File _patchinfo of Package patchinfo.976

<patchinfo incident="976">
  <category>security</category>
  <rating>important</rating>
  <packager>mbenes</packager>
<issue tracker="bnc" id="939044"/>
<issue tracker="bnc" id="939270"/>
<issue tracker="bnc" id="939273"/>
<issue tracker="bnc" id="939276"/>
<issue tracker="cve" id="CVE-2015-1805"/>
<issue tracker="cve" id="CVE-2015-4700"/>
<issue tracker="cve" id="CVE-2015-5364"/>
<issue tracker="cve" id="CVE-2015-5366"/>
  <summary>Live patch for the Linux Kernel</summary>
<description>
This update contains a kernel live patch for the 3.12.43-52.6 SUSE Linux Enterprise
Server 12 Kernel, fixing following security issues.

- CVE-2015-5364/CVE-2015-5366: Two denial of service attacks via a flood
  of UDP packets with invalid checksums were fixed that could be used
  by remote attackers to delay execution. (bsc#939276)

- CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in
  fs/pipe.c in the Linux kernel did not properly consider the side effects
  of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls,
  which allowed local users to cause a denial of service (system crash)
  or possibly gain privileges via a crafted application, aka an "I/O vector
  array overrun." (bsc#939270)

- CVE-2015-4700: A BPF Jit optimization flaw could allow local users
  to panic the kernel. (bsc#939273)
</description>
</patchinfo>
Places

File _patchinfo of Package patchinfo.976

Places
