SUSE-SU-2014:0775-1: critical: Security update for Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Jun 10 21:04:31 MDT 2014


   SUSE Security Update: Security update for Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:0775-1
Rating:             critical
References:         #880892 
Cross-References:   CVE-2014-3153
Affected Products:
                    SUSE Linux Enterprise Server 11 SP3 for VMware
                    SUSE Linux Enterprise Server 11 SP3
                    SUSE Linux Enterprise High Availability Extension 11 SP3
                    SUSE Linux Enterprise Desktop 11 SP3
                    SLE 11 SERVER Unsupported Extras
______________________________________________________________________________

   An update that fixes one vulnerability is now available. It
   includes one version update.

Description:


   The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix a
   critical privilege escalation security issue:

       * CVE-2014-3153: The futex acquisition code in kernel/futex.c can be
         used to gain ring0 access via the futex syscall. This could be used
         for privilege escalation by non-root users. (bnc#880892)

   Security Issue reference:

       * CVE-2014-3153
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153>

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP3 for VMware:

      zypper in -t patch slessp3-kernel-9328 slessp3-kernel-9329

   - SUSE Linux Enterprise Server 11 SP3:

      zypper in -t patch slessp3-kernel-9328 slessp3-kernel-9329 slessp3-kernel-9330 slessp3-kernel-9331 slessp3-kernel-9346

   - SUSE Linux Enterprise High Availability Extension 11 SP3:

      zypper in -t patch slehasp3-kernel-9328 slehasp3-kernel-9329 slehasp3-kernel-9330 slehasp3-kernel-9331 slehasp3-kernel-9346

   - SUSE Linux Enterprise Desktop 11 SP3:

      zypper in -t patch sledsp3-kernel-9328 sledsp3-kernel-9329

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 3.0.101]:

      kernel-default-3.0.101-0.31.1
      kernel-default-base-3.0.101-0.31.1
      kernel-default-devel-3.0.101-0.31.1
      kernel-source-3.0.101-0.31.1
      kernel-syms-3.0.101-0.31.1
      kernel-trace-3.0.101-0.31.1
      kernel-trace-base-3.0.101-0.31.1
      kernel-trace-devel-3.0.101-0.31.1
      kernel-xen-devel-3.0.101-0.31.1

   - SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version: 3.0.101]:

      kernel-pae-3.0.101-0.31.1
      kernel-pae-base-3.0.101-0.31.1
      kernel-pae-devel-3.0.101-0.31.1

   - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.101]:

      kernel-default-3.0.101-0.31.1
      kernel-default-base-3.0.101-0.31.1
      kernel-default-devel-3.0.101-0.31.1
      kernel-source-3.0.101-0.31.1
      kernel-syms-3.0.101-0.31.1
      kernel-trace-3.0.101-0.31.1
      kernel-trace-base-3.0.101-0.31.1
      kernel-trace-devel-3.0.101-0.31.1

   - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64) [New Version: 3.0.101]:

      kernel-ec2-3.0.101-0.31.1
      kernel-ec2-base-3.0.101-0.31.1
      kernel-ec2-devel-3.0.101-0.31.1
      kernel-xen-3.0.101-0.31.1
      kernel-xen-base-3.0.101-0.31.1
      kernel-xen-devel-3.0.101-0.31.1
      xen-kmp-default-4.2.4_02_3.0.101_0.31-0.7.33

   - SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 3.0.101]:

      kernel-default-man-3.0.101-0.31.1

   - SUSE Linux Enterprise Server 11 SP3 (ppc64) [New Version: 3.0.101]:

      kernel-ppc64-3.0.101-0.31.1
      kernel-ppc64-base-3.0.101-0.31.1
      kernel-ppc64-devel-3.0.101-0.31.1

   - SUSE Linux Enterprise Server 11 SP3 (i586) [New Version: 3.0.101]:

      kernel-pae-3.0.101-0.31.1
      kernel-pae-base-3.0.101-0.31.1
      kernel-pae-devel-3.0.101-0.31.1
      xen-kmp-pae-4.2.4_02_3.0.101_0.31-0.7.33

   - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64):

      cluster-network-kmp-default-1.4_3.0.101_0.31-2.27.69
      cluster-network-kmp-trace-1.4_3.0.101_0.31-2.27.69
      gfs2-kmp-default-2_3.0.101_0.31-0.16.75
      gfs2-kmp-trace-2_3.0.101_0.31-0.16.75
      ocfs2-kmp-default-1.6_3.0.101_0.31-0.20.69
      ocfs2-kmp-trace-1.6_3.0.101_0.31-0.20.69

   - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 x86_64):

      cluster-network-kmp-xen-1.4_3.0.101_0.31-2.27.69
      gfs2-kmp-xen-2_3.0.101_0.31-0.16.75
      ocfs2-kmp-xen-1.6_3.0.101_0.31-0.20.69

   - SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64):

      cluster-network-kmp-ppc64-1.4_3.0.101_0.31-2.27.69
      gfs2-kmp-ppc64-2_3.0.101_0.31-0.16.75
      ocfs2-kmp-ppc64-1.6_3.0.101_0.31-0.20.69

   - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586):

      cluster-network-kmp-pae-1.4_3.0.101_0.31-2.27.69
      gfs2-kmp-pae-2_3.0.101_0.31-0.16.75
      ocfs2-kmp-pae-1.6_3.0.101_0.31-0.20.69

   - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.0.101]:

      kernel-default-3.0.101-0.31.1
      kernel-default-base-3.0.101-0.31.1
      kernel-default-devel-3.0.101-0.31.1
      kernel-default-extra-3.0.101-0.31.1
      kernel-source-3.0.101-0.31.1
      kernel-syms-3.0.101-0.31.1
      kernel-trace-devel-3.0.101-0.31.1
      kernel-xen-3.0.101-0.31.1
      kernel-xen-base-3.0.101-0.31.1
      kernel-xen-devel-3.0.101-0.31.1
      kernel-xen-extra-3.0.101-0.31.1
      xen-kmp-default-4.2.4_02_3.0.101_0.31-0.7.33

   - SUSE Linux Enterprise Desktop 11 SP3 (i586) [New Version: 3.0.101]:

      kernel-pae-3.0.101-0.31.1
      kernel-pae-base-3.0.101-0.31.1
      kernel-pae-devel-3.0.101-0.31.1
      kernel-pae-extra-3.0.101-0.31.1
      xen-kmp-pae-4.2.4_02_3.0.101_0.31-0.7.33

   - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):

      kernel-default-extra-3.0.101-0.31.1

   - SLE 11 SERVER Unsupported Extras (i586 x86_64):

      kernel-xen-extra-3.0.101-0.31.1

   - SLE 11 SERVER Unsupported Extras (ppc64):

      kernel-ppc64-extra-3.0.101-0.31.1

   - SLE 11 SERVER Unsupported Extras (i586):

      kernel-pae-extra-3.0.101-0.31.1


References:

   http://support.novell.com/security/cve/CVE-2014-3153.html
   https://bugzilla.novell.com/880892
   http://download.suse.com/patch/finder/?keywords=0cdcfea3b263f03fc7b11c9e27c68106
   http://download.suse.com/patch/finder/?keywords=2394b6ce8b434732566fe3cbf2a956f7
   http://download.suse.com/patch/finder/?keywords=5d5df6a9a600dbe5fe09c19d8dc24b0e
   http://download.suse.com/patch/finder/?keywords=8a869bd2122273831bd282fab2377076
   http://download.suse.com/patch/finder/?keywords=a8f8feb5552e1da3b52f48f677f467cf
   http://download.suse.com/patch/finder/?keywords=a9d9490d68822582cd43af9c0c2aa6d7
   http://download.suse.com/patch/finder/?keywords=c905f5237a7e0ae4f9fdf0c325c0dbb2
   http://download.suse.com/patch/finder/?keywords=f6e7ea94e8ad3ddbdf3d897e2a3ff6b8
   http://download.suse.com/patch/finder/?keywords=fab06fd0fffc9ae59673101aeace943a
   http://download.suse.com/patch/finder/?keywords=fd1bf222c9f9ff4cc32dae8bac451528



More information about the sle-security-updates mailing list