Descripción: | Summary: The remote host is missing an update for the 'kernel' package(s) announced via the referenced advisory.
Vulnerability Insight: The Linux kernel for openSUSE Leap 42.1 was updated to the 4.1.15 stable release, and also includes security and bugfixes.
The following security bugs were fixed:
- CVE-2016-0728: A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962075).
- CVE-2015-7550: A local user could have triggered a race between read and revoke in keyctl (bnc#958951).
- CVE-2015-8767: A case can occur when sctp_accept() is called by the user during a heartbeat timeout event after the 4-way handshake. Since sctp_assoc_migrate() changes both assoc- base.sk and assoc- ep, the bh_sock_lock in sctp_generate_heartbeat_event() will be taken with the listening socket but released with the new association socket. The result is a deadlock on any future attempts to take the listening socket lock. (bsc#961509)
- CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958463).
- CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190).
- CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886).
- CVE-2015-8575: Validate socket address length in sco_sock_bind() to prevent information leak (bsc#959399).
- CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[x] only disable if device has MSI(X) enabled (bsc#957990).
- CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988).
The following non-security bugs were fixed:
- ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd (bsc#958439).
- ALSA: hda - Apply click noise workaround for Thinkpads generically (bsc#958439).
- ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504).
- ALSA: hda - Flush the pending probe work at remove (boo#960710).
- ALSA: hda - Set codec to D3 at reboot/shutdown on Thinkpads (bsc#958439).
- Add Cavium Thunderx network enha ...
Description truncated, please see the referenced URL(s) for more information.
Affected Software/OS: Linux Kernel on openSUSE Leap 42.1
Solution: Please install the updated package(s).
CVSS Score: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
|