Overview

File _patchinfo of Package patchinfo.1794

<patchinfo incident="1794">
  <category>security</category>
<issue tracker="bnc" id="951542"/>
<issue tracker="bnc" id="953052"/>
<issue tracker="bnc" id="954005"/>
<issue tracker="bnc" id="958601"/>
<issue tracker="cve" id="CVE-2015-2925"/>
<issue tracker="cve" id="CVE-2015-6937"/>
<issue tracker="cve" id="CVE-2015-7872"/>
<issue tracker="cve" id="CVE-2015-7990"/>
<issue tracker="cve" id="CVE-2015-8539"/>
  <rating>important</rating>
  <packager>mbenes</packager>
  <summary>Security update for kernel live patch SP1 0</summary>
  <description>
This kernel live patch for Linux Kernel 3.12.49-11.1 fixes security issues and bugs:

Security issues fixed:
- CVE-2015-8539: A negatively instantiated user key could have been used
  by a local user to leverage privileges (bnc#958601).

- CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable
  Datagram Sockets (RDS) implementation allowing a local user to cause
  system DoS. A verification was missing that the underlying transport
  exists when a connection was created. (bsc#953052)

- CVE-2015-7990: RDS: Verify the underlying transport exists before
  creating a connection, preventing possible DoS (bsc#953052).

- CVE-2015-7872: Possible crash when trying to garbage collect an
  uninstantiated keyring (bsc#951542).

Non-security bugfix were also done:
- xfs: Fix lost direct IO write in the last block (bsc#954005).
  </description>
</patchinfo>
openSUSE Build Service is sponsored by
Places