File _patchinfo of Package patchinfo.13008

<patchinfo incident="13008">
  <issue id="1144903" tracker="bnc">VUL-0: EMBARGOED: CVE-2019-10220: kernel-source: Samba servers can inject relative paths in directory entry lists</issue>
  <issue id="1153158" tracker="bnc">VUL-0: CVE-2019-17133: kernel-source: cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.</issue>
  <issue id="1149841" tracker="bnc">initial kernel live patch for SLE 15 SP2 fails to load</issue>
  <issue id="1153108" tracker="bnc">VUL-0: EMBARGOED: CVE-2019-10220: kernel live patch: Samba servers can inject relative paths in directory entry lists</issue>
  <issue id="1153161" tracker="bnc">VUL-0: CVE-2019-17133: kernel live patch: cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.</issue>
  <issue id="2019-10220" tracker="cve" />
  <issue id="2019-17133" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>nstange</packager>
  <description>This update for the Linux Kernel 4.12.14-150_35 fixes several issues.

The following security issues were fixed:

- CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108).
- CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158).
</description>
<summary>Security update for the Linux Kernel (Live Patch 14 for SLE 15)</summary>
</patchinfo>