Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2017:0333-1 Final 1 1 2017-01-30T16:03:00Z current 2017-01-30T16:03:00Z 2017-01-30T16:03:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 11 SP2 LTSS kernel was updated to receive various security and bugfixes. This is the last planned LTSS kernel update for the SUSE Linux Enterprise Server 11 SP2 LTSS. The following security bugs were fixed: - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710). - CVE-2004-0230: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP (bnc#969340). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-8399: An out of bounds read in the ping protocol handler could have lead to information disclosure (bsc#1014746). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531). - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542). - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038). - CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options data, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call (bnc#992566). - CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations (bnc#1012832). - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecified removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacked chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7916: Race condition in the environ_read function in fs/proc/base.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete (bnc#1010467). - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel used an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2016-7097: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968). - CVE-2017-5551: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. This CVE tracks the fix for the tmpfs filesystem. (bsc#1021258). - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077). - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel allowed local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721 (bnc#994759). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296). - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a 'double fetch' vulnerability (bnc#991608). - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bsc#986365). - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the PIT counter values during state restoration, which allowed guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions (bnc#960689). - CVE-2013-4312: The Linux kernel allowed local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c (bnc#839104). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bnc#983143). - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel mishandled NM (aka alternate name) entries containing \0 characters, which allowed local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem (bnc#980725). - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371). - CVE-2015-7833: The usbvision driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998). - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971944). - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548). - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213). The following non-security bugs were fixed: - arch/powerpc: Remove duplicate/redundant Altivec entries (bsc#967716). - cdc-acm: added sanity checking for probe() (bsc#993891). - cgroups: do not attach task to subsystem if migration failed (bnc#979274). - cgroups: more safe tasklist locking in cgroup_attach_proc (bnc#979274). - dasd: fix hanging system after LCU changes (bnc#968500, LTC#136671). - dasd: Fix unresumed device after suspend/resume (bnc#927287, LTC#123892). - ipv4/fib: do not warn when primary address is missing if in_dev is dead (bsc#971360). - kabi, unix: properly account for FDs passed over unix sockets (bnc#839104). - kaweth: fix firmware download (bsc#993890). - kaweth: fix oops upon failed memory allocation (bsc#993890). - kvm: x86: SYSENTER emulation is broken (bsc#994618). - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED (VM Functionality, bnc#986445). - mremap: enforce rmap src/dst vma ordering in case of vma_merge() succeeding in copy_vma() (VM Functionality, bsc#1008645). - nfs4: reset states to use open_stateid when returning delegation voluntarily (bsc#1007944). - nfs: Do not disconnect open-owner on NFS4ERR_BAD_SEQID (bsc#989261, bsc#1011482). - nfs: do not do blind d_drop() in nfs_prime_dcache() (bnc#908069 bnc#896484 bsc#963053). - nfs_prime_dcache needs fh to be set (bnc#908069 bnc#896484 bsc#963053). - nfs: Refresh open-owner id when server says SEQID is bad (bsc#989261). - nfsv4: Ensure that we do not drop a state owner more than once (bsc#979595). - nfsv4: