Mailinglist Archive: opensuse-security-announce (32 mails)

< Previous Next >
[security-announce] SUSE-SU-2014:0775-1: critical: Security update for Linux Kernel
SUSE Security Update: Security update for Linux Kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2014:0775-1
Rating: critical
References: #880892
Cross-References: CVE-2014-3153
Affected Products:
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise High Availability Extension 11 SP3
SUSE Linux Enterprise Desktop 11 SP3
SLE 11 SERVER Unsupported Extras
______________________________________________________________________________

An update that fixes one vulnerability is now available. It
includes one version update.

Description:


The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix a
critical privilege escalation security issue:

* CVE-2014-3153: The futex acquisition code in kernel/futex.c can be
used to gain ring0 access via the futex syscall. This could be used
for privilege escalation by non-root users. (bnc#880892)

Security Issue reference:

* CVE-2014-3153
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153>

Indications:

Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Server 11 SP3 for VMware:

zypper in -t patch slessp3-kernel-9328 slessp3-kernel-9329

- SUSE Linux Enterprise Server 11 SP3:

zypper in -t patch slessp3-kernel-9328 slessp3-kernel-9329
slessp3-kernel-9330 slessp3-kernel-9331 slessp3-kernel-9346

- SUSE Linux Enterprise High Availability Extension 11 SP3:

zypper in -t patch slehasp3-kernel-9328 slehasp3-kernel-9329
slehasp3-kernel-9330 slehasp3-kernel-9331 slehasp3-kernel-9346

- SUSE Linux Enterprise Desktop 11 SP3:

zypper in -t patch sledsp3-kernel-9328 sledsp3-kernel-9329

To bring your system up-to-date, use "zypper patch".


Package List:

- SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version:
3.0.101]:

kernel-default-3.0.101-0.31.1
kernel-default-base-3.0.101-0.31.1
kernel-default-devel-3.0.101-0.31.1
kernel-source-3.0.101-0.31.1
kernel-syms-3.0.101-0.31.1
kernel-trace-3.0.101-0.31.1
kernel-trace-base-3.0.101-0.31.1
kernel-trace-devel-3.0.101-0.31.1
kernel-xen-devel-3.0.101-0.31.1

- SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version:
3.0.101]:

kernel-pae-3.0.101-0.31.1
kernel-pae-base-3.0.101-0.31.1
kernel-pae-devel-3.0.101-0.31.1

- SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New
Version: 3.0.101]:

kernel-default-3.0.101-0.31.1
kernel-default-base-3.0.101-0.31.1
kernel-default-devel-3.0.101-0.31.1
kernel-source-3.0.101-0.31.1
kernel-syms-3.0.101-0.31.1
kernel-trace-3.0.101-0.31.1
kernel-trace-base-3.0.101-0.31.1
kernel-trace-devel-3.0.101-0.31.1

- SUSE Linux Enterprise Server 11 SP3 (i586 x86_64) [New Version: 3.0.101]:

kernel-ec2-3.0.101-0.31.1
kernel-ec2-base-3.0.101-0.31.1
kernel-ec2-devel-3.0.101-0.31.1
kernel-xen-3.0.101-0.31.1
kernel-xen-base-3.0.101-0.31.1
kernel-xen-devel-3.0.101-0.31.1
xen-kmp-default-4.2.4_02_3.0.101_0.31-0.7.33

- SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 3.0.101]:

kernel-default-man-3.0.101-0.31.1

- SUSE Linux Enterprise Server 11 SP3 (ppc64) [New Version: 3.0.101]:

kernel-ppc64-3.0.101-0.31.1
kernel-ppc64-base-3.0.101-0.31.1
kernel-ppc64-devel-3.0.101-0.31.1

- SUSE Linux Enterprise Server 11 SP3 (i586) [New Version: 3.0.101]:

kernel-pae-3.0.101-0.31.1
kernel-pae-base-3.0.101-0.31.1
kernel-pae-devel-3.0.101-0.31.1
xen-kmp-pae-4.2.4_02_3.0.101_0.31-0.7.33

- SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64
s390x x86_64):

cluster-network-kmp-default-1.4_3.0.101_0.31-2.27.69
cluster-network-kmp-trace-1.4_3.0.101_0.31-2.27.69
gfs2-kmp-default-2_3.0.101_0.31-0.16.75
gfs2-kmp-trace-2_3.0.101_0.31-0.16.75
ocfs2-kmp-default-1.6_3.0.101_0.31-0.20.69
ocfs2-kmp-trace-1.6_3.0.101_0.31-0.20.69

- SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 x86_64):

cluster-network-kmp-xen-1.4_3.0.101_0.31-2.27.69
gfs2-kmp-xen-2_3.0.101_0.31-0.16.75
ocfs2-kmp-xen-1.6_3.0.101_0.31-0.20.69

- SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64):

cluster-network-kmp-ppc64-1.4_3.0.101_0.31-2.27.69
gfs2-kmp-ppc64-2_3.0.101_0.31-0.16.75
ocfs2-kmp-ppc64-1.6_3.0.101_0.31-0.20.69

- SUSE Linux Enterprise High Availability Extension 11 SP3 (i586):

cluster-network-kmp-pae-1.4_3.0.101_0.31-2.27.69
gfs2-kmp-pae-2_3.0.101_0.31-0.16.75
ocfs2-kmp-pae-1.6_3.0.101_0.31-0.20.69

- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.0.101]:

kernel-default-3.0.101-0.31.1
kernel-default-base-3.0.101-0.31.1
kernel-default-devel-3.0.101-0.31.1
kernel-default-extra-3.0.101-0.31.1
kernel-source-3.0.101-0.31.1
kernel-syms-3.0.101-0.31.1
kernel-trace-devel-3.0.101-0.31.1
kernel-xen-3.0.101-0.31.1
kernel-xen-base-3.0.101-0.31.1
kernel-xen-devel-3.0.101-0.31.1
kernel-xen-extra-3.0.101-0.31.1
xen-kmp-default-4.2.4_02_3.0.101_0.31-0.7.33

- SUSE Linux Enterprise Desktop 11 SP3 (i586) [New Version: 3.0.101]:

kernel-pae-3.0.101-0.31.1
kernel-pae-base-3.0.101-0.31.1
kernel-pae-devel-3.0.101-0.31.1
kernel-pae-extra-3.0.101-0.31.1
xen-kmp-pae-4.2.4_02_3.0.101_0.31-0.7.33

- SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):

kernel-default-extra-3.0.101-0.31.1

- SLE 11 SERVER Unsupported Extras (i586 x86_64):

kernel-xen-extra-3.0.101-0.31.1

- SLE 11 SERVER Unsupported Extras (ppc64):

kernel-ppc64-extra-3.0.101-0.31.1

- SLE 11 SERVER Unsupported Extras (i586):

kernel-pae-extra-3.0.101-0.31.1


References:

http://support.novell.com/security/cve/CVE-2014-3153.html
https://bugzilla.novell.com/880892

http://download.suse.com/patch/finder/?keywords=0cdcfea3b263f03fc7b11c9e27c68106

http://download.suse.com/patch/finder/?keywords=2394b6ce8b434732566fe3cbf2a956f7

http://download.suse.com/patch/finder/?keywords=5d5df6a9a600dbe5fe09c19d8dc24b0e

http://download.suse.com/patch/finder/?keywords=8a869bd2122273831bd282fab2377076

http://download.suse.com/patch/finder/?keywords=a8f8feb5552e1da3b52f48f677f467cf

http://download.suse.com/patch/finder/?keywords=a9d9490d68822582cd43af9c0c2aa6d7

http://download.suse.com/patch/finder/?keywords=c905f5237a7e0ae4f9fdf0c325c0dbb2

http://download.suse.com/patch/finder/?keywords=f6e7ea94e8ad3ddbdf3d897e2a3ff6b8

http://download.suse.com/patch/finder/?keywords=fab06fd0fffc9ae59673101aeace943a

http://download.suse.com/patch/finder/?keywords=fd1bf222c9f9ff4cc32dae8bac451528

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages