Overview

File _patchinfo of Package patchinfo.1372

<patchinfo incident="1372">
  <category>security</category>
  <rating>important</rating>
  <packager>mbenes</packager>
<issue tracker="bnc" id="940338">VUL-0: CVE-2015-5707: kernel: Integer overflow in SCSI generic driver</issue>
<issue tracker="bnc" id="940342">VUL-0: CVE-2015-5707: kernel live patch: Integer overflow in SCSI generic driver</issue>
<issue tracker="bnc" id="948536">VUL-0: CVE-2015-7613: kernel: Unauthorized access to IPC objects with SysV shm</issue>
<issue tracker="bnc" id="948701">VUL-0: CVE-2015-7613: kernel live patch: Unauthorized access to IPC objects with SysV shm</issue>
<issue tracker="cve" id="CVE-2015-5707"/>
<issue tracker="cve" id="CVE-2015-7613"/>
  <summary>Security update for Linux Kernel Live Patch 5</summary>
  <description>
This kernel live patch for Linux Kernel 3.12.43-52.6.1 fixes two security issues:

- CVE-2015-7613: A race condition in the IPC object implementation in
  the Linux kernel allowed local users to gain privileges by triggering an
  ipc_addid call that leads to uid and gid comparisons against uninitialized
  data, related to msg.c, shm.c, and util.c. (bsc#948701 bsc#948536)
- CVE-2015-5707: Integer overflow in the sg_start_req function in
  drivers/scsi/sg.c in the Linux kernel allowed local users to cause a
  denial of service or possibly have unspecified other impact via a large
  iov_count value in a write request. (bsc#940342 bsc#940338)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places