Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2017:0471-1 Final 1 1 2017-02-15T16:20:32Z current 2017-02-15T16:20:32Z 2017-02-15T16:20:32Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 12 GA LTSS kernel was updated to 3.12.61 to receive various security and bugfixes. The following feature was implemented: - The ext2 filesystem got reenabled and supported to allow support for 'XIP' (Execute In Place) (FATE#320805). The following security bugs were fixed: - CVE-2017-5551: The tmpfs filesystem implementation in the Linux kernel preserved the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bsc#1021258). - CVE-2016-7097: The filesystem implementation in the Linux kernel preserved the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968). - CVE-2017-2583: A Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. A user/process inside guest could have used this flaw to crash the guest resulting in DoS or potentially escalate their privileges inside guest. (bsc#1020602). - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt (bnc#1019851). - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710). - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) via a crafted application that made sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969). - CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935 (bnc#1014746). - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bnc#1013540). - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2015-8963: Race condition in kernel/events/core.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation (bnc#1010502). - CVE-2016-7914: The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel did not check whether a slot is a leaf, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite (bnc#1010475). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a 'state machine confusion bug (bnc#1007197). - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel misused the kzalloc function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file (bnc#1007197). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925). - CVE-2016-8658: Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket (bnc#1004462). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation (bnc#994748). - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296). - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for remote attackers to hijack TCP sessions via a blind in-window attack (bnc#989152). - CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by changing a certain length value, aka a 'double fetch' vulnerability (bnc#987542). - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a 'double fetch' vulnerability (bnc#991608). - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bnc#986362 bnc#986365). - CVE-2016-5828: The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms mishandled transactional state, which allowed local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call (bnc#986569). - CVE-2014-9904: The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel did not properly check for an integer overflow, which allowed local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). The following non-security bugs were fixed: - base: make module_create_drivers_dir race-free (bnc#983977). - btrfs-8448-improve-performance-on-fsync-against-new-inode.patch: Disable (bsc#981597). - btrfs: account for non-CoW'd blocks in btrfs_abort_transaction (bsc#983619). - btrfs: be more precise on errors when getting an inode from disk (bsc#981038). - btrfs: do not create or leak aliased root while cleaning up orphans (bsc#994881). - btrfs: ensure that file descriptor used with subvol ioctls is a dir (bsc#999600). - btrfs: fix relocation incorrectly dropping data references (bsc#990384). - btrfs: handle quota reserve failure properly (bsc#1005666). - btrfs: improve performance on fsync against new inode after rename/unlink (bsc#981038). - btrfs: increment ctx->pos for every emitted or skipped dirent in readdir (bsc#981709). - btrfs: remove old tree_root dirent processing