Security update for Linux Kernel Live Patch 3 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:2090-1 Final 1 1 2015-11-24T14:47:59Z current 2015-11-24T14:47:59Z 2015-11-24T14:47:59Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Linux Kernel Live Patch 3 This kernel live patch for Linux Kernel 3.12.38-44.1 fixes two security issues: - CVE-2015-7613: A race condition in the IPC object implementation in the Linux kernel allowed local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c. (bsc#948701 bsc#948536) - CVE-2015-5707: Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request. (bsc#940342 bsc#940338) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Live-Patching-12-2015-885 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20152090-1/ Link for SUSE-SU-2015:2090-1 https://lists.opensuse.org/opensuse-security-announce/2015-11/msg00031.html E-Mail link for SUSE-SU-2015:2090-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/940338 SUSE Bug 940338 https://bugzilla.suse.com/940342 SUSE Bug 940342 https://bugzilla.suse.com/948536 SUSE Bug 948536 https://bugzilla.suse.com/948701 SUSE Bug 948701 https://www.suse.com/security/cve/CVE-2015-5707/ SUSE CVE CVE-2015-5707 page https://www.suse.com/security/cve/CVE-2015-7613/ SUSE CVE CVE-2015-7613 page SUSE Linux Enterprise Live Patching 12 kgraft-patch-3_12_38-44-default-3-2.1 kgraft-patch-3_12_38-44-xen-3-2.1 kgraft-patch-3_12_38-44-default-3-2.1 as a component of SUSE Linux Enterprise Live Patching 12 kgraft-patch-3_12_38-44-xen-3-2.1 as a component of SUSE Linux Enterprise Live Patching 12 Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request. CVE-2015-5707 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_38-44-default-3-2.1 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_38-44-xen-3-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152090-1/ https://www.suse.com/security/cve/CVE-2015-5707.html CVE-2015-5707 https://bugzilla.suse.com/923755 SUSE Bug 923755 https://bugzilla.suse.com/940338 SUSE Bug 940338 https://bugzilla.suse.com/940342 SUSE Bug 940342 https://bugzilla.suse.com/963994 SUSE Bug 963994 Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c. CVE-2015-7613 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_38-44-default-3-2.1 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_38-44-xen-3-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20152090-1/ https://www.suse.com/security/cve/CVE-2015-7613.html CVE-2015-7613 https://bugzilla.suse.com/923755 SUSE Bug 923755 https://bugzilla.suse.com/948536 SUSE Bug 948536 https://bugzilla.suse.com/948701 SUSE Bug 948701 https://bugzilla.suse.com/963994 SUSE Bug 963994