Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:2074-1 Final 1 1 2016-08-15T10:48:57Z current 2016-08-15T10:48:57Z 2016-08-15T10:48:57Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 11 SP2 kernel was updated to receive various security and bug fixes. The following security bugs were fixed: - CVE-2016-4486: Fixed 4 byte information leak in net/core/rtnetlink.c (bsc#978822). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126). - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948). - CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956). - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911). - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970). - CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892). - CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958). - CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124). - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360). - CVE-2016-2184: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971125). - CVE-2016-3139: The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970909). - CVE-2016-2143: The fork implementation in the Linux kernel on s390 platforms mishandled the case of four page-table levels, which allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h (bnc#970504). - CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bnc#968010). - CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint (bnc#961512). - CVE-2016-2549: sound/core/hrtimer.c in the Linux kernel did not prevent recursive callback access, which allowed local users to cause a denial of service (deadlock) via a crafted ioctl call (bnc#968013). - CVE-2016-2547: sound/core/timer.c in the Linux kernel employed a locking approach that did not consider slave timer instances, which allowed local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call (bnc#968011). - CVE-2016-2548: sound/core/timer.c in the Linux kernel retained certain linked lists after a close or stop action, which allowed local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions (bnc#968012). - CVE-2016-2546: sound/core/timer.c in the Linux kernel used an incorrect type of mutex, which allowed local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call (bnc#967975). - CVE-2016-2545: The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel did not properly maintain a certain linked list, which allowed local users to cause a denial of service (race condition and system crash) via a crafted ioctl call (bnc#967974). - CVE-2016-2544: Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time (bnc#967973). - CVE-2016-2543: The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel did not verify FIFO assignment before proceeding with FIFO clearing, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call (bnc#967972). - CVE-2016-2384: Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor (bnc#966693). - CVE-2015-8812: drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel did not properly identify error conditions, which allowed remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets (bnc#966437). - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765). - CVE-2016-2069: Race condition in arch/x86/mm/tlb.c in the Linux kernel .4.1 allowed local users to gain privileges by triggering access to a paging structure by a different CPU (bnc#963767). - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509). - CVE-2015-7515: The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints (bnc#956708). - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272 (bnc#955354). - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959399). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463). - CVE-2015-7509: fs/ext4/namei.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015 (bnc#956709). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527). - CVE-2015-7990: Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#952384). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#945825). - CVE-2015-6252: The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation (bnc#942367). - CVE-2015-3339: Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel allowed local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped (bnc#928130). The following non-security bugs were fixed: - Fix handling of re-write-before-commit for mmapped NFS pages (bsc#964201). - Fix lpfc_send_rscn_event allocation size claims bnc#935757 - Fix ntpd clock synchronization in Xen PV domains (bnc#816446). - Fix vmalloc_fault oops during lazy MMU updates (bsc#948562). - Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309). - SCSI: bfa: Fix to handle firmware tskim abort request response (bsc#972510). - USB: usbip: fix potential out-of-bounds write (bnc#975945). - af_unix: Guard against other == sk in unix_dgram_sendmsg (bsc#973570). - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826). - mm/hugetlb: check for pte NULL pointer in __page_check_address() (bsc#977847). - nf_conntrack: fix bsc#758540 kabi fix (bsc#946117). - privcmd: allow preempting long running user-mode originating hypercalls (bnc#861093). - s390/cio: collect format 1 channel-path description data (bsc#966460, bsc#966662). - s390/cio: ensure consistent measurement state (bsc#966460, bsc#966662). - s390/cio: fix measurement characteristics memleak (bsc#966460, bsc#966662). - s390/cio: update measurement characteristics (bsc#966460, bsc#966662). - xfs: Fix lost direct IO write in the last block (bsc#949744). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). slessp2-kernel-source-12693 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ Link for SUSE-SU-2016:2074-1 https://lists.suse.com/pipermail/sle-security-updates/2016-August/002207.html E-Mail link for SUSE-SU-2016:2074-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/816446 SUSE Bug 816446 https://bugzilla.suse.com/861093 SUSE Bug 861093 https://bugzilla.suse.com/928130 SUSE Bug 928130 https://bugzilla.suse.com/935757 SUSE Bug 935757 https://bugzilla.suse.com/939826 SUSE Bug 939826 https://bugzilla.suse.com/942367 SUSE Bug 942367 https://bugzilla.suse.com/945825 SUSE Bug 945825 https://bugzilla.suse.com/946117 SUSE Bug 946117 https://bugzilla.suse.com/946309 SUSE Bug 946309 https://bugzilla.suse.com/948562 SUSE Bug 948562 https://bugzilla.suse.com/949744 SUSE Bug 949744 https://bugzilla.suse.com/949936 SUSE Bug 949936 https://bugzilla.suse.com/951440 SUSE Bug 951440 https://bugzilla.suse.com/952384 SUSE Bug 952384 https://bugzilla.suse.com/953527 SUSE Bug 953527 https://bugzilla.suse.com/954404 SUSE Bug 954404 https://bugzilla.suse.com/955354 SUSE Bug 955354 https://bugzilla.suse.com/955654 SUSE Bug 955654 https://bugzilla.suse.com/956708 SUSE Bug 956708 https://bugzilla.suse.com/956709 SUSE Bug 956709 https://bugzilla.suse.com/958463 SUSE Bug 958463 https://bugzilla.suse.com/958886 SUSE Bug 958886 https://bugzilla.suse.com/958951 SUSE Bug 958951 https://bugzilla.suse.com/959190 SUSE Bug 959190 https://bugzilla.suse.com/959399 SUSE Bug 959399 https://bugzilla.suse.com/961500 SUSE Bug 961500 https://bugzilla.suse.com/961509 SUSE Bug 961509 https://bugzilla.suse.com/961512 SUSE Bug 961512 https://bugzilla.suse.com/963765 SUSE Bug 963765 https://bugzilla.suse.com/963767 SUSE Bug 963767 https://bugzilla.suse.com/964201 SUSE Bug 964201 https://bugzilla.suse.com/966437 SUSE Bug 966437 https://bugzilla.suse.com/966460 SUSE Bug 966460 https://bugzilla.suse.com/966662 SUSE Bug 966662 https://bugzilla.suse.com/966693 SUSE Bug 966693 https://bugzilla.suse.com/967972 SUSE Bug 967972 https://bugzilla.suse.com/967973 SUSE Bug 967973 https://bugzilla.suse.com/967974 SUSE Bug 967974 https://bugzilla.suse.com/967975 SUSE Bug 967975 https://bugzilla.suse.com/968010 SUSE Bug 968010 https://bugzilla.suse.com/968011 SUSE Bug 968011 https://bugzilla.suse.com/968012 SUSE Bug 968012 https://bugzilla.suse.com/968013 SUSE Bug 968013 https://bugzilla.suse.com/968670 SUSE Bug 968670 https://bugzilla.suse.com/970504 SUSE Bug 970504 https://bugzilla.suse.com/970892 SUSE Bug 970892 https://bugzilla.suse.com/970909 SUSE Bug 970909 https://bugzilla.suse.com/970911 SUSE Bug 970911 https://bugzilla.suse.com/970948 SUSE Bug 970948 https://bugzilla.suse.com/970956 SUSE Bug 970956 https://bugzilla.suse.com/970958 SUSE Bug 970958 https://bugzilla.suse.com/970970 SUSE Bug 970970 https://bugzilla.suse.com/971124 SUSE Bug 971124 https://bugzilla.suse.com/971125 SUSE Bug 971125 https://bugzilla.suse.com/971126 SUSE Bug 971126 https://bugzilla.suse.com/971360 SUSE Bug 971360 https://bugzilla.suse.com/972510 SUSE Bug 972510 https://bugzilla.suse.com/973570 SUSE Bug 973570 https://bugzilla.suse.com/975945 SUSE Bug 975945 https://bugzilla.suse.com/977847 SUSE Bug 977847 https://bugzilla.suse.com/978822 SUSE Bug 978822 https://www.suse.com/security/cve/CVE-2013-2015/ SUSE CVE CVE-2013-2015 page https://www.suse.com/security/cve/CVE-2013-7446/ SUSE CVE CVE-2013-7446 page https://www.suse.com/security/cve/CVE-2015-0272/ SUSE CVE CVE-2015-0272 page https://www.suse.com/security/cve/CVE-2015-3339/ SUSE CVE CVE-2015-3339 page https://www.suse.com/security/cve/CVE-2015-5307/ SUSE CVE CVE-2015-5307 page https://www.suse.com/security/cve/CVE-2015-6252/ SUSE CVE CVE-2015-6252 page https://www.suse.com/security/cve/CVE-2015-6937/ SUSE CVE CVE-2015-6937 page https://www.suse.com/security/cve/CVE-2015-7509/ SUSE CVE CVE-2015-7509 page https://www.suse.com/security/cve/CVE-2015-7515/ SUSE CVE CVE-2015-7515 page https://www.suse.com/security/cve/CVE-2015-7550/ SUSE CVE CVE-2015-7550 page https://www.suse.com/security/cve/CVE-2015-7566/ SUSE CVE CVE-2015-7566 page https://www.suse.com/security/cve/CVE-2015-7799/ SUSE CVE CVE-2015-7799 page https://www.suse.com/security/cve/CVE-2015-7872/ SUSE CVE CVE-2015-7872 page https://www.suse.com/security/cve/CVE-2015-7990/ SUSE CVE CVE-2015-7990 page https://www.suse.com/security/cve/CVE-2015-8104/ SUSE CVE CVE-2015-8104 page https://www.suse.com/security/cve/CVE-2015-8215/ SUSE CVE CVE-2015-8215 page https://www.suse.com/security/cve/CVE-2015-8539/ SUSE CVE CVE-2015-8539 page https://www.suse.com/security/cve/CVE-2015-8543/ SUSE CVE CVE-2015-8543 page https://www.suse.com/security/cve/CVE-2015-8569/ SUSE CVE CVE-2015-8569 page https://www.suse.com/security/cve/CVE-2015-8575/ SUSE CVE CVE-2015-8575 page https://www.suse.com/security/cve/CVE-2015-8767/ SUSE CVE CVE-2015-8767 page https://www.suse.com/security/cve/CVE-2015-8785/ SUSE CVE CVE-2015-8785 page https://www.suse.com/security/cve/CVE-2015-8812/ SUSE CVE CVE-2015-8812 page https://www.suse.com/security/cve/CVE-2015-8816/ SUSE CVE CVE-2015-8816 page https://www.suse.com/security/cve/CVE-2016-0723/ SUSE CVE CVE-2016-0723 page https://www.suse.com/security/cve/CVE-2016-2069/ SUSE CVE CVE-2016-2069 page https://www.suse.com/security/cve/CVE-2016-2143/ SUSE CVE CVE-2016-2143 page https://www.suse.com/security/cve/CVE-2016-2184/ SUSE CVE CVE-2016-2184 page https://www.suse.com/security/cve/CVE-2016-2185/ SUSE CVE CVE-2016-2185 page https://www.suse.com/security/cve/CVE-2016-2186/ SUSE CVE CVE-2016-2186 page https://www.suse.com/security/cve/CVE-2016-2188/ SUSE CVE CVE-2016-2188 page https://www.suse.com/security/cve/CVE-2016-2384/ SUSE CVE CVE-2016-2384 page https://www.suse.com/security/cve/CVE-2016-2543/ SUSE CVE CVE-2016-2543 page https://www.suse.com/security/cve/CVE-2016-2544/ SUSE CVE CVE-2016-2544 page https://www.suse.com/security/cve/CVE-2016-2545/ SUSE CVE CVE-2016-2545 page https://www.suse.com/security/cve/CVE-2016-2546/ SUSE CVE CVE-2016-2546 page https://www.suse.com/security/cve/CVE-2016-2547/ SUSE CVE CVE-2016-2547 page https://www.suse.com/security/cve/CVE-2016-2548/ SUSE CVE CVE-2016-2548 page https://www.suse.com/security/cve/CVE-2016-2549/ SUSE CVE CVE-2016-2549 page https://www.suse.com/security/cve/CVE-2016-2782/ SUSE CVE CVE-2016-2782 page https://www.suse.com/security/cve/CVE-2016-2847/ SUSE CVE CVE-2016-2847 page https://www.suse.com/security/cve/CVE-2016-3134/ SUSE CVE CVE-2016-3134 page https://www.suse.com/security/cve/CVE-2016-3137/ SUSE CVE CVE-2016-3137 page https://www.suse.com/security/cve/CVE-2016-3138/ SUSE CVE CVE-2016-3138 page https://www.suse.com/security/cve/CVE-2016-3139/ SUSE CVE CVE-2016-3139 page https://www.suse.com/security/cve/CVE-2016-3140/ SUSE CVE CVE-2016-3140 page https://www.suse.com/security/cve/CVE-2016-3156/ SUSE CVE CVE-2016-3156 page https://www.suse.com/security/cve/CVE-2016-4486/ SUSE CVE CVE-2016-4486 page SUSE Linux Enterprise Server 11 SP2-LTSS kernel-default-3.0.101-0.7.40.1 kernel-default-base-3.0.101-0.7.40.1 kernel-default-devel-3.0.101-0.7.40.1 kernel-default-man-3.0.101-0.7.40.1 kernel-ec2-3.0.101-0.7.40.1 kernel-ec2-base-3.0.101-0.7.40.1 kernel-ec2-devel-3.0.101-0.7.40.1 kernel-pae-3.0.101-0.7.40.1 kernel-pae-base-3.0.101-0.7.40.1 kernel-pae-devel-3.0.101-0.7.40.1 kernel-source-3.0.101-0.7.40.1 kernel-syms-3.0.101-0.7.40.1 kernel-trace-3.0.101-0.7.40.1 kernel-trace-base-3.0.101-0.7.40.1 kernel-trace-devel-3.0.101-0.7.40.1 kernel-xen-3.0.101-0.7.40.1 kernel-xen-base-3.0.101-0.7.40.1 kernel-xen-devel-3.0.101-0.7.40.1 kernel-default-3.0.101-0.7.40.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-default-base-3.0.101-0.7.40.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-default-devel-3.0.101-0.7.40.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-default-man-3.0.101-0.7.40.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-ec2-3.0.101-0.7.40.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-ec2-base-3.0.101-0.7.40.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-ec2-devel-3.0.101-0.7.40.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-pae-3.0.101-0.7.40.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-pae-base-3.0.101-0.7.40.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-pae-devel-3.0.101-0.7.40.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-source-3.0.101-0.7.40.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-syms-3.0.101-0.7.40.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-trace-3.0.101-0.7.40.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-trace-base-3.0.101-0.7.40.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-trace-devel-3.0.101-0.7.40.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-xen-3.0.101-0.7.40.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-xen-base-3.0.101-0.7.40.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-xen-devel-3.0.101-0.7.40.