Security update for kernel live patch 10 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:0749-1 Final 1 1 2016-03-14T13:30:41Z current 2016-03-14T13:30:41Z 2016-03-14T13:30:41Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for kernel live patch 10 This kernel live patch for Linux Kernel 3.12.51-52.34.1 fixes two security issues: Fixes: - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. (bsc#955837) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Live-Patching-12-2016-437 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20160749-1/ Link for SUSE-SU-2016:0749-1 https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00037.html E-Mail link for SUSE-SU-2016:0749-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/955837 SUSE Bug 955837 https://www.suse.com/security/cve/CVE-2013-7446/ SUSE CVE CVE-2013-7446 page SUSE Linux Enterprise Live Patching 12 kgraft-patch-3_12_51-52_34-default-3-2.1 kgraft-patch-3_12_51-52_34-xen-3-2.1 kgraft-patch-3_12_51-52_34-default-3-2.1 as a component of SUSE Linux Enterprise Live Patching 12 kgraft-patch-3_12_51-52_34-xen-3-2.1 as a component of SUSE Linux Enterprise Live Patching 12 Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. CVE-2013-7446 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-52_34-default-3-2.1 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-52_34-xen-3-2.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20160749-1/ https://www.suse.com/security/cve/CVE-2013-7446.html CVE-2013-7446 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/955654 SUSE Bug 955654 https://bugzilla.suse.com/955837 SUSE Bug 955837