Overview

File _patchinfo of Package patchinfo.528

<patchinfo incident="528">
 <issue id="922004" tracker="bnc">VUL-0: CVE-2015-1421: kernel: net: sctp: slab corruption from use after free on INIT collisions</issue>
  <issue id="920633" tracker="bnc">Make kgraft-patch GIT id visible in package description</issue>
  <issue id="CVE-2015-1421" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>mbenes</packager>
  <description>
This update supplies kgraft patches to fix one security vulnerability.

CVE-2015-1421: A use-after-free vulnerability in the sctp_assoc_update
function in net/sctp/associola.c in the Linux kernel allowed remote
attackers to cause a denial of service (slab corruption and panic) or
possibly have unspecified other impact by triggering an INIT collision
that leads to improper handling of shared-key data.

This patch supplies kgraft patches for the first kernel update and the second kernel
update published for SUSE Linux Enterprise Server 12. The third kernel update contains
the patch already.
</description>
  <summary>Security update for kgraft-patch-SLE12_Update_1, kgraft-patch-SLE12_Update_2</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places