[security-announce] SUSE-SU-2014:0775-1: critical: Security update for Linux Kernel

SUSE Security Update: Security update for Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0775-1 Rating: critical References: #880892 Cross-References: CVE-2014-3153 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix a critical privilege escalation security issue: * CVE-2014-3153: The futex acquisition code in kernel/futex.c can be used to gain ring0 access via the futex syscall. This could be used for privilege escalation by non-root users. (bnc#880892) Security Issue reference: * CVE-2014-3153 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-kernel-9328 slessp3-kernel-9329 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kernel-9328 slessp3-kernel-9329 slessp3-kernel-9330 slessp3-kernel-9331 slessp3-kernel-9346 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-kernel-9328 slehasp3-kernel-9329 slehasp3-kernel-9330 slehasp3-kernel-9331 slehasp3-kernel-9346 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-kernel-9328 sledsp3-kernel-9329 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.31.1 kernel-default-base-3.0.101-0.31.1 kernel-default-devel-3.0.101-0.31.1 kernel-source-3.0.101-0.31.1 kernel-syms-3.0.101-0.31.1 kernel-trace-3.0.101-0.31.1 kernel-trace-base-3.0.101-0.31.1 kernel-trace-devel-3.0.101-0.31.1 kernel-xen-devel-3.0.101-0.31.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.31.1 kernel-pae-base-3.0.101-0.31.1 kernel-pae-devel-3.0.101-0.31.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.31.1 kernel-default-base-3.0.101-0.31.1 kernel-default-devel-3.0.101-0.31.1 kernel-source-3.0.101-0.31.1 kernel-syms-3.0.101-0.31.1 kernel-trace-3.0.101-0.31.1 kernel-trace-base-3.0.101-0.31.1 kernel-trace-devel-3.0.101-0.31.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64) [New Version: 3.0.101]: kernel-ec2-3.0.101-0.31.1 kernel-ec2-base-3.0.101-0.31.1 kernel-ec2-devel-3.0.101-0.31.1 kernel-xen-3.0.101-0.31.1 kernel-xen-base-3.0.101-0.31.1 kernel-xen-devel-3.0.101-0.31.1 xen-kmp-default-4.2.4_02_3.0.101_0.31-0.7.33 - SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 3.0.101]: kernel-default-man-3.0.101-0.31.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64) [New Version: 3.0.101]: kernel-ppc64-3.0.101-0.31.1 kernel-ppc64-base-3.0.101-0.31.1 kernel-ppc64-devel-3.0.101-0.31.1 - SUSE Linux Enterprise Server 11 SP3 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.31.1 kernel-pae-base-3.0.101-0.31.1 kernel-pae-devel-3.0.101-0.31.1 xen-kmp-pae-4.2.4_02_3.0.101_0.31-0.7.33 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.101_0.31-2.27.69 cluster-network-kmp-trace-1.4_3.0.101_0.31-2.27.69 gfs2-kmp-default-2_3.0.101_0.31-0.16.75 gfs2-kmp-trace-2_3.0.101_0.31-0.16.75 ocfs2-kmp-default-1.6_3.0.101_0.31-0.20.69 ocfs2-kmp-trace-1.6_3.0.101_0.31-0.20.69 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.101_0.31-2.27.69 gfs2-kmp-xen-2_3.0.101_0.31-0.16.75 ocfs2-kmp-xen-1.6_3.0.101_0.31-0.20.69 - SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.101_0.31-2.27.69 gfs2-kmp-ppc64-2_3.0.101_0.31-0.16.75 ocfs2-kmp-ppc64-1.6_3.0.101_0.31-0.20.69 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586): cluster-network-kmp-pae-1.4_3.0.101_0.31-2.27.69 gfs2-kmp-pae-2_3.0.101_0.31-0.16.75 ocfs2-kmp-pae-1.6_3.0.101_0.31-0.20.69 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.31.1 kernel-default-base-3.0.101-0.31.1 kernel-default-devel-3.0.101-0.31.1 kernel-default-extra-3.0.101-0.31.1 kernel-source-3.0.101-0.31.1 kernel-syms-3.0.101-0.31.1 kernel-trace-devel-3.0.101-0.31.1 kernel-xen-3.0.101-0.31.1 kernel-xen-base-3.0.101-0.31.1 kernel-xen-devel-3.0.101-0.31.1 kernel-xen-extra-3.0.101-0.31.1 xen-kmp-default-4.2.4_02_3.0.101_0.31-0.7.33 - SUSE Linux Enterprise Desktop 11 SP3 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.31.1 kernel-pae-base-3.0.101-0.31.1 kernel-pae-devel-3.0.101-0.31.1 kernel-pae-extra-3.0.101-0.31.1 xen-kmp-pae-4.2.4_02_3.0.101_0.31-0.7.33 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.31.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): kernel-xen-extra-3.0.101-0.31.1 - SLE 11 SERVER Unsupported Extras (ppc64): kernel-ppc64-extra-3.0.101-0.31.1 - SLE 11 SERVER Unsupported Extras (i586): kernel-pae-extra-3.0.101-0.31.1 References: http://support.novell.com/security/cve/CVE-2014-3153.html https://bugzilla.novell.com/880892 http://download.suse.com/patch/finder/?keywords=0cdcfea3b263f03fc7b11c9e27c6... http://download.suse.com/patch/finder/?keywords=2394b6ce8b434732566fe3cbf2a9... http://download.suse.com/patch/finder/?keywords=5d5df6a9a600dbe5fe09c19d8dc2... http://download.suse.com/patch/finder/?keywords=8a869bd2122273831bd282fab237... http://download.suse.com/patch/finder/?keywords=a8f8feb5552e1da3b52f48f677f4... http://download.suse.com/patch/finder/?keywords=a9d9490d68822582cd43af9c0c2a... http://download.suse.com/patch/finder/?keywords=c905f5237a7e0ae4f9fdf0c325c0... http://download.suse.com/patch/finder/?keywords=f6e7ea94e8ad3ddbdf3d897e2a3f... http://download.suse.com/patch/finder/?keywords=fab06fd0fffc9ae59673101aeace... http://download.suse.com/patch/finder/?keywords=fd1bf222c9f9ff4cc32dae8bac45... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org