Security update for kernel live patch 0 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:0751-1 Final 1 1 2016-03-14T13:30:56Z current 2016-03-14T13:30:56Z 2016-03-14T13:30:56Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for kernel live patch 0 This kernel live patch for Linux Kernel 3.12.49-11.1 fixes three security issues: Fixes: - CVE-2016-0728: A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962078). - CVE-2015-8660: The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. (bsc#960329) - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. (bsc#955837) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Live-Patching-12-2016-439 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20160751-1/ Link for SUSE-SU-2016:0751-1 https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html E-Mail link for SUSE-SU-2016:0751-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/955837 SUSE Bug 955837 https://bugzilla.suse.com/960329 SUSE Bug 960329 https://bugzilla.suse.com/962078 SUSE Bug 962078 https://www.suse.com/security/cve/CVE-2013-7446/ SUSE CVE CVE-2013-7446 page https://www.suse.com/security/cve/CVE-2015-8660/ SUSE CVE CVE-2015-8660 page https://www.suse.com/security/cve/CVE-2016-0728/ SUSE CVE CVE-2016-0728 page SUSE Linux Enterprise Live Patching 12 kgraft-patch-3_12_49-11-default-3-8.2 kgraft-patch-3_12_49-11-xen-3-8.2 kgraft-patch-3_12_49-11-default-3-8.2 as a component of SUSE Linux Enterprise Live Patching 12 kgraft-patch-3_12_49-11-xen-3-8.2 as a component of SUSE Linux Enterprise Live Patching 12 Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. CVE-2013-7446 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-3-8.2 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-3-8.2 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20160751-1/ https://www.suse.com/security/cve/CVE-2013-7446.html CVE-2013-7446 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/955654 SUSE Bug 955654 https://bugzilla.suse.com/955837 SUSE Bug 955837 The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. CVE-2015-8660 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-3-8.2 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-3-8.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20160751-1/ https://www.suse.com/security/cve/CVE-2015-8660.html CVE-2015-8660 https://bugzilla.suse.com/923755 SUSE Bug 923755 https://bugzilla.suse.com/960281 SUSE Bug 960281 https://bugzilla.suse.com/960329 SUSE Bug 960329 https://bugzilla.suse.com/963994 SUSE Bug 963994 The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. CVE-2016-0728 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-3-8.2 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-3-8.2 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20160751-1/ https://www.suse.com/security/cve/CVE-2016-0728.html CVE-2016-0728 https://bugzilla.suse.com/923755 SUSE Bug 923755 https://bugzilla.suse.com/962075 SUSE Bug 962075 https://bugzilla.suse.com/962078 SUSE Bug 962078 https://bugzilla.suse.com/963994 SUSE Bug 963994