Описание
Security update for kgraft-patch-SLE12_Update_1, kgraft-patch-SLE12_Update_2
This update supplies kgraft patches to fix one security vulnerability.
CVE-2015-1421: A use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel allowed remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.
This patch supplies kgraft patches for the first kernel update and the second kernel update published for SUSE Linux Enterprise Server 12. The third kernel update contains the patch already.
Список пакетов
SUSE Linux Enterprise Live Patching 12
Ссылки
- Link for SUSE-SU-2015:0832-1
- E-Mail link for SUSE-SU-2015:0832-1
- SUSE Security Ratings
- SUSE Bug 920633
- SUSE Bug 922004
- SUSE CVE CVE-2015-1421 page
Описание
Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.
Затронутые продукты
Ссылки
- CVE-2015-1421
- SUSE Bug 1115893
- SUSE Bug 915577
- SUSE Bug 922004
- SUSE Bug 939261