fix broken patch relating to v4 read delegations (bsc#956514, bsc#989261, bsc#979595, bsc#1011482). - nfsv4: nfs4_proc_renew should be declared static (bnc#863873). - nfsv4: OPEN must handle the NFS4ERR_IO return code correctly (bsc#979595). - nfsv4: Recovery of recalled read delegations is broken (bsc#956514 bsc#1011482). - nfsv4: The NFSv4.0 client must send RENEW calls if it holds a delegation (bnc#863873). - powerpc: Add ability to build little endian kernels (bsc#967716). - powerpc: Avoid load of static chain register when calling nested functions through a pointer on 64bit (bsc#967716). - powerpc: Do not build assembly files with ABIv2 (bsc#967716). - powerpc: Do not use ELFv2 ABI to build the kernel (bsc#967716). - powerpc: dtc is required to build dtb files (bsc#967716). - powerpc: Fix 64 bit builds with binutils 2.24 (bsc#967716). - powerpc: Fix error when cross building TAGS & cscope (bsc#967716). - powerpc: Make the vdso32 also build big-endian (bsc#967716). - powerpc: Remove altivec fix for gcc versions before 4.0 (bsc#967716). - powerpc: Remove buggy 9-year-old test for binutils < 2.12.1 (bsc#967716). - powerpc: Require gcc 4.0 on 64-bit (bsc#967716). - ppp: defer netns reference release for ppp channel (bsc#980371). - qeth: delete napi struct when removing a qeth device (bnc#979915, LTC#143590). - qeth: Fix crash on initial MTU size change (bnc#835175, LTC#96809). - qeth: postpone freeing of qdio memory (bnc#874145, LTC#107873). - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422) - Revert 's390/mm: fix asce_bits handling with dynamic pagetable levels' This reverts commit 6e00b1d803fa2ab4b130e04b7fbcc99f0b5ecba8. - rpm/config.sh: Set the release string to 0.7.<RELEASE> (bsc#997059) - rpm/mkspec: Read a default release string from rpm/config.sh (bsc997059) - s390/dasd: fix failfast for disconnected devices (bnc#958000, LTC#135138). - s390/dasd: fix hanging device after clear subchannel (bnc#994436, LTC#144640). - s390/dasd: fix kernel panic when alias is set offline (bnc#940966, LTC#128595). - s390/dasd: fix list_del corruption after lcu changes (bnc#954984, LTC#133077). - s390/mm: fix asce_bits handling with dynamic pagetable levels (bnc#979915, LTC#141456). Conflicts: series.conf - s390/pageattr: do a single TLB flush for change_page_attr (bsc#1009443,LTC#148182). - Set CONFIG_DEBUG_INFO=y and CONFIG_DEBUG_INFO_REDUCED=n on all platforms The specfile adjusts the config if necessary, but a new version of run_oldconfig.sh requires the settings to be present in the repository. - usb: fix typo in wMaxPacketSize validation (bsc#991665). - usb: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). slessp2-kernel-12961 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ Link for SUSE-SU-2017:0333-1 https://lists.suse.com/pipermail/sle-security-updates/2017-January/002609.html E-Mail link for SUSE-SU-2017:0333-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1003077 SUSE Bug 1003077 https://bugzilla.suse.com/1003925 SUSE Bug 1003925 https://bugzilla.suse.com/1004517 SUSE Bug 1004517 https://bugzilla.suse.com/1007944 SUSE Bug 1007944 https://bugzilla.suse.com/1008645 SUSE Bug 1008645 https://bugzilla.suse.com/1008831 SUSE Bug 1008831 https://bugzilla.suse.com/1008833 SUSE Bug 1008833 https://bugzilla.suse.com/1009443 SUSE Bug 1009443 https://bugzilla.suse.com/1010150 SUSE Bug 1010150 https://bugzilla.suse.com/1010467 SUSE Bug 1010467 https://bugzilla.suse.com/1010501 SUSE Bug 1010501 https://bugzilla.suse.com/1010507 SUSE Bug 1010507 https://bugzilla.suse.com/1010711 SUSE Bug 1010711 https://bugzilla.suse.com/1010716 SUSE Bug 1010716 https://bugzilla.suse.com/1011482 SUSE Bug 1011482 https://bugzilla.suse.com/1011685 SUSE Bug 1011685 https://bugzilla.suse.com/1012422 SUSE Bug 1012422 https://bugzilla.suse.com/1012832 SUSE Bug 1012832 https://bugzilla.suse.com/1013038 SUSE Bug 1013038 https://bugzilla.suse.com/1013531 SUSE Bug 1013531 https://bugzilla.suse.com/1013542 SUSE Bug 1013542 https://bugzilla.suse.com/1014746 SUSE Bug 1014746 https://bugzilla.suse.com/1017710 SUSE Bug 1017710 https://bugzilla.suse.com/1021258 SUSE Bug 1021258 https://bugzilla.suse.com/835175 SUSE Bug 835175 https://bugzilla.suse.com/839104 SUSE Bug 839104 https://bugzilla.suse.com/863873 SUSE Bug 863873 https://bugzilla.suse.com/874145 SUSE Bug 874145 https://bugzilla.suse.com/896484 SUSE Bug 896484 https://bugzilla.suse.com/908069 SUSE Bug 908069 https://bugzilla.suse.com/914939 SUSE Bug 914939 https://bugzilla.suse.com/922947 SUSE Bug 922947 https://bugzilla.suse.com/927287 SUSE Bug 927287 https://bugzilla.suse.com/940966 