Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2017:2389-1
Rating:	important
References:	bsc#1000365 bsc#1000380 bsc#1012422 bsc#1013018 bsc#1015452 bsc#1023051 bsc#1029140 bsc#1029850 bsc#1030552 bsc#1030593 bsc#1030814 bsc#1032340 bsc#1032471 bsc#1034026 bsc#1034670 bsc#1035576 bsc#1035721 bsc#1035777 bsc#1035920 bsc#1036056 bsc#1036288 bsc#1036629 bsc#1037191 bsc#1037193 bsc#1037227 bsc#1037232 bsc#1037233 bsc#1037356 bsc#1037358 bsc#1037359 bsc#1037441 bsc#1038544 bsc#1038879 bsc#1038981 bsc#1038982 bsc#1039258 bsc#1039354 bsc#1039456 bsc#1039594 bsc#1039882 bsc#1039883 bsc#1039885 bsc#1040069 bsc#1040351 bsc#1041160 bsc#1041431 bsc#1041762 bsc#1041975 bsc#1042045 bsc#1042615 bsc#1042633 bsc#1042687 bsc#1042832 bsc#1042863 bsc#1043014 bsc#1043234 bsc#1043935 bsc#1044015 bsc#1044125 bsc#1044216 bsc#1044230 bsc#1044854 bsc#1044882 bsc#1044913 bsc#1045154 bsc#1045356 bsc#1045416 bsc#1045479 bsc#1045487 bsc#1045525 bsc#1045538 bsc#1045547 bsc#1045615 bsc#1046107 bsc#1046192 bsc#1046715 bsc#1047027 bsc#1047053 bsc#1047343 bsc#1047354 bsc#1047487 bsc#1047523 bsc#1047653 bsc#1048185 bsc#1048221 bsc#1048232 bsc#1048275 bsc#1049128 bsc#1049483 bsc#1049603 bsc#1049688 bsc#1049882 bsc#1050154 bsc#1050431 bsc#1051478 bsc#1051515 bsc#1051770 bsc#1055680 bsc#784815 bsc#792863 bsc#799133 bsc#909618 bsc#919382 bsc#928138 bsc#938352 bsc#943786 bsc#948562 bsc#962257 bsc#971975 bsc#972891 bsc#986924 bsc#990682 bsc#995542
Cross-References:	CVE-2014-9922 CVE-2016-10277 CVE-2017-1000363 CVE-2017-1000365 CVE-2017-1000380 CVE-2017-11176 CVE-2017-11473 CVE-2017-2647 CVE-2017-6951 CVE-2017-7482 CVE-2017-7487 CVE-2017-7533 CVE-2017-7542 CVE-2017-8890 CVE-2017-8924 CVE-2017-8925 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242
CVSS scores:	CVE-2014-9922 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-10277 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-1000363 ( SUSE ): 6.8 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-1000363 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-1000363 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-1000365 ( SUSE ): 2.9 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2017-1000365 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-1000365 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-1000380 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2017-1000380 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2017-11176 ( SUSE ): 7.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H CVE-2017-11176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-11176 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-11473 ( SUSE ): 6.4 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2017-11473 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-11473 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-2647 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-2647 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-6951 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2017-6951 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2017-7482 ( SUSE ): 6.6 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2017-7482 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-7482 ( NVD ): 7.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2017-7487 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2017-7487 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-7487 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-7533 ( SUSE ): 7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-7533 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-7533 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-7542 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-7542 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2017-8890 ( SUSE ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-8890 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-8890 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-8924 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2017-8924 ( NVD ): 4.6 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2017-8925 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-8925 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2017-9074 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2017-9074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-9074 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-9075 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2017-9075 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-9075 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-9076 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-9076 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-9076 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-9077 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2017-9077 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-9077 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-9242 ( SUSE ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-9242 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SLES for SAP Applications 11-SP4 SUSE Linux Enterprise High Availability Extension 11 SP4 SUSE Linux Enterprise Real Time Extension 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4

An update that solves 21 vulnerabilities and has 92 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2017-7482: Several missing length checks ticket decode allowing for information leak or potentially code execution (bsc#1046107).
CVE-2016-10277: Potential privilege escalation due to a missing bounds check in the lp driver. A kernel command-line adversary can overflow the parport_nr array to execute code (bsc#1039456).
CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/