File _patchinfo of Package patchinfo.5903

<patchinfo incident="5903">
  <issue id="1057950" tracker="bnc">VUL-0: CVE-2017-1000251: kernel live patch: bluetooth l2cap remote (bluetooth) code execution</issue>
  <issue id="1062471" tracker="bnc">VUL-1: CVE-2017-15274: kernel live patch: add_key syscall causes NULL pointer dereference</issue>
  <issue id="1053150" tracker="bnc">VUL-0: CVE-2017-12762: kernel live patch: /drivers/isdn/i4l/isdn_net.c: user-controlled buffer is copied into a localbuffer of constant size using strcpy without a length check which can cause abuffer overflow. This affects the Linux ker</issue>
  <issue id="2017-1000251" tracker="cve" />
  <issue id="2017-15274" tracker="cve" />
  <issue id="2017-12762" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>mbenes</packager>
  <description>This update for the Linux Kernel 4.4.21-69 fixes several issues.

The following security bugs were fixed:

- CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1062471).
- CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950).
- CVE-2017-12762: In drivers/isdn/i4l/isdn_net.c a user-controlled buffer was copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow (bsc#1053150).
</description>
  <summary>Security update for Linux Kernel Live Patch 0 for SLE 12 SP2</summary>
</patchinfo>