Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » SUSE-2015:10416

Overview

Id SUSE-2015:10416
Name Novell SUSE 2015:10416 kernel security update for SLE 11 SP3 x86_64
Vendor Name novell
Product Novell
Content Type Critical Critical
Language(s)
Operating System(s) Linux 
Released On 06 Mar 2015 12:00:00

SUSE-2015:10416

Novell SUSE 2015:10416 kernel security update for SLE 11 SP3 x86_64

Vendor Name

novell

Product

Novell

Released On

06 Mar 2015 12:00:00

Url

http://www.novell.com/support

Description

LSAC(v2)
The SUSE Linux Enterprise 11 SP3 kernel has been updated to receive various security and bugfixes. New features enabled: * The Ceph and rbd remote network block device drivers are now enabled and supported, to serve as client for SUSE Enterprise Storage 1.0. (FATE#318328) * Support to selected Bay Trail CPUs used in Point of Service Hardware was enabled. (FATE#317933) * Broadwell Legacy Audio, HDMI Audio and DisplayPort Audio support (Audio Driver: HD-A HDMI/DP Audio/HDA Analog/DSP) was enabled. (FATE#317347) The following security bugs have been fixed: * CVE-2015-1593: An integer overflow in the stack randomization on 64-bit systems lead to less effective stack ASLR on those systems. (bsc#917839) * CVE-2014-8160: iptables rules could be bypassed if the specific network protocol module was not loaded, allowing e.g. SCTP to bypass the firewall if the sctp protocol was not enabled. (bsc#913059) * CVE-2014-7822: A flaw was found in the way the Linux kernels splice() system call validated its parameters. On certain file systems, a local, unprivileged user could have used this flaw to write past the maximum file size, and thus crash the system. (bnc#915322) * CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel did not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which made it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address (bnc#911326). * CVE-2014-9584: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel did not validate a length value in the Extensions Reference (ER) System Use Field, which allowed local users to obtain sensitive information from kernel memory via a crafted iso9660 image (bnc#912654). * CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel did not properly choose memory locations for the vDSO area, which made it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD (bnc#912705). * CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel did not properly maintain the semantics of rename_lock, which allowed local users to cause a denial of service (deadlock and system hang) via a crafted application (bnc#903640). * CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the Linux kernel did not restrict the number of Rock Ridge continuation entries, which allowed local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image (bsc#911325). * CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel used an improper paravirt_enabled setting for KVM guest kernels, which made it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value (bnc#907818 909077 909078). * CVE-2014-8369: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel miscalculated the number of pages during the handling of a mapping failure, which allowed guest OS users to cause a denial of service (host

Related Resources

Related Vulnerabilities

None

Related Patches

None

Superseded Patches


Last Updated: 27 May 2016 11:20:56