Updated kernel-linus packages fix security vulnerabilities

This update is based on the upstream 4.4.16 kernel and fixes at least theese security issues: nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c. CVE-2016-1237. The...

SUSE-SU-2016:2175-1 Security update for Linux Kernel Live Patch 6 for SLE 12 SP1

This update for the Linux Kernel 3.12.59-6045 fixes several issues. The following security bugs were fixed: - CVE-2016-6480: Race condition in the ioctlsendfib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service out-of-bounds access or...

kernel security and bug fix update

3.10.0-327.28.3.OL7 - Oracle Linux certificates Alexey Petrenko 3.10.0-327.28.3 - net tcp: enable per-socket rate limiting of all 'challenge acks' Florian Westphal 1355603 1355605 CVE-2016-5696 - net tcp: uninline tcpoowratelimited Florian Westphal 1355603 1355605 CVE-2016-5696 - net tcp: make...

SUSE-SU-2016:2000-1 Security update for Linux Kernel Live Patch 4 for SLE 12 SP1

This update for the Linux Kernel 3.12.57-6035 fixes the several issues. These security issues were fixed: - CVE-2016-4470: The keyrejectandlink function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a...

SUSE-SU-2016:2005-1 Security update for Linux Kernel Live Patch 8 for SLE 12

This update for the Linux Kernel 3.12.48-5227 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The keyrejectandlink function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a...

SUSE-SU-2016:1961-1 Security update for Linux Kernel Live Patch 0 for SLE 12 SP1

This update for the Linux Kernel 3.12.49-11.1 fixes the several issues. These security issues were fixed: - CVE-2016-4470: The keyrejectandlink function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a...

kernel security and bug fix update

3.10.0-327.28.2.OL7 - Oracle Linux certificates Alexey Petrenko 3.10.0-327.28.2 - net bridge: include in6.h in ifbridge.h for struct in6addr Jiri Benc 1331285 1268057 - net inet: defines IPPROTO needed for module alias generation Jiri Benc 1331285 1268057 - net sync some IP headers with glibc Jir...

kernel security and bug fix update

2.6.32-642.3.1 - infiniband security: Restrict use of the write interface Don Dutile 1332547 1332548 CVE-2016-4565 2.6.32-642.2.1 - sched Revert 'kernel: sched: Cure load average vs NOHZ woes' Rafael Aquini 1343015 1326373 - sched Revert 'kernel: sched: Cure more NOHZ load average woes' Rafael...

SUSE-SU-2016:1764-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP1 Realtime kernel was updated to 3.12.58 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-7566: The treoattach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a...

Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information

The Linux-image-2.6.26-2-parisc64 package of the Debian GNU/Linux operating system has multiple vulnerabilities. Exploitation of these vulnerabilities may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...

Design/Logic Flaw

The tipcnlcompatlinkdump function in net/tipc/netlinkcompat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message...

Linux Kernel - 'ecryptfs' '/proc/$pid/environ' Local Privilege Escalation

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=836 Stacking filesystems, including ecryptfs, protect themselves against deep nesting, which would lead to kernel stack overflow, by tracking the recursion depth of filesystems. E.g. in ecryptfs, this is implemented in ecryptfsmoun...

Design/Logic Flaw

The rtnlfilllinkifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message...

FreeBSD-SA-16:19.sendmsg

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:19.sendmsg Security Advisory The FreeBSD Project Topic: Incorrect argument handling in sendmsg2 Category: core Module: kernel Announced: 2016-05-17 Credits:...

kernel security, bug fix, and enhancement update

2.6.32-642 - scsi fc: revert - ensure scanwork isnt active when freeing fcrport Ewan Milne 1326447 - netdrv ixgbe: Update ixgbe driver to use netdevpicktx in ixgbeselectqueue John Greene 1310749 - netdrv mlx5e: Fix adding vlan rule with vid zero twice Kamal Heib 1322809 2.6.32-641 - netdrv ixgbe:...

SUSE-SU-2016:1203-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2013-7446: Use-after-free vulnerability in net/unix/afunix.c in the Linux kernel allowed local users to bypass intended AFUNIX socket permissions or cause a...

CVE-2016-3134

The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service heap memory corruption via an IPTSOSETREPLACE setsockopt call...

CVE-2016-2550

The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service memory consumption by leveraging incorrect tracking of descriptor ownership and sending each descriptor over a UNIX socket before closing it. NOTE: this vulnerability exists because of an...

CVE-2015-8844

The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service TM Bad Thing exception and panic via a crafted application...

SUSE-SU-2016:1031-1 Security update for Linux Kernel Live Patch 0 for SP 1

This update for the Linux Kernel 3.12.49-11.1 fixes the following issues: - CVE-2016-2384: A malicious USB device could cause a kernel crash in the alsa usb-audio driver. bsc967773 - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the network was considered congested. The kernel...