Security update for Linux Kernel Live Patch 3 for SLE 12 SP1 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2017:0233-1 Final 1 1 2017-01-20T12:32:06Z current 2017-01-20T12:32:06Z 2017-01-20T12:32:06Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Linux Kernel Live Patch 3 for SLE 12 SP1 This update for the Linux Kernel 3.12.53-60_30 fixes several issues. The following security bugs were fixed: - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589). - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Live-Patching-12-2017-117 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2017/suse-su-20170233-1/ Link for SUSE-SU-2017:0233-1 https://lists.suse.com/pipermail/sle-security-updates/2017-January/002578.html E-Mail link for SUSE-SU-2017:0233-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1012852 SUSE Bug 1012852 https://bugzilla.suse.com/1013543 SUSE Bug 1013543 https://bugzilla.suse.com/1013604 SUSE Bug 1013604 https://bugzilla.suse.com/1014271 SUSE Bug 1014271 https://bugzilla.suse.com/1017589 SUSE Bug 1017589 https://www.suse.com/security/cve/CVE-2016-8632/ SUSE CVE CVE-2016-8632 page https://www.suse.com/security/cve/CVE-2016-9576/ SUSE CVE CVE-2016-9576 page https://www.suse.com/security/cve/CVE-2016-9794/ SUSE CVE CVE-2016-9794 page https://www.suse.com/security/cve/CVE-2016-9806/ SUSE CVE CVE-2016-9806 page SUSE Linux Enterprise Live Patching 12 kgraft-patch-3_12_53-60_30-default-7-2.1 kgraft-patch-3_12_53-60_30-xen-7-2.1 kgraft-patch-3_12_53-60_30-default-7-2.1 as a component of SUSE Linux Enterprise Live Patching 12 kgraft-patch-3_12_53-60_30-xen-7-2.1 as a component of SUSE Linux Enterprise Live Patching 12 The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability. CVE-2016-8632 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_53-60_30-default-7-2.1 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_53-60_30-xen-7-2.1 moderate 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170233-1/ https://www.suse.com/security/cve/CVE-2016-8632.html CVE-2016-8632 https://bugzilla.suse.com/1008831 SUSE Bug 1008831 https://bugzilla.suse.com/1012852 SUSE Bug 1012852 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device. CVE-2016-9576 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_53-60_30-default-7-2.1 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_53-60_30-xen-7-2.1 important 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170233-1/ https://www.suse.com/security/cve/CVE-2016-9576.html CVE-2016-9576 https://bugzilla.suse.com/1013604 SUSE Bug 1013604 https://bugzilla.suse.com/1014271 SUSE Bug 1014271 https://bugzilla.suse.com/1017710 SUSE Bug 1017710 https://bugzilla.suse.com/1019079 SUSE Bug 1019079 https://bugzilla.suse.com/1019668 SUSE Bug 1019668 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command. CVE-2016-9794 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_53-60_30-default-7-2.1 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_53-60_30-xen-7-2.1 important 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170233-1/ https://www.suse.com/security/cve/CVE-2016-9794.html CVE-2016-9794 https://bugzilla.suse.com/1013533 SUSE Bug 1013533 https://bugzilla.suse.com/1013543 SUSE Bug 1013543 https://bugzilla.suse.com/1013604 SUSE Bug 1013604 Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated. CVE-2016-9806 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_53-60_30-default-7-2.1 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_53-60_30-xen-7-2.1 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170233-1/ https://www.suse.com/security/cve/CVE-2016-9806.html CVE-2016-9806 https://bugzilla.suse.com/1013540 SUSE Bug 1013540 https://bugzilla.suse.com/1017589 SUSE Bug 1017589