Security update for Linux Kernel Live Patch 13 for SLE 12
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2016:2659-1
Final
1
1
2016-10-26T19:54:42Z
current
2016-10-26T19:54:42Z
2016-10-26T19:54:42Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for Linux Kernel Live Patch 13 for SLE 12
This update for the Linux Kernel 3.12.55-52_45 fixes several issues.
The following security bugs were fixed:
- CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004419).
- CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986377).
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
SUSE-SLE-SAP-12-2016-1563,SUSE-SLE-SERVER-12-2016-1563
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2016/suse-su-20162659-1/
Link for SUSE-SU-2016:2659-1
https://lists.suse.com/pipermail/sle-security-updates/2016-October/002370.html
E-Mail link for SUSE-SU-2016:2659-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1004419
SUSE Bug 1004419
https://bugzilla.suse.com/986377
SUSE Bug 986377
https://www.suse.com/security/cve/CVE-2016-4997/
SUSE CVE CVE-2016-4997 page
https://www.suse.com/security/cve/CVE-2016-5195/
SUSE CVE CVE-2016-5195 page
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Server for SAP Applications 12
kgraft-patch-3_12_55-52_45-default-3-2.1
kgraft-patch-3_12_55-52_45-xen-3-2.1
kgraft-patch-3_12_55-52_45-default-3-2.1 as a component of SUSE Linux Enterprise Server 12-LTSS
kgraft-patch-3_12_55-52_45-xen-3-2.1 as a component of SUSE Linux Enterprise Server 12-LTSS
kgraft-patch-3_12_55-52_45-default-3-2.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12
kgraft-patch-3_12_55-52_45-xen-3-2.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
CVE-2016-4997
SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_45-default-3-2.1
SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_45-xen-3-2.1
SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_45-default-3-2.1
SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_45-xen-3-2.1
important
6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162659-1/
https://www.suse.com/security/cve/CVE-2016-4997.html
CVE-2016-4997
https://bugzilla.suse.com/1020452
SUSE Bug 1020452
https://bugzilla.suse.com/986362
SUSE Bug 986362
https://bugzilla.suse.com/986365
SUSE Bug 986365
https://bugzilla.suse.com/986377
SUSE Bug 986377
https://bugzilla.suse.com/991651
SUSE Bug 991651
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
CVE-2016-5195
SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_45-default-3-2.1
SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_45-xen-3-2.1
SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_45-default-3-2.1
SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_45-xen-3-2.1
important
6.6
AV:L/AC:M/Au:S/C:C/I:C/A:C
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162659-1/
https://www.suse.com/security/cve/CVE-2016-5195.html
CVE-2016-5195
https://bugzilla.suse.com/1004418
SUSE Bug 1004418
https://bugzilla.suse.com/1004419
SUSE Bug 1004419
https://bugzilla.suse.com/1004436
SUSE Bug 1004436
https://bugzilla.suse.com/1006323
SUSE Bug 1006323
https://bugzilla.suse.com/1006695
SUSE Bug 1006695
https://bugzilla.suse.com/1007291
SUSE Bug 1007291
https://bugzilla.suse.com/1008110
SUSE Bug 1008110
https://bugzilla.suse.com/1030118
SUSE Bug 1030118
https://bugzilla.suse.com/1046453
SUSE Bug 1046453
https://bugzilla.suse.com/1069496
SUSE Bug 1069496
https://bugzilla.suse.com/1149725
SUSE Bug 1149725
https://bugzilla.suse.com/870618
SUSE Bug 870618
https://bugzilla.suse.com/986445
SUSE Bug 986445
https://bugzilla.suse.com/998689
SUSE Bug 998689