Overview

File _patchinfo of Package patchinfo.6165

<patchinfo incident="6165">
  <issue id="1069496" tracker="bnc">VUL-0: CVE-2017-1000405: kernel-source: huge dirty cow in THP pages</issue>
  <issue id="1069702" tracker="bnc">VUL-0: CVE-2017-16939: kernel-source: local privilege escalation with XFRM sockets</issue>
  <issue id="1070805" tracker="bnc">bzImage does not build on ppc64</issue>
  <issue id="2017-16939" tracker="cve" />
  <issue id="2017-1000405" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>tiwai</packager>
  <reboot_needed/>
  <description>

The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2017-1000405: A bug in the THP CoW support could be used by local attackers to corrupt memory of other processes and cause them to crash (bnc#1069496).
- CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bnc#1069702).

The following non-security bugs were fixed:

Fix a build issue on ppc64le systems (bsc#1070805)

</description>
<summary>Security update for the Linux Kernel</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places