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test. CVE-2013-2015 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 low 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2013-2015.html CVE-2013-2015 https://bugzilla.suse.com/817377 SUSE Bug 817377 Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. CVE-2013-7446 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P 5.4 AV:L/AC:M/Au:N/C:N/I:P/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2013-7446.html CVE-2013-7446 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/955654 SUSE Bug 955654 https://bugzilla.suse.com/955837 SUSE Bug 955837 GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215. CVE-2015-0272 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2015-0272.html CVE-2015-0272 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/944296 SUSE Bug 944296 https://bugzilla.suse.com/951638 SUSE Bug 951638 https://bugzilla.suse.com/955354 SUSE Bug 955354 Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. CVE-2015-3339 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2015-3339.html CVE-2015-3339 https://bugzilla.suse.com/903967 SUSE Bug 903967 https://bugzilla.suse.com/928130 SUSE Bug 928130 https://bugzilla.suse.com/939263 SUSE Bug 939263 The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. CVE-2015-5307 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2015-5307.html CVE-2015-5307 https://bugzilla.suse.com/953527 SUSE Bug 953527 https://bugzilla.suse.com/954018 SUSE Bug 954018 https://bugzilla.suse.com/954404 SUSE Bug 954404 https://bugzilla.suse.com/954405 SUSE Bug 954405 https://bugzilla.suse.com/962977 SUSE Bug 962977 The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation. CVE-2015-6252 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2015-6252.html CVE-2015-6252 https://bugzilla.suse.com/942367 SUSE Bug 942367 The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. CVE-2015-6937 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 low 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2015-6937.html CVE-2015-6937 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 https://bugzilla.suse.com/923755 SUSE Bug 923755 https://bugzilla.suse.com/945825 SUSE Bug 945825 https://bugzilla.suse.com/952384 SUSE Bug 952384 https://bugzilla.suse.com/953052 SUSE Bug 953052 https://bugzilla.suse.com/963994 SUSE Bug 963994 fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015. CVE-2015-7509 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2015-7509.html CVE-2015-7509 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/956707 SUSE Bug 956707 https://bugzilla.suse.com/956709 SUSE Bug 956709 https://bugzilla.suse.com/956766 SUSE Bug 956766 The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints. CVE-2015-7515 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2015-7515.html CVE-2015-7515 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/956708 SUSE Bug 956708 The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls. CVE-2015-7550 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 4.6 AV:L/AC:L/Au:S/C:N/I:N/A:C 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2015-7550.html CVE-2015-7550 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/1052256 SUSE Bug 1052256 https://bugzilla.suse.com/958951 SUSE Bug 958951 The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. CVE-2015-7566 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 low 4 AV:L/AC:H/Au:N/C:N/I:N/A:C 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2015-7566.html CVE-2015-7566 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/961512 SUSE Bug 961512 The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call. CVE-2015-7799 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 low 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2015-7799.html CVE-2015-7799 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/1052256 SUSE Bug 1052256 https://bugzilla.suse.com/949936 SUSE Bug 949936 https://bugzilla.suse.com/951638 SUSE Bug 951638 The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands. CVE-2015-7872 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2015-7872.html CVE-2015-7872 https://bugzilla.suse.com/951440 SUSE Bug 951440 https://bugzilla.suse.com/951542 SUSE Bug 951542 https://bugzilla.suse.com/951638 SUSE Bug 951638 https://bugzilla.suse.com/958463 SUSE Bug 958463 https://bugzilla.suse.com/958601 SUSE Bug 958601 Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937. CVE-2015-7990 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 low 5.9 AV:L/AC:M/Au:N/C:P/I:P/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2015-7990.html CVE-2015-7990 https://bugzilla.suse.com/945825 SUSE Bug 945825 https://bugzilla.suse.com/952384 SUSE Bug 952384 https://bugzilla.suse.com/953052 SUSE Bug 953052 The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. CVE-2015-8104 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 critical 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2015-8104.html CVE-2015-8104 https://bugzilla.suse.com/1215748 SUSE Bug 1215748 https://bugzilla.suse.com/953527 SUSE Bug 953527 https://bugzilla.suse.com/954018 SUSE Bug 954018 https://bugzilla.suse.com/954404 SUSE Bug 954404 https://bugzilla.suse.com/954405 SUSE Bug 954405 https://bugzilla.suse.com/962977 SUSE Bug 962977 net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product. CVE-2015-8215 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2015-8215.html CVE-2015-8215 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/1052256 SUSE Bug 1052256 https://bugzilla.suse.com/944296 SUSE Bug 944296 https://bugzilla.suse.com/951638 