SuSE Update For Kernel OpenSUSE-SU-2013:0395-1 (kernel) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

The Linux kernel was updated to 3.4.33 and to fix a local root privilege escalation and various other security and non-security bugs. CVE-2013-1763: A out of bounds access in sock_diag could be used by local attackers to execute code in kernel context and so become root. CVE-2013-0160: The atime of /dev/ptmx is no longer updated, avoiding side channel attacks via user typing speed. CVE-2012-5374: Denial of service via btrfs hashes could have been used by local attackers to cause a compute denial of service. CVE-2013-0216: Fixed a problem in XEN netback: shutdown the ring if it contains garbage. CVE-2013-0231: Fixed a problem in XEN pciback: rate limit error messages from xen_pcibk_enable_msi(x).

Affected

kernel on openSUSE 12.2

References

http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00004.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-5374, CVE-2013-0160, CVE-2013-0216, CVE-2013-0231, CVE-2013-1763

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

SuSE Update for kernel openSUSE-SU-2013:0395-1 (kernel)

Take action and discover your vulnerabilities