Security update for Linux Kernel Live Patch 8 for SLE 12

Announcement ID:	SUSE-SU-2016:2005-1
Rating:	important
References:	bsc#955837 bsc#971793 bsc#973570 bsc#979064 bsc#979074 bsc#979078 bsc#980856 bsc#980883 bsc#983144 bsc#984764
Cross-References:	CVE-2013-7446 CVE-2015-8019 CVE-2015-8816 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-3134 CVE-2016-4470 CVE-2016-4565
CVSS scores:	CVE-2015-8816 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2015-8816 ( NVD ): 6.8 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2016-0758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-0758 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-1583 ( SUSE ): 8.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2016-1583 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-1583 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-2053 ( NVD ): 4.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2016-3134 ( NVD ): 8.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2016-4470 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2016-4565 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-4565 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 LTSS 12 SUSE Linux Enterprise Server for SAP Applications 12

An update that solves nine vulnerabilities and has one security fix can now be installed.

Description:

This update for the Linux Kernel 3.12.48-52_27 fixes several issues.

The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel did not accept a length argument, which allowed local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call (bsc#979078). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server for SAP Applications 12
  zypper in -t patch SUSE-SLE-SAP-12-2016-1175=1 SUSE-SLE-SAP-12-2016-1176=1
• SUSE Linux Enterprise Server 12 LTSS 12
  zypper in -t patch SUSE-SLE-SERVER-12-2016-1175=1 SUSE-SLE-SERVER-12-2016-1176=1

Package List:

• SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
  • kgraft-patch-3_12_51-52_31-xen-5-2.2
  • kgraft-patch-3_12_48-52_27-xen-5-2.2
  • kgraft-patch-3_12_51-52_31-default-5-2.2
  • kgraft-patch-3_12_48-52_27-default-5-2.2
• SUSE Linux Enterprise Server 12 LTSS 12 (x86_64)
  • kgraft-patch-3_12_51-52_31-xen-5-2.2
  • kgraft-patch-3_12_48-52_27-xen-5-2.2
  • kgraft-patch-3_12_51-52_31-default-5-2.2
  • kgraft-patch-3_12_48-52_27-default-5-2.2

References:

• https://www.suse.com/security/cve/CVE-2013-7446.html
• https://www.suse.com/security/cve/CVE-2015-8019.html
• https://www.suse.com/security/cve/CVE-2015-8816.html
• https://www.suse.com/security/cve/CVE-2016-0758.html
• https://www.suse.com/security/cve/CVE-2016-1583.html
• https://www.suse.com/security/cve/CVE-2016-2053.html
• https://www.suse.com/security/cve/CVE-2016-3134.html
• https://www.suse.com/security/cve/CVE-2016-4470.html
• https://www.suse.com/security/cve/CVE-2016-4565.html
• https://bugzilla.suse.com/show_bug.cgi?id=955837
• https://bugzilla.suse.com/show_bug.cgi?id=971793
• https://bugzilla.suse.com/show_bug.cgi?id=973570
• https://bugzilla.suse.com/show_bug.cgi?id=979064
• https://bugzilla.suse.com/show_bug.cgi?id=979074
• https://bugzilla.suse.com/show_bug.cgi?id=979078
• https://bugzilla.suse.com/show_bug.cgi?id=980856
• https://bugzilla.suse.com/show_bug.cgi?id=980883
• https://bugzilla.suse.com/show_bug.cgi?id=983144
• https://bugzilla.suse.com/show_bug.cgi?id=984764