Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » SUSE-2014:9237

Overview

Id SUSE-2014:9237
Name Novell SUSE 2014:9237 kernel security update for SLE 11 SP3 x86_64
Vendor Name novell
Product Novell
Content Type Critical Critical
Language(s)
Operating System(s) Linux 
Released On 13 May 2014 12:00:00

SUSE-2014:9237

Novell SUSE 2014:9237 kernel security update for SLE 11 SP3 x86_64

Vendor Name

novell

Product

Novell

Released On

13 May 2014 12:00:00

Url

http://www.novell.com/support

Description

LSAC(v2)
The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix the following severe security issues: * CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. (bnc#875798) * CVE-2014-1738: The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device. (bnc#875798) * CVE-2014-0196: The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. (bnc#875690) Security Issues references: * CVE-2014-0196 * CVE-2014-1737 * CVE-2014-1738

Related Resources

Related Vulnerabilities

None

Related Patches

None

Superseded Patches


Last Updated: 27 May 2016 11:18:53