail:
SUSE Security Update: Security update for Linux Kernel ______________________________________________________________________________
Announcement ID: SUSE-SU-2014:0807-1 Rating: important References: #630970 #661605 #663516 #761774 #792407 #852553 #852967 #854634 #854743 #856756 #857643 #863335 #865310 #866102 #868049 #868488 #868653 #869563 #871561 #873070 #874108 #875690 #875798 #876102 #878289 #880892 Cross-References: CVE-2012-6647 CVE-2013-6382 CVE-2013-6885 CVE-2013-7027 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7339 CVE-2014-0101 CVE-2014-0196 CVE-2014-1737 CVE-2014-1738 CVE-2014-1874 CVE-2014-2523 CVE-2014-2678 CVE-2014-3122 CVE-2014-3153 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS SLE 11 SERVER Unsupported Extras ______________________________________________________________________________
An update that solves 17 vulnerabilities and has 9 fixes is now available. It includes one version update.
Description:
The SUSE Linux Enterprise Server 11 SP1 LTSS kernel received a roll-up update to fix security and non-security issues.
The following security issues have been fixed:
*
CVE-2014-3153: The futex acquisition code in kernel/futex.c can be used to gain ring0 access via the futex syscall. This could be used for privilege escalation for non root users. (bnc#880892) -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
participants (2)
-
George Dimitrov
-
Marcus Meissner