in btrfs_real_readdir() (bsc#981709). - cdc-acm: added sanity checking for probe() (bsc#993891). - ext2: Enable ext2 driver in config files (bsc#976195, fate#320805) - ext4: Add parameter for tuning handling of ext2 (bsc#976195). - ext4: Fixup handling for custom configs in tuning. - ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short jumps to it (bsc#984419). - ipv6: Fix improper use or RCU in patches.kabi/ipv6-add-complete-rcu-protection-around-np-opt.kabi.patch. (bsc#961257) - ipv6: KABI workaround for ipv6: add complete rcu protection around np->opt. - kabi: prevent spurious modversion changes after bsc#982544 fix (bsc#982544). - kabi: reintroduce sk_filter (kabi). - kaweth: fix firmware download (bsc#993890). - kaweth: fix oops upon failed memory allocation (bsc#993890). - kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread (bsc#1010612, fate#313296). - kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410, fate#313296). - kgr: ignore zombie tasks during the patching (bnc#1008979). - mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721). - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED (VM Functionality, bnc#986445). - modsign: Print appropriate status message when accessing UEFI variable (bsc#958606). - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (bsc#1011820). - mpt3sas: Fix panic when aer correct error occurred (bsc#997708, bsc#999943). - netfilter: allow logging fron non-init netns (bsc#970083). - netfilter: bridge: do not leak skb in error paths (bsc#982544). - netfilter: bridge: forward IPv6 fragmented packets (bsc#982544). - netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6 (bsc#982544). - nfs: Do not write enable new pages while an invalidation is proceeding (bsc#999584). - nfs: Fix a regression in the read() syscall (bsc#999584). - pci/aer: Clear error status registers during enumeration and restore (bsc#985978). - ppp: defer netns reference release for ppp channel (bsc#980371). - reiserfs: fix race in prealloc discard (bsc#987576). - scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989) - scsi: Increase REPORT_LUNS timeout (bsc#982282). - series.conf: move stray netfilter patches to the right section - squashfs3: properly handle dir_emit() failures (bsc#998795). - supported.conf: Add ext2 - timers: Use proper base migration in add_timer_on() (bnc#993392). - tty: audit: Fix audit source (bsc#1016482). - tty: Prevent ldisc drivers from re-using stale tty fields (bnc#1010507). - usb: fix typo in wMaxPacketSize validation (bsc#991665). - usb: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665). - xen: Fix refcnt regression in xen netback introduced by changes made for bug#881008 (bnc#978094) - xfs: allow lazy sb counter sync during filesystem freeze sequence (bsc#980560). - xfs: fixed signedness of error code in xfs_inode_buf_verify (bsc#1003153). - xfs: fix premature enospc on inode allocation (bsc#984148). - xfs: get rid of XFS_IALLOC_BLOCKS macros (bsc#984148). - xfs: get rid of XFS_INODE_CLUSTER_SIZE macros (bsc#984148). - xfs: refactor xlog_recover_process_data() (bsc#1019300). - xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565). - xhci: silence warnings in switch (bnc#991665). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Module-Public-Cloud-12-2017-247,SUSE-SLE-SAP-12-2017-247,SUSE-SLE-SERVER-12-2017-247 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ Link for SUSE-SU-2017:0471-1 https://lists.opensuse.org/opensuse-security-announce/2017-02/msg00025.html E-Mail link for SUSE-SU-2017:0471-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1003153 SUSE Bug 1003153 https://bugzilla.suse.com/1003925 SUSE Bug 1003925 https://bugzilla.suse.com/1004462 SUSE Bug 1004462 https://bugzilla.suse.com/1004517 SUSE Bug 1004517 https://bugzilla.suse.com/1005666 SUSE Bug 1005666 https://bugzilla.suse.com/1007197 SUSE Bug 1007197 https://bugzilla.suse.com/1008833 SUSE Bug 1008833 https://bugzilla.suse.com/1008979 SUSE Bug 1008979 https://bugzilla.suse.com/1009969 SUSE Bug 1009969 https://bugzilla.suse.com/1010040 