Security update for Linux Kernel Live Patch 9 for SLE 12 SP1
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2017:0887-1
Final
1
1
2017-03-30T04:52:14Z
current
2017-03-30T04:52:14Z
2017-03-30T04:52:14Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for Linux Kernel Live Patch 9 for SLE 12 SP1
This update for the Linux Kernel 3.12.67-60_64_18 fixes one issue.
The following security bugs were fixed:
- CVE-2017-7184: The XFRM processsing in the Linux kernel 16.10 allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via an integer overflow, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bsc#1030575).
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
SUSE-SLE-Live-Patching-12-2017-499
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2017/suse-su-20170887-1/
Link for SUSE-SU-2017:0887-1
https://lists.suse.com/pipermail/sle-security-updates/2017-March/002774.html
E-Mail link for SUSE-SU-2017:0887-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1030575
SUSE Bug 1030575
https://www.suse.com/security/cve/CVE-2017-7184/
SUSE CVE CVE-2017-7184 page
SUSE Linux Enterprise Live Patching 12
kgraft-patch-3_12_67-60_64_18-default-6-2.1
kgraft-patch-3_12_67-60_64_18-xen-6-2.1
kgraft-patch-3_12_67-60_64_18-default-6-2.1 as a component of SUSE Linux Enterprise Live Patching 12
kgraft-patch-3_12_67-60_64_18-xen-6-2.1 as a component of SUSE Linux Enterprise Live Patching 12
The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52.
CVE-2017-7184
SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_67-60_64_18-default-6-2.1
SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_67-60_64_18-xen-6-2.1
moderate
6.6
AV:L/AC:M/Au:S/C:C/I:C/A:C
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20170887-1/
https://www.suse.com/security/cve/CVE-2017-7184.html
CVE-2017-7184
https://bugzilla.suse.com/1030573
SUSE Bug 1030573
https://bugzilla.suse.com/1030575
SUSE Bug 1030575
https://bugzilla.suse.com/1115893
SUSE Bug 1115893