SUSE Bug 940966 https://bugzilla.suse.com/950998 SUSE Bug 950998 https://bugzilla.suse.com/954984 SUSE Bug 954984 https://bugzilla.suse.com/956514 SUSE Bug 956514 https://bugzilla.suse.com/958000 SUSE Bug 958000 https://bugzilla.suse.com/960689 SUSE Bug 960689 https://bugzilla.suse.com/963053 SUSE Bug 963053 https://bugzilla.suse.com/967716 SUSE Bug 967716 https://bugzilla.suse.com/968500 SUSE Bug 968500 https://bugzilla.suse.com/969340 SUSE Bug 969340 https://bugzilla.suse.com/971360 SUSE Bug 971360 https://bugzilla.suse.com/971944 SUSE Bug 971944 https://bugzilla.suse.com/978401 SUSE Bug 978401 https://bugzilla.suse.com/978821 SUSE Bug 978821 https://bugzilla.suse.com/979213 SUSE Bug 979213 https://bugzilla.suse.com/979274 SUSE Bug 979274 https://bugzilla.suse.com/979548 SUSE Bug 979548 https://bugzilla.suse.com/979595 SUSE Bug 979595 https://bugzilla.suse.com/979879 SUSE Bug 979879 https://bugzilla.suse.com/979915 SUSE Bug 979915 https://bugzilla.suse.com/980363 SUSE Bug 980363 https://bugzilla.suse.com/980371 SUSE Bug 980371 https://bugzilla.suse.com/980725 SUSE Bug 980725 https://bugzilla.suse.com/981267 SUSE Bug 981267 https://bugzilla.suse.com/983143 SUSE Bug 983143 https://bugzilla.suse.com/983213 SUSE Bug 983213 https://bugzilla.suse.com/984755 SUSE Bug 984755 https://bugzilla.suse.com/986362 SUSE Bug 986362 https://bugzilla.suse.com/986365 SUSE Bug 986365 https://bugzilla.suse.com/986445 SUSE Bug 986445 https://bugzilla.suse.com/986572 SUSE Bug 986572 https://bugzilla.suse.com/989261 SUSE Bug 989261 https://bugzilla.suse.com/991608 SUSE Bug 991608 https://bugzilla.suse.com/991665 SUSE Bug 991665 https://bugzilla.suse.com/992566 SUSE Bug 992566 https://bugzilla.suse.com/993890 SUSE Bug 993890 https://bugzilla.suse.com/993891 SUSE Bug 993891 https://bugzilla.suse.com/994296 SUSE Bug 994296 https://bugzilla.suse.com/994436 SUSE Bug 994436 https://bugzilla.suse.com/994618 SUSE Bug 994618 https://bugzilla.suse.com/994759 SUSE Bug 994759 https://bugzilla.suse.com/995968 SUSE Bug 995968 https://bugzilla.suse.com/997059 SUSE Bug 997059 https://bugzilla.suse.com/999932 SUSE Bug 999932 https://www.suse.com/security/cve/CVE-2004-0230/ SUSE CVE CVE-2004-0230 page https://www.suse.com/security/cve/CVE-2012-6704/ SUSE CVE CVE-2012-6704 page https://www.suse.com/security/cve/CVE-2013-4312/ SUSE CVE CVE-2013-4312 page https://www.suse.com/security/cve/CVE-2015-1350/ SUSE CVE CVE-2015-1350 page https://www.suse.com/security/cve/CVE-2015-7513/ SUSE CVE CVE-2015-7513 page https://www.suse.com/security/cve/CVE-2015-7833/ SUSE CVE CVE-2015-7833 page https://www.suse.com/security/cve/CVE-2015-8956/ SUSE CVE CVE-2015-8956 page https://www.suse.com/security/cve/CVE-2015-8962/ SUSE CVE CVE-2015-8962 page https://www.suse.com/security/cve/CVE-2015-8964/ SUSE CVE CVE-2015-8964 page https://www.suse.com/security/cve/CVE-2016-0823/ SUSE CVE CVE-2016-0823 page https://www.suse.com/security/cve/CVE-2016-10088/ SUSE CVE CVE-2016-10088 page https://www.suse.com/security/cve/CVE-2016-1583/ SUSE CVE CVE-2016-1583 page https://www.suse.com/security/cve/CVE-2016-2187/ SUSE CVE CVE-2016-2187 page https://www.suse.com/security/cve/CVE-2016-2189/ SUSE CVE CVE-2016-2189 page https://www.suse.com/security/cve/CVE-2016-3841/ SUSE CVE CVE-2016-3841 page https://www.suse.com/security/cve/CVE-2016-4470/ SUSE CVE CVE-2016-4470 page https://www.suse.com/security/cve/CVE-2016-4482/ SUSE CVE CVE-2016-4482 page https://www.suse.com/security/cve/CVE-2016-4485/ SUSE CVE CVE-2016-4485 page https://www.suse.com/security/cve/CVE-2016-4565/ SUSE CVE CVE-2016-4565 page https://www.suse.com/security/cve/CVE-2016-4569/ SUSE CVE CVE-2016-4569 page https://www.suse.com/security/cve/CVE-2016-4578/ SUSE CVE CVE-2016-4578 page https://www.suse.com/security/cve/CVE-2016-4580/ SUSE CVE CVE-2016-4580 page https://www.suse.com/security/cve/CVE-2016-4805/ SUSE CVE CVE-2016-4805 page https://www.suse.com/security/cve/CVE-2016-4913/ SUSE CVE CVE-2016-4913 page https://www.suse.com/security/cve/CVE-2016-4997/ SUSE CVE CVE-2016-4997 page https://www.suse.com/security/cve/CVE-2016-5244/ SUSE CVE CVE-2016-5244 page https://www.suse.com/security/cve/CVE-2016-5829/ SUSE CVE CVE-2016-5829 page https://www.suse.com/security/cve/CVE-2016-6480/ SUSE CVE CVE-2016-6480 page https://www.suse.com/security/cve/CVE-2016-6828/ SUSE CVE CVE-2016-6828 page https://www.suse.com/security/cve/CVE-2016-7042/ SUSE CVE CVE-2016-7042 page https://www.suse.com/security/cve/CVE-2016-7097/ SUSE CVE CVE-2016-7097 page https://www.suse.com/security/cve/CVE-2016-7117/ SUSE CVE CVE-2016-7117 page