Security update for Linux Kernel Live Patch 8 for SLE 12 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:2005-1 Final 1 1 2016-08-09T11:24:17Z current 2016-08-09T11:24:17Z 2016-08-09T11:24:17Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Linux Kernel Live Patch 8 for SLE 12 This update for the Linux Kernel 3.12.48-52_27 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel did not accept a length argument, which allowed local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call (bsc#979078). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-SAP-12-2016-1176,SUSE-SLE-SERVER-12-2016-1176 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20162005-1/ Link for SUSE-SU-2016:2005-1 https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html E-Mail link for SUSE-SU-2016:2005-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/955837 SUSE Bug 955837 https://bugzilla.suse.com/971793 SUSE Bug 971793 https://bugzilla.suse.com/973570 SUSE Bug 973570 https://bugzilla.suse.com/979064 SUSE Bug 979064 https://bugzilla.suse.com/979074 SUSE Bug 979074 https://bugzilla.suse.com/979078 SUSE Bug 979078 https://bugzilla.suse.com/980856 SUSE Bug 980856 https://bugzilla.suse.com/980883 SUSE Bug 980883 https://bugzilla.suse.com/983144 SUSE Bug 983144 https://bugzilla.suse.com/984764 SUSE Bug 984764 https://www.suse.com/security/cve/CVE-2013-7446/ SUSE CVE CVE-2013-7446 page https://www.suse.com/security/cve/CVE-2015-8019/ SUSE CVE CVE-2015-8019 page https://www.suse.com/security/cve/CVE-2015-8816/ SUSE CVE CVE-2015-8816 page https://www.suse.com/security/cve/CVE-2016-0758/ SUSE CVE CVE-2016-0758 page https://www.suse.com/security/cve/CVE-2016-1583/ SUSE CVE CVE-2016-1583 page https://www.suse.com/security/cve/CVE-2016-2053/ SUSE CVE CVE-2016-2053 page https://www.suse.com/security/cve/CVE-2016-3134/ SUSE CVE CVE-2016-3134 page https://www.suse.com/security/cve/CVE-2016-4470/ SUSE CVE CVE-2016-4470 page https://www.suse.com/security/cve/CVE-2016-4565/ SUSE CVE CVE-2016-4565 page SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Server for SAP Applications 12 kgraft-patch-3_12_48-52_27-default-5-2.2 kgraft-patch-3_12_48-52_27-xen-5-2.2 kgraft-patch-3_12_48-52_27-default-5-2.2 as a component of SUSE Linux Enterprise Server 12-LTSS kgraft-patch-3_12_48-52_27-xen-5-2.2 as a component of SUSE Linux Enterprise Server 12-LTSS kgraft-patch-3_12_48-52_27-default-5-2.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 kgraft-patch-3_12_48-52_27-xen-5-2.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. CVE-2013-7446 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162005-1/ https://www.suse.com/security/cve/CVE-2013-7446.html CVE-2013-7446 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/955654 SUSE Bug 955654 https://bugzilla.suse.com/955837 SUSE Bug 955837 The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call. CVE-2015-8019 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162005-1/ https://www.suse.com/security/cve/CVE-2015-8019.html CVE-2015-8019 https://bugzilla.suse.com/1032268 SUSE Bug 1032268 https://bugzilla.suse.com/951199 SUSE Bug 951199 https://bugzilla.suse.com/952587 SUSE Bug 952587 https://bugzilla.suse.com/979078 SUSE Bug 979078 The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device. CVE-2015-8816 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2 moderate 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162005-1/ https://www.suse.com/security/cve/CVE-2015-8816.html CVE-2015-8816 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/968010 SUSE Bug 968010 https://bugzilla.suse.com/979064 SUSE Bug 979064 Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data. CVE-2016-0758 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162005-1/ https://www.suse.com/security/cve/CVE-2016-0758.html CVE-2016-0758 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/1072204 SUSE Bug 1072204 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 https://bugzilla.suse.com/979867 SUSE Bug 979867 https://bugzilla.suse.com/980856 SUSE Bug 980856 The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling. CVE-2016-1583 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2 important 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162005-1/ https://www.suse.com/security/cve/CVE-2016-1583.html CVE-2016-1583 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/1052256 SUSE Bug 1052256 https://bugzilla.suse.com/983143 SUSE Bug 983143 https://bugzilla.suse.com/983144 SUSE Bug 983144 The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c. CVE-2016-2053 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2 moderate 4.6 AV:L/AC:L/Au:S/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162005-1/ https://www.suse.com/security/cve/CVE-2016-2053.html CVE-2016-2053 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/963762 SUSE Bug 963762 https://bugzilla.suse.com/979074 SUSE Bug 979074 The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call. CVE-2016-3134 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2 moderate 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162005-1/ https://www.suse.com/security/cve/CVE-2016-3134.html CVE-2016-3134 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/1052256 SUSE Bug 1052256 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 https://bugzilla.suse.com/971126 SUSE Bug 971126 https://bugzilla.suse.com/971793 SUSE Bug 971793 https://bugzilla.suse.com/986362 SUSE Bug 986362 https://bugzilla.suse.com/986365 SUSE Bug 986365 https://bugzilla.suse.com/986377 SUSE Bug 986377 The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. CVE-2016-4470 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162005-1/ https://www.suse.com/security/cve/CVE-2016-4470.html CVE-2016-4470 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/984755 SUSE Bug 984755 https://bugzilla.suse.com/984764 SUSE Bug 984764 https://bugzilla.suse.com/991651 SUSE Bug 991651 The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface. CVE-2016-4565 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2 moderate 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162005-1/ https://www.suse.com/security/cve/CVE-2016-4565.html CVE-2016-4565 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/979548 SUSE Bug 979548 https://bugzilla.suse.com/980363 SUSE Bug 980363 https://bugzilla.suse.com/980883 SUSE Bug 980883