Security update for Linux Kernel Live Patch 1 for SLE 12 SP1 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:2630-1 Final 1 1 2016-10-25T15:35:30Z current 2016-10-25T15:35:30Z 2016-10-25T15:35:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Linux Kernel Live Patch 1 for SLE 12 SP1 This update for the Linux Kernel 3.12.51-60_20 fixes several issues. The following security bugs were fixed: - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004419). - CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 (bsc#1001487). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Live-Patching-12-2016-1547 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20162630-1/ Link for SUSE-SU-2016:2630-1 https://lists.suse.com/pipermail/sle-security-updates/2016-October/002354.html E-Mail link for SUSE-SU-2016:2630-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1001487 SUSE Bug 1001487 https://bugzilla.suse.com/1004419 SUSE Bug 1004419 https://www.suse.com/security/cve/CVE-2016-5195/ SUSE CVE CVE-2016-5195 page https://www.suse.com/security/cve/CVE-2016-8666/ SUSE CVE CVE-2016-8666 page SUSE Linux Enterprise Live Patching 12 kgraft-patch-3_12_51-60_20-default-7-2.1 kgraft-patch-3_12_51-60_20-xen-7-2.1 kgraft-patch-3_12_51-60_20-default-7-2.1 as a component of SUSE Linux Enterprise Live Patching 12 kgraft-patch-3_12_51-60_20-xen-7-2.1 as a component of SUSE Linux Enterprise Live Patching 12 Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." CVE-2016-5195 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-default-7-2.1 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-xen-7-2.1 important 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162630-1/ https://www.suse.com/security/cve/CVE-2016-5195.html CVE-2016-5195 https://bugzilla.suse.com/1004418 SUSE Bug 1004418 https://bugzilla.suse.com/1004419 SUSE Bug 1004419 https://bugzilla.suse.com/1004436 SUSE Bug 1004436 https://bugzilla.suse.com/1006323 SUSE Bug 1006323 https://bugzilla.suse.com/1006695 SUSE Bug 1006695 https://bugzilla.suse.com/1007291 SUSE Bug 1007291 https://bugzilla.suse.com/1008110 SUSE Bug 1008110 https://bugzilla.suse.com/1030118 SUSE Bug 1030118 https://bugzilla.suse.com/1046453 SUSE Bug 1046453 https://bugzilla.suse.com/1069496 SUSE Bug 1069496 https://bugzilla.suse.com/1149725 SUSE Bug 1149725 https://bugzilla.suse.com/870618 SUSE Bug 870618 https://bugzilla.suse.com/986445 SUSE Bug 986445 https://bugzilla.suse.com/998689 SUSE Bug 998689 The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039. CVE-2016-8666 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-default-7-2.1 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-xen-7-2.1 important 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162630-1/ https://www.suse.com/security/cve/CVE-2016-8666.html CVE-2016-8666 https://bugzilla.suse.com/1001486 SUSE Bug 1001486 https://bugzilla.suse.com/1001487 SUSE Bug 1001487 https://bugzilla.suse.com/1003964 SUSE Bug 1003964