Security update for Linux Kernel Live Patch 16 for SLE 12

Announcement ID:	SUSE-SU-2016:3247-1
Rating:	important
References:	bsc#1012183 bsc#1012759
Cross-References:	CVE-2016-8655 CVE-2016-9555
CVSS scores:	CVE-2016-8655 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-8655 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-9555 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-9555 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2016-9555 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 LTSS 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2

An update that solves two vulnerabilities can now be installed.

Description:

This update for the Linux Kernel 3.12.60-52_57 fixes several issues.

The following security bugs were fixed: - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server for SAP Applications 12
  zypper in -t patch SUSE-SLE-SAP-12-2016-1808=1 SUSE-SLE-SAP-12-2016-1892=1 SUSE-SLE-SAP-12-2016-1855=1
• SUSE Linux Enterprise Server 12 LTSS 12
  zypper in -t patch SUSE-SLE-SERVER-12-2016-1855=1 SUSE-SLE-SERVER-12-2016-1808=1 SUSE-SLE-SERVER-12-2016-1892=1
• SUSE Linux Enterprise Live Patching 12
  zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1802=1 SUSE-SLE-Live-Patching-12-2016-1812=1 SUSE-SLE-Live-Patching-12-2016-1842=1 SUSE-SLE-Live-Patching-12-2016-1813=1 SUSE-SLE-Live-Patching-12-2016-1864=1 SUSE-SLE-Live-Patching-12-2016-1865=1

Package List:

• SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
  • kgraft-patch-3_12_60-52_57-xen-2-2.1
  • kgraft-patch-3_12_60-52_49-default-4-2.1
  • kgraft-patch-3_12_60-52_49-xen-4-2.1
  • kgraft-patch-3_12_60-52_57-default-2-2.1
  • kgraft-patch-3_12_60-52_54-xen-4-2.1
  • kgraft-patch-3_12_60-52_54-default-4-2.1
• SUSE Linux Enterprise Server 12 LTSS 12 (x86_64)
  • kgraft-patch-3_12_60-52_57-xen-2-2.1
  • kgraft-patch-3_12_60-52_49-default-4-2.1
  • kgraft-patch-3_12_60-52_49-xen-4-2.1
  • kgraft-patch-3_12_60-52_57-default-2-2.1
  • kgraft-patch-3_12_60-52_54-xen-4-2.1
  • kgraft-patch-3_12_60-52_54-default-4-2.1
• SUSE Linux Enterprise Live Patching 12 (x86_64)
  • kgraft-patch-3_12_59-60_45-default-5-2.1
  • kgraft-patch-3_12_59-60_41-default-5-2.1
  • kgraft-patch-3_12_62-60_64_8-default-3-2.1
  • kgraft-patch-3_12_62-60_62-default-4-2.1
  • kgraft-patch-3_12_62-60_62-xen-4-2.1
  • kgraft-patch-3_12_67-60_64_18-default-2-2.1
  • kgraft-patch-3_12_59-60_45-xen-5-2.1
  • kgraft-patch-3_12_62-60_64_8-xen-3-2.1
  • kgraft-patch-3_12_67-60_64_18-xen-2-2.1
  • kgraft-patch-3_12_59-60_41-xen-5-2.1
  • kgraft-patch-4_4_21-81-default-2-2.1

References:

• https://www.suse.com/security/cve/CVE-2016-8655.html
• https://www.suse.com/security/cve/CVE-2016-9555.html
• https://bugzilla.suse.com/show_bug.cgi?id=1012183
• https://bugzilla.suse.com/show_bug.cgi?id=1012759