{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for the Linux Kernel","title":"Title of the patch"},{"category":"description","text":"\nThe SLE-11 SP4 kernel was updated to 3.0.101.rt130-68 to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2017-5551: The simple_set_acl function in fs/posix_acl.c in the Linux kernel preserved the setgid bit during\n  a setxattr call involving a tmpfs filesystem, which allowed local users to gain group privileges by leveraging the\n  existence of a setgid program with restrictions on execute permissions.  NOTE: this vulnerability exists because of\n  an incomplete fix for CVE-2016-7097 (bnc#1021258).\n- CVE-2016-7097: posix_acl: Clear SGID bit when setting file permissions (bsc#995968).\n- CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations\n  where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or\n  cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and \n  drivers/scsi/sg.c.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710).\n- CVE-2016-5696: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and\n  cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet,\n  especially in protocols that use long-lived connections, such as BGP (bnc#989152).\n- CVE-2015-1350: Denial of service in notify_change for filesystem xattrs (bsc#914939).\n- CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship\n  between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause\n  a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831).\n- CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could have enabled a local\n  malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate\n  because it first requires compromising a privileged process and current compiler optimizations restrict access to the\n  vulnerable code. (bnc#1014746).\n- CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of \n  sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash)\n  or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system\n  call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531).\n- CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux\n  kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed\n  local users to cause a denial of service (memory corruption and system crash)\n  or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN\n  capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2)\n  SO_RCVBUF option (bnc#1013542).\n- CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly\n  initialize Code Segment (CS) in certain error cases, which allowed local users\n  to obtain sensitive information from kernel stack memory via a crafted\n  application (bnc#1013038).\n- CVE-2016-9576: splice: introduce FMODE_SPLICE_READ and FMODE_SPLICE_WRITE  (bsc#1013604)\n- CVE-2016-9794: ALSA: pcm : Call kill_fasync() in stream lock (bsc#1013533)\n- CVE-2016-3841: KABI workaround for ipv6: add complete rcu protection around  np->opt (bsc#992566).\n- CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c\n  in the Linux kernel allowed local users to cause a denial of service (memory\n  consumption) via crafted XFS filesystem operations (bnc#1012832).\n- CVE-2015-8962: Double free vulnerability in the sg_common_write function in\n  drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or\n  cause a denial of service (memory corruption and system crash) by detaching a\n  device during an SG_IO ioctl call (bnc#1010501).\n- CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the\n  Linux kernel lacks chunk-length checking for the first chunk, which allowed\n  remote attackers to cause a denial of service (out-of-bounds slab access) or\n  possibly have unspecified other impact via crafted SCTP data (bnc#1011685).\n  - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in\n  block/genhd.c in the Linux kernel allowed local users to gain privileges by\n  leveraging the execution of a certain stop operation even if the corresponding\n  start operation had failed (bnc#1010716).\n- CVE-2016-7911: Race condition in the get_task_ioprio function in\n  block/ioprio.c in the Linux kernel allowed local users to gain privileges or\n  cause a denial of service (use-after-free) via a crafted ioprio_get system call\n  (bnc#1010711).\n- CVE-2013-6368: The KVM subsystem in the Linux kernel allowed local users to\n  gain privileges or cause a denial of service (system crash) via a VAPIC\n  synchronization operation involving a page-end address (bnc#853052).\n- CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c\n  in the Linux kernel allowed local users to obtain sensitive information from\n  kernel memory by reading a tty data structure (bnc#1010507).\n- CVE-2016-7916: Revert 'proc: prevent accessing /proc/<PID>/environ until it's ready (bsc#1010467)'\n- CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux\n  kernel allowed local users to cause a denial of service (OOPS) by attempting to\n  trigger use of in-kernel hash algorithms for a socket that has received zero\n  bytes of data (bnc#1010150).