Overview

File _patchinfo of Package patchinfo.5812

<patchinfo incident="5812">
  <issue id="2017-15274" tracker="cve" />
  <issue id="1045327" tracker="bnc" />
  <issue id="1057950" tracker="bnc">VUL-0: CVE-2017-1000251: kernel live patch: bluetooth l2cap remote (bluetooth) code execution</issue>
  <issue id="2017-1000251" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>mbenes</packager>
  <description>This update for the Linux Kernel 3.12.74-60_64_57 fixes one issue.

The following security bugs were fixed:

- CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327).
- CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950).
</description>
<summary>Security update for Linux Kernel Live Patch 20 for SLE 12 SP1</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places