SUSE Bug 951638 https://bugzilla.suse.com/955354 SUSE Bug 955354 The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c. CVE-2015-8539 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2015-8539.html CVE-2015-8539 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 https://bugzilla.suse.com/781018 SUSE Bug 781018 https://bugzilla.suse.com/958463 SUSE Bug 958463 https://bugzilla.suse.com/958601 SUSE Bug 958601 The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application. CVE-2015-8543 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 1.7 AV:L/AC:L/Au:S/C:N/I:N/A:P 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2015-8543.html CVE-2015-8543 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/1052256 SUSE Bug 1052256 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 https://bugzilla.suse.com/923755 SUSE Bug 923755 https://bugzilla.suse.com/958886 SUSE Bug 958886 https://bugzilla.suse.com/963994 SUSE Bug 963994 https://bugzilla.suse.com/969522 SUSE Bug 969522 The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. CVE-2015-8569 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 1.7 AV:L/AC:L/Au:S/C:P/I:N/A:N 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2015-8569.html CVE-2015-8569 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/923755 SUSE Bug 923755 https://bugzilla.suse.com/959190 SUSE Bug 959190 https://bugzilla.suse.com/959399 SUSE Bug 959399 https://bugzilla.suse.com/963994 SUSE Bug 963994 The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. CVE-2015-8575 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 1.5 AV:L/AC:M/Au:S/C:P/I:N/A:N 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2015-8575.html CVE-2015-8575 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/959190 SUSE Bug 959190 https://bugzilla.suse.com/959399 SUSE Bug 959399 net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. CVE-2015-8767 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 low 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2015-8767.html CVE-2015-8767 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 https://bugzilla.suse.com/961509 SUSE Bug 961509 The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. CVE-2015-8785 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 low 1.7 AV:L/AC:L/Au:S/C:N/I:N/A:P 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2015-8785.html CVE-2015-8785 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/963765 SUSE Bug 963765 drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets. CVE-2015-8812 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2015-8812.html CVE-2015-8812 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 https://bugzilla.suse.com/966437 SUSE Bug 966437 https://bugzilla.suse.com/966683 SUSE Bug 966683 The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device. CVE-2015-8816 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2015-8816.html CVE-2015-8816 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/968010 SUSE Bug 968010 https://bugzilla.suse.com/979064 SUSE Bug 979064 Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. CVE-2016-0723 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 4.4 AV:L/AC:M/Au:S/C:N/I:N/A:C 5.6 AV:L/AC:L/Au:N/C:P/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2016-0723.html CVE-2016-0723 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/961500 SUSE Bug 961500 Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU. CVE-2016-2069 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 low 3.5 AV:L/AC:H/Au:S/C:P/I:P/A:P 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2016-2069.html CVE-2016-2069 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 https://bugzilla.suse.com/870618 SUSE Bug 870618 https://bugzilla.suse.com/963767 SUSE Bug 963767 The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h. CVE-2016-2143 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2016-2143.html CVE-2016-2143 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 https://bugzilla.suse.com/970504 SUSE Bug 970504 https://bugzilla.suse.com/993872 SUSE Bug 993872 The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor. CVE-2016-2184 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 low 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2016-2184.html CVE-2016-2184 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/971125 SUSE Bug 971125 The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. CVE-2016-2185 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 low 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2016-2185.html CVE-2016-2185 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/971124 SUSE Bug 971124 The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. CVE-2016-2186 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2016-2186.html CVE-2016-2186 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/970958 SUSE Bug 970958 The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. CVE-2016-2188 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2016-2188.html