File _patchinfo of Package patchinfo.3708

<patchinfo incident="3708">
  <issue id="1008831" tracker="bnc">VUL-1: CVE-2016-8632: kernel: TIPC subsystem: tipc_msg_build() doesn't validate MTU, may cause memory corruption.</issue>
  <issue id="1011685" tracker="bnc">VUL-0: CVE-2016-9555: kernel-source: net/sctp: slab-out-of-bounds in sctp_sf_ootb</issue>
  <issue id="1012754" tracker="bnc">VUL-0: EMBARGOED: CVE-2016-8655: kernel: Local root privilege packet_set_ring/timer_list</issue>
  <issue id="2016-8632" tracker="cve" />
  <issue id="2016-8655" tracker="cve" />
  <issue id="2016-9555" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>michal-m</packager>
  <reboot_needed/>
  <description>
The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various critical security fixes.

The following security bugs were fixed:

- CVE-2016-8655: A race condition in the af_packet packet_set_ring
  function could be used by local attackers to crash the kernel or gain
  privileges (bsc#1012754).
- CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in
  the Linux kernel did not validate the relationship between the minimum
  fragment length and the maximum packet size, which allowed local users to
  gain privileges or cause a denial of service (heap-based buffer overflow)
  by leveraging the CAP_NET_ADMIN capability (bnc#1008831).
- CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in
  the Linux kernel lacks chunk-length checking for the first chunk, which
  allowed remote attackers to cause a denial of service (out-of-bounds slab
  access) or possibly have unspecified other impact via crafted SCTP data
  (bnc#1011685).

</description>
<summary>Security update for the Linux Kernel</summary>
</patchinfo>