https://www.suse.com/security/cve/CVE-2016-7425/ SUSE CVE CVE-2016-7425 page https://www.suse.com/security/cve/CVE-2016-7910/ SUSE CVE CVE-2016-7910 page https://www.suse.com/security/cve/CVE-2016-7911/ SUSE CVE CVE-2016-7911 page https://www.suse.com/security/cve/CVE-2016-7916/ SUSE CVE CVE-2016-7916 page https://www.suse.com/security/cve/CVE-2016-8399/ SUSE CVE CVE-2016-8399 page https://www.suse.com/security/cve/CVE-2016-8632/ SUSE CVE CVE-2016-8632 page https://www.suse.com/security/cve/CVE-2016-8633/ SUSE CVE CVE-2016-8633 page https://www.suse.com/security/cve/CVE-2016-8646/ SUSE CVE CVE-2016-8646 page https://www.suse.com/security/cve/CVE-2016-9555/ SUSE CVE CVE-2016-9555 page https://www.suse.com/security/cve/CVE-2016-9685/ SUSE CVE CVE-2016-9685 page https://www.suse.com/security/cve/CVE-2016-9756/ SUSE CVE CVE-2016-9756 page https://www.suse.com/security/cve/CVE-2016-9793/ SUSE CVE CVE-2016-9793 page https://www.suse.com/security/cve/CVE-2017-5551/ SUSE CVE CVE-2017-5551 page SUSE Linux Enterprise Server 11 SP2-LTSS kernel-default-3.0.101-0.7.53.1 kernel-default-base-3.0.101-0.7.53.1 kernel-default-devel-3.0.101-0.7.53.1 kernel-default-man-3.0.101-0.7.53.1 kernel-ec2-3.0.101-0.7.53.1 kernel-ec2-base-3.0.101-0.7.53.1 kernel-ec2-devel-3.0.101-0.7.53.1 kernel-pae-3.0.101-0.7.53.1 kernel-pae-base-3.0.101-0.7.53.1 kernel-pae-devel-3.0.101-0.7.53.1 kernel-source-3.0.101-0.7.53.1 kernel-syms-3.0.101-0.7.53.1 kernel-trace-3.0.101-0.7.53.1 kernel-trace-base-3.0.101-0.7.53.1 kernel-trace-devel-3.0.101-0.7.53.1 kernel-xen-3.0.101-0.7.53.1 kernel-xen-base-3.0.101-0.7.53.1 kernel-xen-devel-3.0.101-0.7.53.1 kernel-default-3.0.101-0.7.53.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-default-base-3.0.101-0.7.53.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-default-devel-3.0.101-0.7.53.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-default-man-3.0.101-0.7.53.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-ec2-3.0.101-0.7.53.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-ec2-base-3.0.101-0.7.53.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-ec2-devel-3.0.101-0.7.53.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-pae-3.0.101-0.7.53.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-pae-base-3.0.101-0.7.53.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-pae-devel-3.0.101-0.7.53.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-source-3.0.101-0.7.53.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-syms-3.0.101-0.7.53.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-trace-3.0.101-0.7.53.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-trace-base-3.0.101-0.7.53.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-trace-devel-3.0.101-0.7.53.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-xen-3.0.101-0.7.53.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-xen-base-3.0.101-0.7.53.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS kernel-xen-devel-3.0.101-0.7.53.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP. CVE-2004-0230 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2004-0230.html CVE-2004-0230 https://bugzilla.suse.com/1184394 SUSE Bug 1184394 https://bugzilla.suse.com/1198501 SUSE Bug 1198501 https://bugzilla.suse.com/1206598 SUSE Bug 1206598 https://bugzilla.suse.com/969340 SUSE Bug 969340 https://bugzilla.suse.com/989152 SUSE Bug 989152 https://bugzilla.suse.com/992991 SUSE Bug 992991 The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option. CVE-2012-6704 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 important 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2012-6704.html CVE-2012-6704 https://bugzilla.suse.com/1013531 SUSE Bug 1013531 https://bugzilla.suse.com/1013542 SUSE Bug 1013542 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. CVE-2013-4312 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2013-4312.html CVE-2013-4312 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/839104 SUSE Bug 839104 https://bugzilla.suse.com/922947 SUSE Bug 922947 https://bugzilla.suse.com/968014 SUSE Bug 968014 The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program. CVE-2015-1350 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2015-1350.html CVE-2015-1350 https://bugzilla.suse.com/1052256 SUSE Bug 1052256 https://bugzilla.suse.com/914939 SUSE Bug 914939 arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions. CVE-2015-7513 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 moderate 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2015-7513.html CVE-2015-7513 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/960689 