Security update for Linux Kernel
SUSE Security Update: Security update for Linux Kernel
The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix a
critical privilege escalation security issue:
* CVE-2014-3153: The futex acquisition code in kernel/futex.c can be
used to gain ring0 access via the futex syscall. This could be used
for privilege escalation by non-root users. (bnc#880892)
Security Issue reference:
* CVE-2014-3153
| Announcement ID: | SUSE-SU-2014:0775-1 |
| Rating: | critical |
| References: | #880892 |
| Affected Products: |
An update that fixes one vulnerability is now available. It includes one version update.
Description:
The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix a
critical privilege escalation security issue:
* CVE-2014-3153: The futex acquisition code in kernel/futex.c can be
used to gain ring0 access via the futex syscall. This could be used
for privilege escalation by non-root users. (bnc#880892)
Security Issue reference:
* CVE-2014-3153
Indications:
Everyone using the Linux Kernel on x86_64 architecture should update.
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-kernel-9328 slessp3-kernel-9329 - SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-kernel-9328 slessp3-kernel-9329 slessp3-kernel-9330 slessp3-kernel-9331 slessp3-kernel-9346 - SUSE Linux Enterprise High Availability Extension 11 SP3:
zypper in -t patch slehasp3-kernel-9328 slehasp3-kernel-9329 slehasp3-kernel-9330 slehasp3-kernel-9331 slehasp3-kernel-9346 - SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-kernel-9328 sledsp3-kernel-9329
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 3.0.101]:
- kernel-default-3.0.101-0.31.1
- kernel-default-base-3.0.101-0.31.1
- kernel-default-devel-3.0.101-0.31.1
- kernel-source-3.0.101-0.31.1
- kernel-syms-3.0.101-0.31.1
- kernel-trace-3.0.101-0.31.1
- kernel-trace-base-3.0.101-0.31.1
- kernel-trace-devel-3.0.101-0.31.1
- kernel-xen-devel-3.0.101-0.31.1
- SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version: 3.0.101]:
- kernel-pae-3.0.101-0.31.1
- kernel-pae-base-3.0.101-0.31.1
- kernel-pae-devel-3.0.101-0.31.1
- SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.101]:
- kernel-default-3.0.101-0.31.1
- kernel-default-base-3.0.101-0.31.1
- kernel-default-devel-3.0.101-0.31.1
- kernel-source-3.0.101-0.31.1
- kernel-syms-3.0.101-0.31.1
- kernel-trace-3.0.101-0.31.1
- kernel-trace-base-3.0.101-0.31.1
- kernel-trace-devel-3.0.101-0.31.1
- SUSE Linux Enterprise Server 11 SP3 (i586 x86_64) [New Version: 3.0.101]:
- kernel-ec2-3.0.101-0.31.1
- kernel-ec2-base-3.0.101-0.31.1
- kernel-ec2-devel-3.0.101-0.31.1
- kernel-xen-3.0.101-0.31.1
- kernel-xen-base-3.0.101-0.31.1
- kernel-xen-devel-3.0.101-0.31.1
- xen-kmp-default-4.2.4_02_3.0.101_0.31-0.7.33
- SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 3.0.101]:
- kernel-default-man-3.0.101-0.31.1
- SUSE Linux Enterprise Server 11 SP3 (ppc64) [New Version: 3.0.101]:
- kernel-ppc64-3.0.101-0.31.1
- kernel-ppc64-base-3.0.101-0.31.1
- kernel-ppc64-devel-3.0.101-0.31.1
- SUSE Linux Enterprise Server 11 SP3 (i586) [New Version: 3.0.101]:
- kernel-pae-3.0.101-0.31.1
- kernel-pae-base-3.0.101-0.31.1
- kernel-pae-devel-3.0.101-0.31.1
- xen-kmp-pae-4.2.4_02_3.0.101_0.31-0.7.33
- SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64):
- cluster-network-kmp-default-1.4_3.0.101_0.31-2.27.69
- cluster-network-kmp-trace-1.4_3.0.101_0.31-2.27.69
- gfs2-kmp-default-2_3.0.101_0.31-0.16.75
- gfs2-kmp-trace-2_3.0.101_0.31-0.16.75
- ocfs2-kmp-default-1.6_3.0.101_0.31-0.20.69
- ocfs2-kmp-trace-1.6_3.0.101_0.31-0.20.69
- SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 x86_64):
- cluster-network-kmp-xen-1.4_3.0.101_0.31-2.27.69
- gfs2-kmp-xen-2_3.0.101_0.31-0.16.75
- ocfs2-kmp-xen-1.6_3.0.101_0.31-0.20.69
- SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64):
- cluster-network-kmp-ppc64-1.4_3.0.101_0.31-2.27.69
- gfs2-kmp-ppc64-2_3.0.101_0.31-0.16.75
- ocfs2-kmp-ppc64-1.6_3.0.101_0.31-0.20.69
- SUSE Linux Enterprise High Availability Extension 11 SP3 (i586):
- cluster-network-kmp-pae-1.4_3.0.101_0.31-2.27.69
- gfs2-kmp-pae-2_3.0.101_0.31-0.16.75
- ocfs2-kmp-pae-1.6_3.0.101_0.31-0.20.69
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.0.101]:
- kernel-default-3.0.101-0.31.1
- kernel-default-base-3.0.101-0.31.1
- kernel-default-devel-3.0.101-0.31.1
- kernel-default-extra-3.0.101-0.31.1
- kernel-source-3.0.101-0.31.1
- kernel-syms-3.0.101-0.31.1
- kernel-trace-devel-3.0.101-0.31.1
- kernel-xen-3.0.101-0.31.1
- kernel-xen-base-3.0.101-0.31.1
- kernel-xen-devel-3.0.101-0.31.1
- kernel-xen-extra-3.0.101-0.31.1
- xen-kmp-default-4.2.4_02_3.0.101_0.31-0.7.33
- SUSE Linux Enterprise Desktop 11 SP3 (i586) [New Version: 3.0.101]:
- kernel-pae-3.0.101-0.31.1
- kernel-pae-base-3.0.101-0.31.1
- kernel-pae-devel-3.0.101-0.31.1
- kernel-pae-extra-3.0.101-0.31.1
- xen-kmp-pae-4.2.4_02_3.0.101_0.31-0.7.33
- SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64):
- kernel-default-extra-3.0.101-0.31.1
- SLE 11 SERVER Unsupported Extras (i586 x86_64):
- kernel-xen-extra-3.0.101-0.31.1
- SLE 11 SERVER Unsupported Extras (ppc64):
- kernel-ppc64-extra-3.0.101-0.31.1
- SLE 11 SERVER Unsupported Extras (i586):
- kernel-pae-extra-3.0.101-0.31.1
References:
- http://support.novell.com/security/cve/CVE-2014-3153.html
- https://bugzilla.novell.com/880892
- http://download.suse.com/patch/finder/?keywords=0cdcfea3b263f03fc7b11c9e27c68106
- http://download.suse.com/patch/finder/?keywords=2394b6ce8b434732566fe3cbf2a956f7
- http://download.suse.com/patch/finder/?keywords=5d5df6a9a600dbe5fe09c19d8dc24b0e
- http://download.suse.com/patch/finder/?keywords=8a869bd2122273831bd282fab2377076
- http://download.suse.com/patch/finder/?keywords=a8f8feb5552e1da3b52f48f677f467cf
- http://download.suse.com/patch/finder/?keywords=a9d9490d68822582cd43af9c0c2aa6d7
- http://download.suse.com/patch/finder/?keywords=c905f5237a7e0ae4f9fdf0c325c0dbb2
- http://download.suse.com/patch/finder/?keywords=f6e7ea94e8ad3ddbdf3d897e2a3ff6b8
- http://download.suse.com/patch/finder/?keywords=fab06fd0fffc9ae59673101aeace943a
- http://download.suse.com/patch/finder/?keywords=fd1bf222c9f9ff4cc32dae8bac451528