Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 kernel was updated to receive critical security and bugfixes.
Security issue fixed:
- CVE-2016-4997: A buffer overflow in 32bit compat_setsockopt iptables handling could lead to a local privilege escalation. (bsc#986362)
The following non-security bugs were fixed:
- KVM: x86: expose invariant tsc cpuid bit (v2) (bsc#971770).
- block: do not check request size in blk_cloned_rq_check_limits() (bsc#972124).
- rbd: handle OBJ_REQUEST_SG types for copyup (bsc#983394).
- target/rbd: do not put snap_context twice (bsc#981143).
- target/rbd: remove caw_mutex usage (bsc#981143).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
kernel-default-3.12.59-60.45.2
kernel-default-devel-3.12.59-60.45.2
kernel-default-extra-3.12.59-60.45.2
kernel-devel-3.12.59-60.45.1
kernel-macros-3.12.59-60.45.1
kernel-source-3.12.59-60.45.1
kernel-syms-3.12.59-60.45.1
kernel-xen-3.12.59-60.45.2
kernel-xen-devel-3.12.59-60.45.2
SUSE Linux Enterprise Live Patching 12
kgraft-patch-3_12_59-60_45-default-1-2.3
kgraft-patch-3_12_59-60_45-xen-1-2.3
SUSE Linux Enterprise Module for Public Cloud 12
kernel-ec2-3.12.59-60.45.2
kernel-ec2-devel-3.12.59-60.45.2
kernel-ec2-extra-3.12.59-60.45.2
SUSE Linux Enterprise Server 12 SP1
kernel-default-3.12.59-60.45.2
kernel-default-base-3.12.59-60.45.2
kernel-default-devel-3.12.59-60.45.2
kernel-default-man-3.12.59-60.45.2
kernel-devel-3.12.59-60.45.1
kernel-macros-3.12.59-60.45.1
kernel-source-3.12.59-60.45.1
kernel-syms-3.12.59-60.45.1
kernel-xen-3.12.59-60.45.2
kernel-xen-base-3.12.59-60.45.2
kernel-xen-devel-3.12.59-60.45.2
SUSE Linux Enterprise Server for SAP Applications 12 SP1
kernel-default-3.12.59-60.45.2
kernel-default-base-3.12.59-60.45.2
kernel-default-devel-3.12.59-60.45.2
kernel-default-man-3.12.59-60.45.2
kernel-devel-3.12.59-60.45.1
kernel-macros-3.12.59-60.45.1
kernel-source-3.12.59-60.45.1
kernel-syms-3.12.59-60.45.1
kernel-xen-3.12.59-60.45.2
kernel-xen-base-3.12.59-60.45.2
kernel-xen-devel-3.12.59-60.45.2
SUSE Linux Enterprise Software Development Kit 12 SP1
kernel-docs-3.12.59-60.45.4
kernel-obs-build-3.12.59-60.45.3
SUSE Linux Enterprise Workstation Extension 12 SP1
kernel-default-extra-3.12.59-60.45.2
Ссылки
- Link for SUSE-SU-2016:1709-1
- E-Mail link for SUSE-SU-2016:1709-1
- SUSE Security Ratings
- SUSE Bug 971770
- SUSE Bug 972124
- SUSE Bug 981143
- SUSE Bug 983394
- SUSE Bug 986362
- SUSE CVE CVE-2016-4997 page
Описание
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:kernel-default-3.12.59-60.45.2
SUSE Linux Enterprise Desktop 12 SP1:kernel-default-devel-3.12.59-60.45.2
SUSE Linux Enterprise Desktop 12 SP1:kernel-default-extra-3.12.59-60.45.2
SUSE Linux Enterprise Desktop 12 SP1:kernel-devel-3.12.59-60.45.1
Ссылки
- CVE-2016-4997
- SUSE Bug 1020452
- SUSE Bug 986362
- SUSE Bug 986365
- SUSE Bug 986377
- SUSE Bug 991651