SUSE Bug 960689 https://bugzilla.suse.com/987709 SUSE Bug 987709 The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor. CVE-2015-7833 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 moderate 4 AV:L/AC:H/Au:N/C:N/I:N/A:C 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2015-7833.html CVE-2015-7833 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/950998 SUSE Bug 950998 The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket. CVE-2015-8956 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 moderate 5 AV:L/AC:M/Au:S/C:P/I:N/A:C 3.6 AV:L/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2015-8956.html CVE-2015-8956 https://bugzilla.suse.com/1003925 SUSE Bug 1003925 Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call. CVE-2015-8962 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 important 5.9 AV:L/AC:H/Au:N/C:C/I:P/A:C 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2015-8962.html CVE-2015-8962 https://bugzilla.suse.com/1010501 SUSE Bug 1010501 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure. CVE-2015-8964 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 low 2.1 AV:N/AC:H/Au:S/C:P/I:N/A:N 7.1 AV:N/AC:M/Au:N/C:C/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2015-8964.html CVE-2015-8964 https://bugzilla.suse.com/1010507 SUSE Bug 1010507 The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. CVE-2016-0823 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-0823.html CVE-2016-0823 https://bugzilla.suse.com/987709 SUSE Bug 987709 https://bugzilla.suse.com/994759 SUSE Bug 994759 The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576. CVE-2016-10088 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 important 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-10088.html CVE-2016-10088 https://bugzilla.suse.com/1013604 SUSE Bug 1013604 https://bugzilla.suse.com/1014271 SUSE Bug 1014271 https://bugzilla.suse.com/1017710 SUSE Bug 1017710 https://bugzilla.suse.com/1019079 SUSE Bug 1019079 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling. CVE-2016-1583 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 important 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-1583.html CVE-2016-1583 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/1052256 SUSE Bug 1052256 https://bugzilla.suse.com/983143 SUSE Bug 983143 https://bugzilla.suse.com/983144 SUSE Bug 983144 The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. CVE-2016-2187 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-2187.html CVE-2016-2187 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/971919 SUSE Bug 971919 https://bugzilla.suse.com/971944 SUSE Bug 971944 DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-4565. Reason: This candidate is a reservation duplicate of CVE-2016-4565. Notes: All CVE users should reference CVE-2016-4565 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage CVE-2016-2189 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-2189.html CVE-2016-2189 https://bugzilla.suse.com/979548 SUSE Bug 979548 https://bugzilla.suse.com/980363 SUSE Bug 980363 The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. CVE-2016-3841 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-3841.html CVE-2016-3841 https://bugzilla.suse.com/1052256 SUSE Bug 1052256 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 https://bugzilla.suse.com/992566 SUSE Bug 992566 https://bugzilla.suse.com/992569 SUSE Bug 992569 The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. CVE-2016-4470 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-4470.html CVE-2016-4470 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/984755 SUSE Bug 984755 https://bugzilla.suse.com/984764 SUSE Bug 984764 https://bugzilla.suse.com/991651 SUSE Bug 991651 The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. CVE-2016-4482 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 low 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-4482.html CVE-2016-4482 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/978401 SUSE Bug 978401 https://bugzilla.suse.com/978445 SUSE Bug 978445 The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message. CVE-2016-4485 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-4485.html CVE-2016-4485 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/978821 SUSE Bug 978821 The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface. CVE-2016-4565 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 moderate 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-4565.html CVE-2016-4565 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/979548 