CVE-2016-2188 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/1067912 SUSE Bug 1067912 https://bugzilla.suse.com/1132190 SUSE Bug 1132190 https://bugzilla.suse.com/970956 SUSE Bug 970956 Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor. CVE-2016-2384 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2016-2384.html CVE-2016-2384 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/966693 SUSE Bug 966693 https://bugzilla.suse.com/967773 SUSE Bug 967773 The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call. CVE-2016-2543 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2016-2543.html CVE-2016-2543 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/967972 SUSE Bug 967972 Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time. CVE-2016-2544 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2016-2544.html CVE-2016-2544 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/967973 SUSE Bug 967973 The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call. CVE-2016-2545 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2016-2545.html CVE-2016-2545 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/967974 SUSE Bug 967974 sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call. CVE-2016-2546 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2016-2546.html CVE-2016-2546 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/967975 SUSE Bug 967975 sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call. CVE-2016-2547 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2016-2547.html CVE-2016-2547 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/968011 SUSE Bug 968011 sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions. CVE-2016-2548 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2016-2548.html CVE-2016-2548 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/968012 SUSE Bug 968012 sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call. CVE-2016-2549 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2016-2549.html CVE-2016-2549 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/968013 SUSE Bug 968013 The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint. CVE-2016-2782 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2016-2782.html CVE-2016-2782 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/961512 SUSE Bug 961512 https://bugzilla.suse.com/968670 SUSE Bug 968670 fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes. CVE-2016-2847 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 4.6 AV:L/AC:L/Au:S/C:N/I:N/A:C 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2016-2847.html CVE-2016-2847 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/970948 SUSE Bug 970948 https://bugzilla.suse.com/974646 SUSE Bug 974646 The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call. CVE-2016-3134 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2016-3134.html CVE-2016-3134 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/1052256 SUSE Bug 1052256 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 https://bugzilla.suse.com/971126 SUSE Bug 971126 https://bugzilla.suse.com/971793 SUSE Bug 971793 https://bugzilla.suse.com/986362 SUSE Bug 986362 https://bugzilla.suse.com/986365 SUSE Bug 986365 https://bugzilla.suse.com/986377 SUSE Bug 986377 drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions. CVE-2016-3137 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 low 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2016-3137.html CVE-2016-3137 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/970970 SUSE Bug 970970 The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor. CVE-2016-3138 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2016-3138.html CVE-2016-3138 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/970911 SUSE Bug 970911 https://bugzilla.suse.com/970970 SUSE Bug 970970 The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. CVE-2016-3139 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2016-3139.html CVE-2016-3139 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/970909 SUSE Bug 970909 The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. CVE-2016-3140 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2016-3140.html CVE-2016-3140 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/970892 SUSE Bug 970892 The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses. CVE-2016-3156 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 low 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2016-3156.html CVE-2016-3156 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/971360 SUSE Bug 971360 The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. CVE-2016-4486 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.40.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.40.1 low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/ https://www.suse.com/security/cve/CVE-2016-4486.html CVE-2016-4486 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/978822 SUSE Bug 978822