SUSE Bug 1010040 https://bugzilla.suse.com/1010475 SUSE Bug 1010475 https://bugzilla.suse.com/1010478 SUSE Bug 1010478 https://bugzilla.suse.com/1010501 SUSE Bug 1010501 https://bugzilla.suse.com/1010502 SUSE Bug 1010502 https://bugzilla.suse.com/1010507 SUSE Bug 1010507 https://bugzilla.suse.com/1010612 SUSE Bug 1010612 https://bugzilla.suse.com/1010711 SUSE Bug 1010711 https://bugzilla.suse.com/1010716 SUSE Bug 1010716 https://bugzilla.suse.com/1011820 SUSE Bug 1011820 https://bugzilla.suse.com/1012422 SUSE Bug 1012422 https://bugzilla.suse.com/1013038 SUSE Bug 1013038 https://bugzilla.suse.com/1013531 SUSE Bug 1013531 https://bugzilla.suse.com/1013540 SUSE Bug 1013540 https://bugzilla.suse.com/1013542 SUSE Bug 1013542 https://bugzilla.suse.com/1014746 SUSE Bug 1014746 https://bugzilla.suse.com/1016482 SUSE Bug 1016482 https://bugzilla.suse.com/1017410 SUSE Bug 1017410 https://bugzilla.suse.com/1017589 SUSE Bug 1017589 https://bugzilla.suse.com/1017710 SUSE Bug 1017710 https://bugzilla.suse.com/1019300 SUSE Bug 1019300 https://bugzilla.suse.com/1019851 SUSE Bug 1019851 https://bugzilla.suse.com/1020602 SUSE Bug 1020602 https://bugzilla.suse.com/1021258 SUSE Bug 1021258 https://bugzilla.suse.com/881008 SUSE Bug 881008 https://bugzilla.suse.com/915183 SUSE Bug 915183 https://bugzilla.suse.com/958606 SUSE Bug 958606 https://bugzilla.suse.com/961257 SUSE Bug 961257 https://bugzilla.suse.com/970083 SUSE Bug 970083 https://bugzilla.suse.com/971989 SUSE Bug 971989 https://bugzilla.suse.com/976195 SUSE Bug 976195 https://bugzilla.suse.com/978094 SUSE Bug 978094 https://bugzilla.suse.com/980371 SUSE Bug 980371 https://bugzilla.suse.com/980560 SUSE Bug 980560 https://bugzilla.suse.com/981038 SUSE Bug 981038 https://bugzilla.suse.com/981597 SUSE Bug 981597 https://bugzilla.suse.com/981709 SUSE Bug 981709 https://bugzilla.suse.com/982282 SUSE Bug 982282 https://bugzilla.suse.com/982544 SUSE Bug 982544 https://bugzilla.suse.com/983619 SUSE Bug 983619 https://bugzilla.suse.com/983721 SUSE Bug 983721 https://bugzilla.suse.com/983977 SUSE Bug 983977 https://bugzilla.suse.com/984148 SUSE Bug 984148 https://bugzilla.suse.com/984419 SUSE Bug 984419 https://bugzilla.suse.com/984755 SUSE Bug 984755 https://bugzilla.suse.com/985978 SUSE Bug 985978 https://bugzilla.suse.com/986362 SUSE Bug 986362 https://bugzilla.suse.com/986365 SUSE Bug 986365 https://bugzilla.suse.com/986445 SUSE Bug 986445 https://bugzilla.suse.com/986569 SUSE Bug 986569 https://bugzilla.suse.com/986572 SUSE Bug 986572 https://bugzilla.suse.com/986811 SUSE Bug 986811 https://bugzilla.suse.com/986941 SUSE Bug 986941 https://bugzilla.suse.com/987542 SUSE Bug 987542 https://bugzilla.suse.com/987565 SUSE Bug 987565 https://bugzilla.suse.com/987576 SUSE Bug 987576 https://bugzilla.suse.com/989152 SUSE Bug 989152 https://bugzilla.suse.com/990384 SUSE Bug 990384 https://bugzilla.suse.com/991608 SUSE Bug 991608 https://bugzilla.suse.com/991665 SUSE Bug 991665 https://bugzilla.suse.com/993392 SUSE Bug 993392 https://bugzilla.suse.com/993890 SUSE Bug 993890 https://bugzilla.suse.com/993891 SUSE Bug 993891 https://bugzilla.suse.com/994296 SUSE Bug 994296 https://bugzilla.suse.com/994748 SUSE Bug 994748 https://bugzilla.suse.com/994881 SUSE Bug 994881 https://bugzilla.suse.com/995968 SUSE Bug 995968 https://bugzilla.suse.com/997708 SUSE Bug 997708 https://bugzilla.suse.com/998795 SUSE Bug 998795 https://bugzilla.suse.com/999584 SUSE Bug 999584 https://bugzilla.suse.com/999600 SUSE Bug 999600 https://bugzilla.suse.com/999932 SUSE Bug 999932 https://bugzilla.suse.com/999943 SUSE Bug 999943 https://www.suse.com/security/cve/CVE-2014-9904/ SUSE CVE CVE-2014-9904 page https://www.suse.com/security/cve/CVE-2015-8956/ SUSE CVE CVE-2015-8956 page https://www.suse.com/security/cve/CVE-2015-8962/ SUSE CVE CVE-2015-8962 page https://www.suse.com/security/cve/CVE-2015-8963/ SUSE CVE CVE-2015-8963 page https://www.suse.com/security/cve/CVE-2015-8964/ SUSE CVE CVE-2015-8964 page https://www.suse.com/security/cve/CVE-2016-10088/ SUSE CVE CVE-2016-10088 page https://www.suse.com/security/cve/CVE-2016-4470/ SUSE CVE CVE-2016-4470 page https://www.suse.com/security/cve/CVE-2016-4997/ SUSE CVE CVE-2016-4997 page https://www.suse.com/security/cve/CVE-2016-5696/ SUSE CVE CVE-2016-5696 page https://www.suse.com/security/cve/CVE-2016-5828/ SUSE CVE CVE-2016-5828 page https://www.suse.com/security/cve/CVE-2016-5829/ SUSE CVE CVE-2016-5829 page https://www.suse.com/security/cve/CVE-2016-6130/ SUSE CVE CVE-2016-6130 page https://www.suse.com/security/cve/CVE-2016-6327/ SUSE CVE CVE-2016-6327 page https://www.suse.com/security/cve/CVE-2016-6480/ SUSE CVE CVE-2016-6480 page https://www.suse.com/security/cve/CVE-2016-6828/ SUSE CVE CVE-2016-6828 page https://www.suse.com/security/cve/CVE-2016-7042/ SUSE CVE CVE-2016-7042 page https://www.suse.com/security/cve/CVE-2016-7097/ SUSE CVE CVE-2016-7097 page https://www.suse.com/security/cve/CVE-2016-7425/ SUSE CVE CVE-2016-7425 page https://www.suse.com/security/cve/CVE-2016-7910/ SUSE CVE CVE-2016-7910 page https://www.suse.com/security/cve/CVE-2016-7911/ SUSE CVE CVE-2016-7911 page https://www.suse.com/security/cve/CVE-2016-7913/ SUSE CVE CVE-2016-7913 page https://www.suse.com/security/cve/CVE-2016-7914/ SUSE CVE CVE-2016-7914 page https://www.suse.com/security/cve/CVE-2016-8399/ SUSE CVE CVE-2016-8399 page https://www.suse.com/security/cve/CVE-2016-8633/ SUSE CVE CVE-2016-8633 page https://www.suse.com/security/cve/CVE-2016-8645/ SUSE CVE CVE-2016-8645 page https://www.suse.com/security/cve/CVE-2016-8658/ SUSE CVE CVE-2016-8658 page https://www.suse.com/security/cve/CVE-2016-9083/ SUSE CVE CVE-2016-9083 page https://www.suse.com/security/cve/CVE-2016-9084/ SUSE CVE CVE-2016-9084 page https://www.suse.com/security/cve/CVE-2016-9756/ SUSE CVE CVE-2016-9756 page https://www.suse.com/security/cve/CVE-2016-9793/ SUSE CVE CVE-2016-9793 page https://www.suse.com/security/cve/CVE-2016-9806/ SUSE CVE CVE-2016-9806 page https://www.suse.com/security/cve/CVE-2017-2583/ SUSE CVE CVE-2017-2583 page https://www.suse.com/security/cve/CVE-2017-2584/ SUSE CVE CVE-2017-2584 page https://www.suse.com/security/cve/CVE-2017-5551/ SUSE CVE CVE-2017-5551 page SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Server for SAP Applications 12 kernel-ec2-3.12.61-52.66.1 kernel-ec2-devel-3.12.61-52.66.1 kernel-ec2-extra-3.12.61-52.66.1 kernel-default-3.12.61-52.66.1 kernel-default-base-3.12.61-52.66.1 kernel-default-devel-3.12.61-52.66.1 kernel-devel-3.12.61-52.66.1 kernel-macros-3.12.61-52.66.1 kernel-source-3.12.61-52.66.1 kernel-syms-3.12.61-52.66.1 kernel-xen-3.12.61-52.66.1 kernel-xen-base-3.12.61-52.66.1 kernel-xen-devel-3.12.61-52.66.1 kgraft-patch-3_12_61-52_66-default-1-2.1 kgraft-patch-3_12_61-52_66-xen-1-2.1 kernel-default-man-3.12.61-52.66.1 kernel-ec2-3.12.61-52.66.1 as a component of SUSE Linux Enterprise Module for Public Cloud 12 kernel-ec2-devel-3.12.61-52.66.1 as a component of SUSE Linux Enterprise Module for Public Cloud 12 kernel-ec2-extra-3.12.61-52.66.1 as a component of SUSE Linux Enterprise Module for Public Cloud 12 kernel-default-3.12.61-52.66.1 as a component of SUSE Linux Enterprise Server 12-LTSS kernel-default-base-3.12.61-52.66.1 as a component of SUSE Linux Enterprise Server 12-LTSS kernel-default-devel-3.12.61-52.66.1 as a component of SUSE Linux Enterprise Server 12-LTSS kernel-default-man-3.12.61-52.66.1 as a component of SUSE Linux Enterprise Server 12-LTSS kernel-devel-3.12.61-52.66.1 as a component of SUSE Linux Enterprise Server 12-LTSS kernel-macros-3.12.61-52.66.1 as a component of SUSE Linux Enterprise Server 12-LTSS kernel-source-3.12.61-52.66.1 as a component of SUSE Linux Enterprise Server 12-LTSS kernel-syms-3.12.61-52.66.1 as a component of SUSE Linux Enterprise Server 12-LTSS kernel-xen-3.12.61-52.66.1 as a component of SUSE Linux Enterprise Server 12-LTSS kernel-xen-base-3.12.61-52.66.1 as a component of SUSE Linux Enterprise Server 12-LTSS kernel-xen-devel-3.12.61-52.66.1 as a component of SUSE Linux Enterprise Server 12-LTSS kgraft-patch-3_12_61-52_66-default-1-2.1 as a component of SUSE Linux Enterprise Server 12-LTSS kgraft-patch-3_12_61-52_66-xen-1-2.1 as a component of SUSE Linux Enterprise Server 12-LTSS kernel-default-3.12.61-52.66.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 kernel-default-base-3.12.61-52.66.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 kernel-default-devel-3.12.61-52.66.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 kernel-devel-3.12.61-52.66.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 kernel-macros-3.12.61-52.66.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 kernel-source-3.12.61-52.66.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 kernel-syms-3.12.61-52.66.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 kernel-xen-3.12.61-52.66.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 kernel-xen-base-3.12.61-52.66.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 kernel-xen-devel-3.12.61-52.66.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 kgraft-patch-3_12_61-52_66-default-1-2.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 kgraft-patch-3_12_61-52_66-xen-1-2.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call. CVE-2014-9904 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 moderate 4.1 AV:L/AC:M/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2014-9904.html CVE-2014-9904 https://bugzilla.suse.com/986811 SUSE Bug 986811 https://bugzilla.suse.com/986941 SUSE Bug 986941 The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket. CVE-2015-8956 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 moderate 5 AV:L/AC:M/Au:S/C:P/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2015-8956.html CVE-2015-8956 https://bugzilla.suse.com/1003925 SUSE Bug 1003925 Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call. CVE-2015-8962 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 moderate 5.9 AV:L/AC:H/Au:N/C:C/I:P/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2015-8962.html CVE-2015-8962 https://bugzilla.suse.com/1010501 SUSE Bug 1010501 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation. CVE-2015-8963 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 moderate 5.2 AV:L/AC:H/Au:N/C:P/I:P/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2015-8963.html CVE-2015-8963 https://bugzilla.suse.com/1010502 SUSE Bug 1010502 The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure. CVE-2015-8964 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 moderate 2.1 AV:N/AC:H/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2015-8964.html CVE-2015-8964 https://bugzilla.suse.com/1010507 SUSE Bug 1010507 The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576. CVE-2016-10088 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 important 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2016-10088.html CVE-2016-10088 https://bugzilla.suse.com/1013604 SUSE Bug 1013604 https://bugzilla.suse.com/1014271 SUSE Bug 1014271 https://bugzilla.suse.com/1017710 SUSE Bug 1017710 https://bugzilla.suse.com/1019079 SUSE Bug 1019079 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. CVE-2016-4470 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2016-4470.html CVE-2016-4470 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/984755 SUSE Bug 984755 https://bugzilla.suse.com/984764 SUSE Bug 984764 https://bugzilla.suse.com/991651 SUSE Bug 991651 The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement. CVE-2016-4997 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2016-4997.html CVE-2016-4997 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/986362 SUSE Bug 986362 https://bugzilla.suse.com/986365 SUSE Bug 986365 https://bugzilla.suse.com/986377 SUSE Bug 986377 https://bugzilla.suse.com/991651 SUSE Bug 991651 net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack. CVE-2016-5696 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2016-5696.html CVE-2016-5696 https://bugzilla.suse.com/1020452 SUSE Bug 1020452 https://bugzilla.suse.com/1175721 SUSE Bug 1175721 https://bugzilla.suse.com/989152 SUSE Bug 989152 The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call. CVE-2016-5828 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 moderate 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2016-5828.html CVE-2016-5828 https://bugzilla.suse.com/986569 SUSE Bug 986569 https://bugzilla.suse.com/991065 SUSE Bug 991065 Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call. CVE-2016-5829 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2016-5829.html CVE-2016-5829 https://bugzilla.suse.com/1053919 SUSE Bug 1053919 https://bugzilla.suse.com/1054127 SUSE Bug 1054127 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 https://bugzilla.suse.com/986572 SUSE Bug 986572 https://bugzilla.suse.com/986573 SUSE Bug 986573 https://bugzilla.suse.com/991651 SUSE Bug 991651 Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability. CVE-2016-6130 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 moderate 2.4 AV:L/AC:H/Au:S/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2016-6130.html CVE-2016-6130 https://bugzilla.suse.com/987542 SUSE Bug 987542 drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation. CVE-2016-6327 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 moderate 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2016-6327.html CVE-2016-6327 https://bugzilla.suse.com/994748 SUSE Bug 994748 Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability. CVE-2016-6480 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2016-6480.html CVE-2016-6480 https://bugzilla.suse.com/1004418 SUSE Bug 1004418 https://bugzilla.suse.com/991608 SUSE Bug 991608 https://bugzilla.suse.com/991667 SUSE Bug 991667 https://bugzilla.suse.com/992568 SUSE Bug 992568 The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option. CVE-2016-6828 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2016-6828.html CVE-2016-6828 https://bugzilla.suse.com/1052256 SUSE Bug 1052256 https://bugzilla.suse.com/994296 SUSE Bug 994296 The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file. CVE-2016-7042 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 moderate 4.6 AV:L/AC:L/Au:S/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2016-7042.html CVE-2016-7042 https://bugzilla.suse.com/1004517 SUSE Bug 1004517 The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. CVE-2016-7097 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 low 3 AV:L/AC:M/Au:S/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2016-7097.html CVE-2016-7097 https://bugzilla.suse.com/1021258 SUSE Bug 1021258 https://bugzilla.suse.com/1052256 SUSE Bug 1052256 https://bugzilla.suse.com/870618 SUSE Bug 870618 https://bugzilla.suse.com/995968 SUSE Bug 995968 The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. CVE-2016-7425 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2016-7425.html CVE-2016-7425 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 https://bugzilla.suse.com/999932 SUSE Bug 999932 Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed. CVE-2016-7910 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 moderate 1.2 AV:L/AC:H/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2016-7910.html CVE-2016-7910 https://bugzilla.suse.com/1010716 SUSE Bug 1010716 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 https://bugzilla.suse.com/1196722 SUSE Bug 1196722 Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call. CVE-2016-7911 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 moderate 3.3 AV:L/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2016-7911.html CVE-2016-7911 https://bugzilla.suse.com/1010711 SUSE Bug 1010711 https://bugzilla.suse.com/1010713 SUSE Bug 1010713 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. CVE-2016-7913 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2016-7913.html CVE-2016-7913 https://bugzilla.suse.com/1010478 SUSE Bug 1010478 The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite. CVE-2016-7914 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 moderate 5.4 AV:L/AC:M/Au:N/C:P/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2016-7914.html CVE-2016-7914 https://bugzilla.suse.com/1010475 SUSE Bug 1010475 An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935. CVE-2016-8399 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 moderate 3.2 AV:L/AC:L/Au:S/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2016-8399.html CVE-2016-8399 https://bugzilla.suse.com/1014746 SUSE Bug 1014746 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. CVE-2016-8633 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2016-8633.html CVE-2016-8633 https://bugzilla.suse.com/1008833 SUSE Bug 1008833 The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. CVE-2016-8645 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 moderate 4.4 AV:L/AC:M/Au:S/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2016-8645.html CVE-2016-8645 https://bugzilla.suse.com/1009969 SUSE Bug 1009969 Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket. CVE-2016-8658 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 moderate 5.4 AV:L/AC:M/Au:N/C:N/I:P/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2016-8658.html CVE-2016-8658 https://bugzilla.suse.com/1004462 SUSE Bug 1004462 drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug." CVE-2016-9083 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 low 3.5 AV:L/AC:H/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2016-9083.html CVE-2016-9083 https://bugzilla.suse.com/1007197 SUSE Bug 1007197 drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file. CVE-2016-9084 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 low 3.5 AV:L/AC:H/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2016-9084.html CVE-2016-9084 https://bugzilla.suse.com/1007197 SUSE Bug 1007197 arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2016-9756 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 moderate 1.5 AV:L/AC:M/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2016-9756.html CVE-2016-9756 https://bugzilla.suse.com/1013038 SUSE Bug 1013038 The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option. CVE-2016-9793 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 moderate 5.9 AV:L/AC:H/Au:M/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2016-9793.html CVE-2016-9793 https://bugzilla.suse.com/1013531 SUSE Bug 1013531 https://bugzilla.suse.com/1013542 SUSE Bug 1013542 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated. CVE-2016-9806 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2016-9806.html CVE-2016-9806 https://bugzilla.suse.com/1013540 SUSE Bug 1013540 https://bugzilla.suse.com/1017589 SUSE Bug 1017589 The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application. CVE-2017-2583 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 moderate 5.4 AV:A/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2017-2583.html CVE-2017-2583 https://bugzilla.suse.com/1020602 SUSE Bug 1020602 https://bugzilla.suse.com/1030573 SUSE Bug 1030573 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt. CVE-2017-2584 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 moderate 5.2 AV:A/AC:M/Au:S/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2017-2584.html CVE-2017-2584 https://bugzilla.suse.com/1019851 SUSE Bug 1019851 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097. CVE-2017-5551 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.66.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-default-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-macros-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-source-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-syms-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-base-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kernel-xen-devel-3.12.61-52.66.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-1-2.1 SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-1-2.1 low 3 AV:L/AC:M/Au:S/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/ https://www.suse.com/security/cve/CVE-2017-5551.html CVE-2017-5551 https://bugzilla.suse.com/1021258 SUSE Bug 1021258 https://bugzilla.suse.com/995968 SUSE Bug 995968