Details
-
Bug
-
Resolution: Fixed
-
Minor
-
None
-
None
-
None
-
3
-
9223372036854775807
Description
The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various critical security fixes.
The following security bugs were fixed:
- CVE-2016-8655: A race condition in the af_packet packet_set_ring
function could be used by local attackers to crash the kernel or gain
privileges (bsc#1012754). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in
the Linux kernel did not validate the relationship between the minimum
fragment length and the maximum packet size, which allowed local users to
gain privileges or cause a denial of service (heap-based buffer overflow)
by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in
the Linux kernel lacks chunk-length checking for the first chunk, which
allowed remote attackers to cause a denial of service (out-of-bounds slab
access) or possibly have unspecified other impact via crafted SCTP data
(bnc#1011685).