Security update for the Linux Kernel
| Announcement ID: | SUSE-SU-2016:1772-1 |
|---|---|
| Rating: | important |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves three vulnerabilities can now be installed.
Description:
The SUSE Linux Enterprise 12 SP2 kernel was updated to receive critical security fixes.
The following security bugs were fixed:
- CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012754).
- CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831).
- CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685).
Special Instructions and Notes:
- Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP2
zypper in -t patch SUSE-SLE-BSK-12-SP2-2016-1772=1 -
SUSE Linux Enterprise Desktop 12 SP2
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1772=1 -
SUSE Linux Enterprise High Availability Extension 12 SP2
zypper in -t patch SUSE-SLE-HA-12-SP2-2016-1772=1 -
SUSE Linux Enterprise Server for SAP Applications 12 SP2
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1772=1 SUSE-SLE-HA-12-SP2-2016-1772=1 -
SUSE Linux Enterprise Live Patching 12
zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1772=1 -
SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2
zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1772=1 -
SUSE Linux Enterprise Software Development Kit 12 12-SP2
zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1772=1 -
SUSE Linux Enterprise High Performance Computing 12 SP2
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1772=1 -
SUSE Linux Enterprise Server 12 SP2
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1772=1 -
SUSE Linux Enterprise Workstation Extension 12 SP2
zypper in -t patch SUSE-SLE-WE-12-SP2-2016-1772=1
Package List:
-
SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP2 (nosrc s390x)
- kernel-zfcpdump-4.4.21-84.1
-
SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP2 (s390x)
- kernel-zfcpdump-debuginfo-4.4.21-84.1
- kernel-zfcpdump-debugsource-4.4.21-84.1
-
SUSE Linux Enterprise Desktop 12 SP2 (nosrc x86_64)
- kernel-default-4.4.21-84.1
-
SUSE Linux Enterprise Desktop 12 SP2 (x86_64)
- kernel-default-extra-debuginfo-4.4.21-84.1
- kernel-default-debuginfo-4.4.21-84.1
- kernel-default-debugsource-4.4.21-84.1
- kernel-default-devel-4.4.21-84.1
- kernel-syms-4.4.21-84.1
- kernel-default-extra-4.4.21-84.1
-
SUSE Linux Enterprise Desktop 12 SP2 (noarch)
- kernel-macros-4.4.21-84.1
- kernel-source-4.4.21-84.1
- kernel-devel-4.4.21-84.1
-
SUSE Linux Enterprise High Availability Extension 12 SP2 (ppc64le s390x x86_64)
- cluster-md-kmp-default-4.4.21-84.1
- dlm-kmp-default-4.4.21-84.1
- kernel-default-debuginfo-4.4.21-84.1
- cluster-network-kmp-default-debuginfo-4.4.21-84.1
- kernel-default-debugsource-4.4.21-84.1
- ocfs2-kmp-default-4.4.21-84.1
- gfs2-kmp-default-debuginfo-4.4.21-84.1
- cluster-md-kmp-default-debuginfo-4.4.21-84.1
- cluster-network-kmp-default-4.4.21-84.1
- dlm-kmp-default-debuginfo-4.4.21-84.1
- ocfs2-kmp-default-debuginfo-4.4.21-84.1
- gfs2-kmp-default-4.4.21-84.1
-
SUSE Linux Enterprise High Availability Extension 12 SP2 (nosrc)
- kernel-default-4.4.21-84.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP2 (ppc64le x86_64)
- cluster-md-kmp-default-4.4.21-84.1
- dlm-kmp-default-4.4.21-84.1
- kernel-default-base-4.4.21-84.1
- kernel-default-debuginfo-4.4.21-84.1
- cluster-network-kmp-default-debuginfo-4.4.21-84.1