SUSE Bug 979548 https://bugzilla.suse.com/980363 SUSE Bug 980363 https://bugzilla.suse.com/980883 SUSE Bug 980883 The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface. CVE-2016-4569 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-4569.html CVE-2016-4569 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/979213 SUSE Bug 979213 https://bugzilla.suse.com/979879 SUSE Bug 979879 sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions. CVE-2016-4578 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 low 1.9 AV:L/AC:M/Au:N/C:N/I:P/A:N 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-4578.html CVE-2016-4578 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/1052256 SUSE Bug 1052256 https://bugzilla.suse.com/979879 SUSE Bug 979879 The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request. CVE-2016-4580 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-4580.html CVE-2016-4580 https://bugzilla.suse.com/870618 SUSE Bug 870618 https://bugzilla.suse.com/981267 SUSE Bug 981267 https://bugzilla.suse.com/985132 SUSE Bug 985132 Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions. CVE-2016-4805 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 low 3.3 AV:L/AC:M/Au:N/C:N/I:P/A:P 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-4805.html CVE-2016-4805 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 https://bugzilla.suse.com/980371 SUSE Bug 980371 The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem. CVE-2016-4913 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-4913.html CVE-2016-4913 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 https://bugzilla.suse.com/870618 SUSE Bug 870618 https://bugzilla.suse.com/980725 SUSE Bug 980725 https://bugzilla.suse.com/985132 SUSE Bug 985132 The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement. CVE-2016-4997 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-4997.html CVE-2016-4997 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/986362 SUSE Bug 986362 https://bugzilla.suse.com/986365 SUSE Bug 986365 https://bugzilla.suse.com/986377 SUSE Bug 986377 https://bugzilla.suse.com/991651 SUSE Bug 991651 The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message. CVE-2016-5244 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 moderate 1.5 AV:L/AC:M/Au:S/C:P/I:N/A:N 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-5244.html CVE-2016-5244 https://bugzilla.suse.com/983213 SUSE Bug 983213 https://bugzilla.suse.com/986225 SUSE Bug 986225 Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call. CVE-2016-5829 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-5829.html CVE-2016-5829 https://bugzilla.suse.com/1053919 SUSE Bug 1053919 https://bugzilla.suse.com/1054127 SUSE Bug 1054127 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 https://bugzilla.suse.com/986572 SUSE Bug 986572 https://bugzilla.suse.com/986573 SUSE Bug 986573 https://bugzilla.suse.com/991651 SUSE Bug 991651 Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability. CVE-2016-6480 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-6480.html CVE-2016-6480 https://bugzilla.suse.com/1004418 SUSE Bug 1004418 https://bugzilla.suse.com/991608 SUSE Bug 991608 https://bugzilla.suse.com/991667 SUSE Bug 991667 https://bugzilla.suse.com/992568 SUSE Bug 992568 The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option. CVE-2016-6828 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-6828.html CVE-2016-6828 https://bugzilla.suse.com/1052256 SUSE Bug 1052256 https://bugzilla.suse.com/994296 SUSE Bug 994296 The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file. CVE-2016-7042 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 moderate 4.6 AV:L/AC:L/Au:S/C:N/I:N/A:C 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-7042.html CVE-2016-7042 https://bugzilla.suse.com/1004517 SUSE Bug 1004517 The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. CVE-2016-7097 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 low 3 AV:L/AC:M/Au:S/C:P/I:P/A:N 3.6 AV:L/AC:L/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-7097.html CVE-2016-7097 https://bugzilla.suse.com/1021258 SUSE Bug 1021258 https://bugzilla.suse.com/1052256 SUSE Bug 1052256 https://bugzilla.suse.com/870618 SUSE Bug 870618 https://bugzilla.suse.com/995968 SUSE Bug 995968 Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing. CVE-2016-7117 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-7117.html CVE-2016-7117 https://bugzilla.suse.com/1003077 SUSE Bug 1003077 https://bugzilla.suse.com/1003253 SUSE Bug 1003253 https://bugzilla.suse.com/1057478 SUSE Bug 1057478 