Lucene search

K
suseSuseSUSE-SU-2016:0381-1
HistoryFeb 08, 2016 - 6:13 p.m.

Security update for kernel live patch 4 (important)

2016-02-0818:13:14
lists.opensuse.org
34
kernel live patch
linux kernel
security issues
bugs
cve-2015-8539
cve-2015-6937
cve-2015-7990
cve-2015-7872
cve-2015-2925
dos
rds
keyring
xfs
kallsyms initialization

EPSS

0.001

Percentile

17.0%

This kernel live patch for Linux Kernel 3.12.39-47.1 fixes security issues
and bugs:

Security issues fixed:

  • CVE-2015-8539: A negatively instantiated user key could have been used
    by a local user to leverage privileges (bnc#958601).

  • CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable
    Datagram Sockets (RDS) implementation allowing a local user to cause
    system DoS. A verification was missing that the underlying transport
    exists when a connection was created. (bsc#953052)

  • CVE-2015-7990: RDS: Verify the underlying transport exists before
    creating a connection, preventing possible DoS (bsc#953052).

  • CVE-2015-7872: Possible crash when trying to garbage collect an
    uninstantiated keyring (bsc#951542).

  • CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux
    kernel did not properly handle rename actions inside a bind mount, which
    allowed local users to bypass an intended container protection mechanism
    by renaming a directory, related to a "double-chroot attack (bnc#951625).

Non-security bugfix were also done:

  • xfs: Fix lost direct IO write in the last block (bsc#954005).
  • simple fix in kallsyms initialization (bsc#940342 bsc#916225)