- kernel-default-debugsource-4.4.21-84.1
- ocfs2-kmp-default-4.4.21-84.1
- gfs2-kmp-default-debuginfo-4.4.21-84.1
- kernel-default-base-debuginfo-4.4.21-84.1
- cluster-md-kmp-default-debuginfo-4.4.21-84.1
- cluster-network-kmp-default-4.4.21-84.1
- dlm-kmp-default-debuginfo-4.4.21-84.1
- ocfs2-kmp-default-debuginfo-4.4.21-84.1
- kernel-default-devel-4.4.21-84.1
- kernel-syms-4.4.21-84.1
- gfs2-kmp-default-4.4.21-84.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP2 (nosrc ppc64le x86_64)
- kernel-default-4.4.21-84.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP2 (noarch)
- kernel-macros-4.4.21-84.1
- kernel-source-4.4.21-84.1
- kernel-devel-4.4.21-84.1
-
SUSE Linux Enterprise Live Patching 12 (x86_64)
- kgraft-patch-4_4_21-84-default-1-2.1
-
SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 (aarch64 nosrc)
- kernel-default-4.4.21-84.1
-
SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 (aarch64)
- kernel-default-base-4.4.21-84.1
- kernel-default-debuginfo-4.4.21-84.1
- kernel-default-debugsource-4.4.21-84.1
- kernel-default-base-debuginfo-4.4.21-84.1
- kernel-default-devel-4.4.21-84.1
- kernel-syms-4.4.21-84.1
-
SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 (noarch)
- kernel-macros-4.4.21-84.1
- kernel-source-4.4.21-84.1
- kernel-devel-4.4.21-84.1
-
SUSE Linux Enterprise Software Development Kit 12 12-SP2 (noarch)
- kernel-docs-4.4.21-84.3
-
SUSE Linux Enterprise Software Development Kit 12 12-SP2 (aarch64 ppc64le s390x x86_64)
- kernel-obs-build-4.4.21-84.1
- kernel-obs-build-debugsource-4.4.21-84.1
-
SUSE Linux Enterprise High Performance Computing 12 SP2 (aarch64 nosrc x86_64)
- kernel-default-4.4.21-84.1
-
SUSE Linux Enterprise High Performance Computing 12 SP2 (aarch64 x86_64)
- kernel-default-base-4.4.21-84.1
- kernel-default-debuginfo-4.4.21-84.1
- kernel-default-debugsource-4.4.21-84.1
- kernel-default-base-debuginfo-4.4.21-84.1
- kernel-default-devel-4.4.21-84.1
- kernel-syms-4.4.21-84.1
-
SUSE Linux Enterprise High Performance Computing 12 SP2 (noarch)
- kernel-macros-4.4.21-84.1
- kernel-source-4.4.21-84.1
- kernel-devel-4.4.21-84.1
-
SUSE Linux Enterprise Server 12 SP2 (aarch64 ppc64le s390x x86_64 nosrc)
- kernel-default-4.4.21-84.1
-
SUSE Linux Enterprise Server 12 SP2 (aarch64 ppc64le s390x x86_64)
- kernel-default-base-4.4.21-84.1
- kernel-default-debuginfo-4.4.21-84.1
- kernel-default-debugsource-4.4.21-84.1
- kernel-default-base-debuginfo-4.4.21-84.1
- kernel-default-devel-4.4.21-84.1
- kernel-syms-4.4.21-84.1
-
SUSE Linux Enterprise Server 12 SP2 (noarch)
- kernel-macros-4.4.21-84.1
- kernel-source-4.4.21-84.1
- kernel-devel-4.4.21-84.1
-
SUSE Linux Enterprise Server 12 SP2 (s390x)
- kernel-default-man-4.4.21-84.1
-
SUSE Linux Enterprise Workstation Extension 12 SP2 (nosrc)
- kernel-default-4.4.21-84.1
-
SUSE Linux Enterprise Workstation Extension 12 SP2 (x86_64)
- kernel-default-debuginfo-4.4.21-84.1
- kernel-default-extra-debuginfo-4.4.21-84.1
- kernel-default-debugsource-4.4.21-84.1
- kernel-default-extra-4.4.21-84.1
References:
- https://www.suse.com/security/cve/CVE-2016-8632.html
- https://www.suse.com/security/cve/CVE-2016-8655.html
- https://www.suse.com/security/cve/CVE-2016-9555.html
- https://bugzilla.suse.com/show_bug.cgi?id=1008831
- https://bugzilla.suse.com/show_bug.cgi?id=1011685
- https://bugzilla.suse.com/show_bug.cgi?id=1012754