SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:1613-1
Rating:             critical
References:         #1039348 #979021 
Cross-References:   CVE-2015-3288 CVE-2017-1000364
Affected Products:
                    SUSE Linux Enterprise Server 11-SP3-LTSS
                    SUSE Linux Enterprise Server 11-EXTRA
                    SUSE Linux Enterprise Point of Sale 11-SP3
                    SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:


   The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various
   security fixes.

   The following security bugs were fixed:

   - CVE-2017-1000364: The default stack guard page was too small and could
     be "jumped over" by userland programs using more than one page of stack
     in functions and so lead to memory corruption. This update extends the
     stack guard page to 1 MB (for 4k pages) and 16 MB (for 64k pages) to
     reduce this attack vector. This is not a kernel bugfix, but a hardening
     measure against this kind of userland attack.(bsc#1039348)

   - CVE-2015-3288: mm/memory.c in the Linux kernel mishandled anonymous
     pages, which allowed local users to gain privileges or cause a denial of
     service (page tainting) via a crafted application that triggers writing
     to page zero (bnc#979021).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP3-LTSS:

      zypper in -t patch slessp3-kernel-13156=1

   - SUSE Linux Enterprise Server 11-EXTRA:

      zypper in -t patch slexsp3-kernel-13156=1

   - SUSE Linux Enterprise Point of Sale 11-SP3:

      zypper in -t patch sleposp3-kernel-13156=1

   - SUSE Linux Enterprise Debuginfo 11-SP3:

      zypper in -t patch dbgsp3-kernel-13156=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):

      kernel-default-3.0.101-0.47.102.1
      kernel-default-base-3.0.101-0.47.102.1
      kernel-default-devel-3.0.101-0.47.102.1
      kernel-source-3.0.101-0.47.102.1
      kernel-syms-3.0.101-0.47.102.1
      kernel-trace-3.0.101-0.47.102.1
      kernel-trace-base-3.0.101-0.47.102.1
      kernel-trace-devel-3.0.101-0.47.102.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64):

      kernel-ec2-3.0.101-0.47.102.1
      kernel-ec2-base-3.0.101-0.47.102.1
      kernel-ec2-devel-3.0.101-0.47.102.1
      kernel-xen-3.0.101-0.47.102.1
      kernel-xen-base-3.0.101-0.47.102.1
      kernel-xen-devel-3.0.101-0.47.102.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64):

      kernel-bigsmp-3.0.101-0.47.102.1
      kernel-bigsmp-base-3.0.101-0.47.102.1
      kernel-bigsmp-devel-3.0.101-0.47.102.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x):

      kernel-default-man-3.0.101-0.47.102.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586):

      kernel-pae-3.0.101-0.47.102.1
      kernel-pae-base-3.0.101-0.47.102.1
      kernel-pae-devel-3.0.101-0.47.102.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):

      kernel-default-extra-3.0.101-0.47.102.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):

      kernel-xen-extra-3.0.101-0.47.102.1

   - SUSE Linux Enterprise Server 11-EXTRA (x86_64):

      kernel-bigsmp-extra-3.0.101-0.47.102.1
      kernel-trace-extra-3.0.101-0.47.102.1

   - SUSE Linux Enterprise Server 11-EXTRA (ppc64):

      kernel-ppc64-extra-3.0.101-0.47.102.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586):

      kernel-pae-extra-3.0.101-0.47.102.1

   - SUSE Linux Enterprise Point of Sale 11-SP3 (i586):

      kernel-default-3.0.101-0.47.102.1
      kernel-default-base-3.0.101-0.47.102.1
      kernel-default-devel-3.0.101-0.47.102.1
      kernel-ec2-3.0.101-0.47.102.1
      kernel-ec2-base-3.0.101-0.47.102.1
      kernel-ec2-devel-3.0.101-0.47.102.1
      kernel-pae-3.0.101-0.47.102.1
      kernel-pae-base-3.0.101-0.47.102.1
      kernel-pae-devel-3.0.101-0.47.102.1
      kernel-source-3.0.101-0.47.102.1
      kernel-syms-3.0.101-0.47.102.1
      kernel-trace-3.0.101-0.47.102.1
      kernel-trace-base-3.0.101-0.47.102.1
      kernel-trace-devel-3.0.101-0.47.102.1
      kernel-xen-3.0.101-0.47.102.1
      kernel-xen-base-3.0.101-0.47.102.1
      kernel-xen-devel-3.0.101-0.47.102.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):

      kernel-default-debuginfo-3.0.101-0.47.102.1
      kernel-default-debugsource-3.0.101-0.47.102.1
      kernel-trace-debuginfo-3.0.101-0.47.102.1
      kernel-trace-debugsource-3.0.101-0.47.102.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64):

      kernel-ec2-debuginfo-3.0.101-0.47.102.1
      kernel-ec2-debugsource-3.0.101-0.47.102.1
      kernel-xen-debuginfo-3.0.101-0.47.102.1
      kernel-xen-debugsource-3.0.101-0.47.102.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64):

      kernel-bigsmp-debuginfo-3.0.101-0.47.102.1
      kernel-bigsmp-debugsource-3.0.101-0.47.102.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586):

      kernel-pae-debuginfo-3.0.101-0.47.102.1
      kernel-pae-debugsource-3.0.101-0.47.102.1


