| Description: | Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.
Vulnerability Insight:
The openSUSE Leap 42.1 kernel was updated to 4.1.34, fixing bugs and
security issues.
The following security bugs were fixed:
- CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed,
which is reportedly exploited in the wild (bsc#1004418).
- CVE-2016-8658: Stack-based buffer overflow in the
brcmf_cfg80211_start_ap function in
drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux
kernel allowed local users to cause a denial of service (system crash)
or possibly have unspecified other impact via a long SSID Information
Element in a command to a Netlink socket (bnc#1004462).
- CVE-2016-7039: The IP stack in the Linux kernel allowed remote attackers
to cause a denial of service (stack consumption and panic) or possibly
have unspecified other impact by triggering use of the GRO path for
large crafted packets, as demonstrated by packets that contain only VLAN
headers, a related issue to CVE-2016-8666 (bnc#1001486).
- CVE-2016-7425: The arcmsr_iop_message_xfer function in
drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a
certain length field, which allowed local users to gain privileges
or cause a denial of service (heap-based buffer overflow) via an
ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).
The following non-security bugs were fixed:
- 9p: use file_dentry() (bsc#1005101).
- af_unix: Do not set err in unix_stream_read_generic unless there was an
error (bsc#1005101).
- alsa: hda - Fix superfluous HDMI jack repoll (bsc#1005101).
- alsa: hda - Turn off loopback mixing as default (bsc#1001462).
- apparmor: add missing id bounds check on dfa verification (bsc#1000304).
- apparmor: check that xindex is in trans_table bounds (bsc#1000304).
- apparmor: do not check for vmalloc_addr if kvzalloc() failed
(bsc#1000304).
- apparmor: do not expose kernel stack (bsc#1000304).
- apparmor: ensure the target profile name is always audited (bsc#1000304).
- apparmor: exec should not be returning ENOENT when it denies
(bsc#1000304).
- apparmor: fix audit full profile hname on successful load (bsc#1000304).
- apparmor: fix change_hat not finding hat after policy replacement
(bsc#1000287).
- apparmor: fix disconnected bind mnts reconnection (bsc#1000304).
- apparmor: fix log failures for all profiles in a set (bsc#1000304).
- apparmor: fix module parameters can be changed after policy is locked
(bsc#1000304).
- apparmor: fix oops in profile_unpack() when policy_db is not present
(bsc#1000304).
- apparmor: fix put() parent ref after updating the active re ...
Description truncated, please see the referenced URL(s) for more information.
Affected Software/OS:
Kernel on openSUSE Leap 42.1
Solution:
Please install the updated package(s).
CVSS Score:
7.8
CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