https://bugzilla.suse.com/1071943 SUSE Bug 1071943 The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. CVE-2016-7425 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-7425.html CVE-2016-7425 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 https://bugzilla.suse.com/999932 SUSE Bug 999932 Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed. CVE-2016-7910 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 important 1.2 AV:L/AC:H/Au:N/C:N/I:N/A:P 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-7910.html CVE-2016-7910 https://bugzilla.suse.com/1010716 SUSE Bug 1010716 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 https://bugzilla.suse.com/1196722 SUSE Bug 1196722 Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call. CVE-2016-7911 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 important 3.3 AV:L/AC:M/Au:N/C:P/I:N/A:P 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-7911.html CVE-2016-7911 https://bugzilla.suse.com/1010711 SUSE Bug 1010711 https://bugzilla.suse.com/1010713 SUSE Bug 1010713 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete. CVE-2016-7916 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 important 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N 4.7 AV:L/AC:M/Au:N/C:C/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-7916.html CVE-2016-7916 https://bugzilla.suse.com/1010467 SUSE Bug 1010467 An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935. CVE-2016-8399 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 important 3.2 AV:L/AC:L/Au:S/C:P/I:N/A:P 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-8399.html CVE-2016-8399 https://bugzilla.suse.com/1014746 SUSE Bug 1014746 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability. CVE-2016-8632 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 moderate 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-8632.html CVE-2016-8632 https://bugzilla.suse.com/1008831 SUSE Bug 1008831 https://bugzilla.suse.com/1012852 SUSE Bug 1012852 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. CVE-2016-8633 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-8633.html CVE-2016-8633 https://bugzilla.suse.com/1008833 SUSE Bug 1008833 The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data. CVE-2016-8646 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 important 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-8646.html CVE-2016-8646 https://bugzilla.suse.com/1010150 SUSE Bug 1010150 The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data. CVE-2016-9555 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 moderate 7.1 AV:N/AC:H/Au:N/C:C/I:N/A:C 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-9555.html CVE-2016-9555 https://bugzilla.suse.com/1011685 SUSE Bug 1011685 https://bugzilla.suse.com/1012183 SUSE Bug 1012183 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations. CVE-2016-9685 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 important 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-9685.html CVE-2016-9685 https://bugzilla.suse.com/1012832 SUSE Bug 1012832 arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2016-9756 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 important 1.5 AV:L/AC:M/Au:S/C:P/I:N/A:N 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-9756.html CVE-2016-9756 https://bugzilla.suse.com/1013038 SUSE Bug 1013038 The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option. CVE-2016-9793 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 moderate 5.9 AV:L/AC:H/Au:M/C:C/I:C/A:C 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2016-9793.html CVE-2016-9793 https://bugzilla.suse.com/1013531 SUSE Bug 1013531 https://bugzilla.suse.com/1013542 SUSE Bug 1013542 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097. CVE-2017-5551 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-default-man-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-ec2-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-pae-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-source-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-syms-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-trace-devel-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-base-3.0.101-0.7.53.1 SUSE Linux Enterprise Server 11 SP2-LTSS:kernel-xen-devel-3.0.101-0.7.53.1 important 3 AV:L/AC:M/Au:S/C:P/I:P/A:N 3.6 AV:L/AC:L/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1/ https://www.suse.com/security/cve/CVE-2017-5551.html CVE-2017-5551 https://bugzilla.suse.com/1021258 SUSE Bug 1021258 https://bugzilla.suse.com/995968 SUSE Bug 995968