Security update for Linux Kernel Live Patch 5 for SLE 12 SP1 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:2177-1 Final 1 1 2016-08-29T09:25:46Z current 2016-08-29T09:25:46Z 2016-08-29T09:25:46Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Linux Kernel Live Patch 5 for SLE 12 SP1 This update for the Linux Kernel 3.12.59-60_41 fixes several issues. The following security bugs were fixed: - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a 'double fetch' vulnerability (bsc#991667). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bsc#986573). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986377). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Live-Patching-12-2016-1284 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20162177-1/ Link for SUSE-SU-2016:2177-1 https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html E-Mail link for SUSE-SU-2016:2177-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/986377 SUSE Bug 986377 https://bugzilla.suse.com/986573 SUSE Bug 986573 https://bugzilla.suse.com/991667 SUSE Bug 991667 https://www.suse.com/security/cve/CVE-2016-4997/ SUSE CVE CVE-2016-4997 page https://www.suse.com/security/cve/CVE-2016-5829/ SUSE CVE CVE-2016-5829 page https://www.suse.com/security/cve/CVE-2016-6480/ SUSE CVE CVE-2016-6480 page SUSE Linux Enterprise Live Patching 12 kgraft-patch-3_12_59-60_41-default-3-2.1 kgraft-patch-3_12_59-60_41-xen-3-2.1 kgraft-patch-3_12_59-60_41-default-3-2.1 as a component of SUSE Linux Enterprise Live Patching 12 kgraft-patch-3_12_59-60_41-xen-3-2.1 as a component of SUSE Linux Enterprise Live Patching 12 The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement. CVE-2016-4997 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_59-60_41-default-3-2.1 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_59-60_41-xen-3-2.1 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162177-1/ https://www.suse.com/security/cve/CVE-2016-4997.html CVE-2016-4997 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/986362 SUSE Bug 986362 https://bugzilla.suse.com/986365 SUSE Bug 986365 https://bugzilla.suse.com/986377 SUSE Bug 986377 https://bugzilla.suse.com/991651 SUSE Bug 991651 Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call. CVE-2016-5829 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_59-60_41-default-3-2.1 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_59-60_41-xen-3-2.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162177-1/ https://www.suse.com/security/cve/CVE-2016-5829.html CVE-2016-5829 https://bugzilla.suse.com/1053919 SUSE Bug 1053919 https://bugzilla.suse.com/1054127 SUSE Bug 1054127 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 https://bugzilla.suse.com/986572 SUSE Bug 986572 https://bugzilla.suse.com/986573 SUSE Bug 986573 https://bugzilla.suse.com/991651 SUSE Bug 991651 Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability. CVE-2016-6480 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_59-60_41-default-3-2.1 SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_59-60_41-xen-3-2.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162177-1/ https://www.suse.com/security/cve/CVE-2016-6480.html CVE-2016-6480 https://bugzilla.suse.com/1004418 SUSE Bug 1004418 https://bugzilla.suse.com/991608 SUSE Bug 991608 https://bugzilla.suse.com/991667 SUSE Bug 991667 https://bugzilla.suse.com/992568 SUSE Bug 992568