Descripción: | Summary: The remote host is missing an update for the 'kernel' package(s) announced via the referenced advisory.
Vulnerability Insight: The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2015-7550: A local user could have triggered a race between read and revoke in keyctl (bnc#958951).
- CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958463).
- CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886).
- CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988).
- CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[Ix] only disable if device has MSI(X) enabled (bsc#957990).
- CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190).
- CVE-2015-8575: Validate socket address length in sco_sock_bind() to prevent information leak (bsc#959399).
The following non-security bugs were fixed:
- ACPICA: Correctly cleanup after a ACPI table load failure (bnc#937261).
- ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504).
- Input: aiptek - fix crash on detecting device without endpoints (bnc#956708).
- Re-add copy_page_vector_to_user()
- Refresh patches.xen/xen3-patch-3.12.46-47 (bsc#959705).
- Refresh patches.xen/xen3-patch-3.9 (bsc#951155).
- Update patches.suse/btrfs-8361-Btrfs-keep-dropped-roots-in-cache-until-transaction
- .patch (bnc#935087, bnc#945649, bnc#951615).
- bcache: Add btree_insert_node() (bnc#951638).
- bcache: Add explicit keylist arg to btree_insert() (bnc#951638).
- bcache: Clean up keylist code (bnc#951638).
- bcache: Convert btree_insert_check_key() to btree_insert_node() (bnc#951638).
- bcache: Convert bucket_wait to wait_queue_head_t (bnc#951638).
- bcache: Convert try_wait to wait_queue_head_t (bnc#951638).
- bcache: Explicitly track btree node's parent (bnc#951638).
- bcache: Fix a bug when detaching (b ...
Description truncated, please see the referenced URL(s) for more information.
Affected Software/OS: kernel on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12
Solution: Please install the updated package(s).
CVSS Score: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
|