| Description: | Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.
Vulnerability Insight:
The SUSE Linux Enterprise 12 kernel was updated to 3.12.51 to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the
Linux kernel did not ensure that certain slot numbers were valid, which
allowed local users to cause a denial of service (NULL pointer
dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call
(bnc#949936).
- CVE-2015-5283: The sctp_init function in net/sctp/protocol.c in the
Linux kernel had an incorrect sequence of protocol-initialization steps,
which allowed local users to cause a denial of service (panic or memory
corruption) by creating SCTP sockets before all of the steps have
finished (bnc#947155).
- CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux
kernel did not properly handle rename actions inside a bind mount, which
allowed local users to bypass an intended container protection mechanism
by renaming a directory, related to a 'double-chroot attack (bnc#926238).
- CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS
users to cause a denial of service (host OS panic or hang) by triggering
many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).
- CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS
users to cause a denial of service (host OS panic or hang) by triggering
many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c
(bnc#953527).
- CVE-2015-7990: RDS: There was no verification that an underlying
transport exists when creating a connection, causing usage of a NULL
pointer (bsc#952384).
- CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in
the Linux kernel allowed local users to cause a denial of service (OOPS)
via crafted keyctl commands (bnc#951440).
- CVE-2015-0272: Missing checks allowed remote attackers to cause a denial
of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6
Router Advertisement (RA) message, a different vulnerability than
CVE-2015-8215 (bnc#944296).
The following non-security bugs were fixed:
- ALSA: hda - Disable 64bit address for Creative HDA controllers
(bnc#814440).
- Add PCI IDs of Intel Sunrise Point-H SATA Controller S232/236
(bsc#953796).
- Btrfs: fix file corruption and data loss after cloning inline extents
(bnc#956053).
- Btrfs: fix truncation of compressed and inlined extents (bnc#956053).
- Disable some ppc64le netfilter modules to restore the kabi (bsc#951546)
- Fix regression.
Description truncated, please see the referenced URL(s) for more information.
Affected Software/OS:
kernel on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12
Solution:
Please install the updated package(s).
CVSS Score:
6.9
CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