References:

   https://www.suse.com/security/cve/CVE-2015-3288.html
   https://www.suse.com/security/cve/CVE-2017-1000364.html
   https://bugzilla.suse.com/1039348
   https://bugzilla.suse.com/979021

SuSE: 2017:1613-1: critical: the Linux Kernel

June 19, 2017
An update that fixes two vulnerabilities is now available

Summary

The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security fixes. The following security bugs were fixed: - CVE-2017-1000364: The default stack guard page was too small and could be "jumped over" by userland programs using more than one page of stack in functions and so lead to memory corruption. This update extends the stack guard page to 1 MB (for 4k pages) and 16 MB (for 64k pages) to reduce this attack vector. This is not a kernel bugfix, but a hardening measure against this kind of userland attack.(bsc#1039348) - CVE-2015-3288: mm/memory.c in the Linux kernel mishandled anonymous pages, which allowed local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero (bnc#979021). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-kernel-13156=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-13156=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kernel-13156=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-13156=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.47.102.1 kernel-default-base-3.0.101-0.47.102.1 kernel-default-devel-3.0.101-0.47.102.1 kernel-source-3.0.101-0.47.102.1 kernel-syms-3.0.101-0.47.102.1 kernel-trace-3.0.101-0.47.102.1 kernel-trace-base-3.0.101-0.47.102.1 kernel-trace-devel-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.47.102.1 kernel-ec2-base-3.0.101-0.47.102.1 kernel-ec2-devel-3.0.101-0.47.102.1 kernel-xen-3.0.101-0.47.102.1 kernel-xen-base-3.0.101-0.47.102.1 kernel-xen-devel-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): kernel-bigsmp-3.0.101-0.47.102.1 kernel-bigsmp-base-3.0.101-0.47.102.1 kernel-bigsmp-devel-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x): kernel-default-man-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): kernel-pae-3.0.101-0.47.102.1 kernel-pae-base-3.0.101-0.47.102.1 kernel-pae-devel-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-bigsmp-extra-3.0.101-0.47.102.1 kernel-trace-extra-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-0.47.102.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kernel-default-3.0.101-0.47.102.1 kernel-default-base-3.0.101-0.47.102.1 kernel-default-devel-3.0.101-0.47.102.1 kernel-ec2-3.0.101-0.47.102.1 kernel-ec2-base-3.0.101-0.47.102.1 kernel-ec2-devel-3.0.101-0.47.102.1 kernel-pae-3.0.101-0.47.102.1 kernel-pae-base-3.0.101-0.47.102.1 kernel-pae-devel-3.0.101-0.47.102.1 kernel-source-3.0.101-0.47.102.1 kernel-syms-3.0.101-0.47.102.1 kernel-trace-3.0.101-0.47.102.1 kernel-trace-base-3.0.101-0.47.102.1 kernel-trace-devel-3.0.101-0.47.102.1 kernel-xen-3.0.101-0.47.102.1 kernel-xen-base-3.0.101-0.47.102.1 kernel-xen-devel-3.0.101-0.47.102.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.47.102.1 kernel-default-debugsource-3.0.101-0.47.102.1 kernel-trace-debuginfo-3.0.101-0.47.102.1 kernel-trace-debugsource-3.0.101-0.47.102.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.47.102.1 kernel-ec2-debugsource-3.0.101-0.47.102.1 kernel-xen-debuginfo-3.0.101-0.47.102.1 kernel-xen-debugsource-3.0.101-0.47.102.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-bigsmp-debuginfo-3.0.101-0.47.102.1 kernel-bigsmp-debugsource-3.0.101-0.47.102.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586): kernel-pae-debuginfo-3.0.101-0.47.102.1 kernel-pae-debugsource-3.0.101-0.47.102.1

References

#1039348 #979021

Cross- CVE-2015-3288 CVE-2017-1000364

Affected Products:

SUSE Linux Enterprise Server 11-SP3-LTSS

SUSE Linux Enterprise Server 11-EXTRA

SUSE Linux Enterprise Point of Sale 11-SP3

SUSE Linux Enterprise Debuginfo 11-SP3

https://www.suse.com/security/cve/CVE-2015-3288.html

https://www.suse.com/security/cve/CVE-2017-1000364.html

https://bugzilla.suse.com/1039348

https://bugzilla.suse.com/979021

Severity
Announcement ID: SUSE-SU-2017:1613-1
Rating: critical

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved