Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP1) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2017:3147-1 Final 1 1 2017-11-30T07:23:38Z current 2017-11-30T07:23:38Z 2017-11-30T07:23:38Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP1) This update for the Linux Kernel 3.12.67-60_64_24 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-SAP-12-SP1-2017-1957,SUSE-SLE-SERVER-12-SP1-2017-1957 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2017/suse-su-20173147-1/ Link for SUSE-SU-2017:3147-1 https://lists.opensuse.org/opensuse-security-announce/2017-11/msg00069.html E-Mail link for SUSE-SU-2017:3147-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1063671 SUSE Bug 1063671 https://bugzilla.suse.com/1064392 SUSE Bug 1064392 https://bugzilla.suse.com/1066471 SUSE Bug 1066471 https://bugzilla.suse.com/1066472 SUSE Bug 1066472 https://www.suse.com/security/cve/CVE-2017-13080/ SUSE CVE CVE-2017-13080 page https://www.suse.com/security/cve/CVE-2017-15649/ SUSE CVE CVE-2017-15649 page SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP1 kgraft-patch-3_12_67-60_64_24-default-10-2.1 kgraft-patch-3_12_67-60_64_24-xen-10-2.1 kgraft-patch-3_12_67-60_64_24-default-10-2.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS kgraft-patch-3_12_67-60_64_24-xen-10-2.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS kgraft-patch-3_12_67-60_64_24-default-10-2.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 kgraft-patch-3_12_67-60_64_24-xen-10-2.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. CVE-2017-13080 SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_67-60_64_24-default-10-2.1 SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_67-60_64_24-xen-10-2.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_67-60_64_24-default-10-2.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_67-60_64_24-xen-10-2.1 important 7.8 AV:A/AC:L/Au:N/C:C/I:C/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20173147-1/ https://www.suse.com/security/cve/CVE-2017-13080.html CVE-2017-13080 https://bugzilla.suse.com/1056061 SUSE Bug 1056061 https://bugzilla.suse.com/1063479 SUSE Bug 1063479 https://bugzilla.suse.com/1063667 SUSE Bug 1063667 https://bugzilla.suse.com/1063671 SUSE Bug 1063671 https://bugzilla.suse.com/1066295 SUSE Bug 1066295 https://bugzilla.suse.com/1105108 SUSE Bug 1105108 https://bugzilla.suse.com/1178872 SUSE Bug 1178872 https://bugzilla.suse.com/1179588 SUSE Bug 1179588 net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346. CVE-2017-15649 SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_67-60_64_24-default-10-2.1 SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_67-60_64_24-xen-10-2.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_67-60_64_24-default-10-2.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_67-60_64_24-xen-10-2.1 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20173147-1/ https://www.suse.com/security/cve/CVE-2017-15649.html CVE-2017-15649 https://bugzilla.suse.com/1064388 SUSE Bug 1064388 https://bugzilla.suse.com/1064392 SUSE Bug 1064392 https://bugzilla.suse.com/1087082 SUSE Bug 1087082