\n- CVE-2016-8633: drivers/firewire/net.c in the Linux kernel before 4.8.7, in\n  certain unusual hardware configurations, allowed remote attackers to execute\n  arbitrary code via crafted fragmented packets (bnc#1008833).\n- CVE-2016-7042: KEYS: Fix short sprintf buffer in /proc/keys show function  (bsc#1004517).\n- CVE-2015-8956: Bluetooth: Fix potential NULL dereference in RFCOMM bind  callback (bsc#1003925).\n- CVE-2016-7117: net: Fix use after free in the recvmmsg exit path (bsc#1003077).\n\nThe following non-security bugs were fixed:\n\n- blacklist.conf: 45f13df be2net: Enable Wake-On-LAN from shutdown for Skyhawk\n- blacklist.conf: c9cc599 net/mlx4_core: Fix QUERY FUNC CAP flags\n\n- 8250_pci: Fix potential use-after-free in error path (bsc#1013070).\n- IB/mlx4: Fix error flow when sending mads under SRIOV (bsc#786036).\n- IB/mlx4: Fix incorrect MC join state bit-masking on SR-IOV (bsc#786036).\n- IB/mlx4: Fix memory leak if QP creation failed (bsc#786036).\n- IB/mlx4: Fix potential deadlock when sending mad to wire (bsc#786036).\n- IB/mlx4: Forbid using sysfs to change RoCE pkeys (bsc#786036).\n- IB/mlx4: Use correct subnet-prefix in QP1 mads under SR-IOV (bsc#786036).\n- apparmor: fix IRQ stack overflow during free_profile (bsc#1009875).\n- arch/powerpc: Remove duplicate/redundant Altivec entries (bsc#967716).\n- be2net: Do not leak iomapped memory on removal (bug#925065).\n- block_dev: do not test bdev->bd_contains when it is not stable (bsc#1008557).\n- bna: Add synchronization for tx ring (bsc#993739).\n- bnx2x: Correct ringparam estimate when DOWN (bsc#1020214).\n- bnx2x: fix lockdep splat (bsc#908684).\n- cifs: revert fs/cifs: fix wrongly prefixed path to root (bsc#963655)\n- config.conf: add bigmem flavour on ppc64\n- cpumask, nodemask: implement cpumask/nodemask_pr_args() (bnc1003866).\n- cpumask_set_cpu_local_first => cpumask_local_spread, lament (bug#919382).\n- crypto: add ghash-generic in the supported.conf(bsc#1016824)\n- crypto: aesni - Add support for 192 & 256 bit keys to AESNI RFC4106 (bsc#913387, #bsc1016831).\n- dm space map metadata: fix sm_bootstrap_get_nr_blocks()\n- dm thin: fix race condition when destroying thin pool workqueue\n- dm: do not call dm_sync_table() when creating new devices (bnc#901809, bsc#1008893).\n- drm/mgag200: Added support for the new deviceID for G200eW3 (bnc#1019348)\n- ext3: Avoid premature failure of ext3_has_free_blocks() (bsc#1016668).\n- ext4: do not leave i_crtime.tv_sec uninitialized (bsc#1013018).\n- ext4: fix reference counting bug on block allocation error (bsc#1013018).\n- fs/cifs: Compare prepaths when comparing superblocks (bsc#799133).\n- fs/cifs: Fix memory leaks in cifs_do_mount() (bsc#799133).\n- fs/cifs: Fix regression which breaks DFS mounting (bsc#799133).\n- fs/cifs: Move check for prefix path to within cifs_get_root() (bsc#799133).\n- fs/cifs: cifs_get_root shouldn't use path with tree name (bsc#963655, bsc#979681).\n- fs/cifs: make share unaccessible at root level mountable (bsc#799133).\n- futex: Acknowledge a new waiter in counter before plist (bsc#851603).\n- futex: Drop refcount if requeue_pi() acquired the rtmutex (bsc#851603).\n- hpilo: Add support for iLO5 (bsc#999101).\n- hv: do not lose pending heartbeat vmbus packets (bnc#1006919).\n- hv: vmbus: avoid scheduling in interrupt context in vmbus_initiate_unload() (bnc#986337).\n- hv: vmbus: avoid wait_for_completion() on crash (bnc#986337).\n- hv: vmbus: do not loose HVMSG_TIMER_EXPIRED messages (bnc#986337).\n- hv: vmbus: do not send CHANNELMSG_UNLOAD on pre-Win2012R2 hosts (bnc#986337).\n- hv: vmbus: handle various crash scenarios (bnc#986337).\n- hv: vmbus: remove code duplication in message handling (bnc#986337).\n- hv: vss: run only on supported host versions (bnc#986337).\n- i40e: fix an uninitialized variable bug (bsc#909484).\n- ibmveth: calculate gso_segs for large packets (bsc#1019165, bsc#1019148).\n- ibmveth: set correct gso_size and gso_type (bsc#1019165, bsc#1019148).\n- igb: Enable SR-IOV configuration via PCI sysfs interface (bsc#909491).\n- igb: Fix NULL assignment to incorrect variable in igb_reset_q_vector (bsc#795297).\n- igb: Fix oops caused by missing queue pairing (bsc#909491).\n- igb: Fix oops on changing number of rings (bsc#909491).\n- igb: Remove unnecessary flag setting in igb_set_flag_queue_pairs() (bsc#909491).\n- igb: Unpair the queues when changing the number of queues (bsc#909491).\n- ipv6: replacing a rt6_info needs to purge possible propagated rt6_infos too (bsc#865783).\n- kabi-fix for flock_owner addition (bsc#998689).\n- kexec: add a kexec_crash_loaded() function (bsc#973691).\n- kvm: APIC: avoid instruction emulation for EOI writes (bsc#989680).\n- kvm: Distangle eventfd code from irqchip (bsc#989680).\n- kvm: Iterate over only vcpus that are preempted (bsc#989680).\n- kvm: Record the preemption status of vcpus using preempt notifiers (bsc#989680).\n- kvm: VMX: Pass vcpu to __vmx_complete_interrupts (bsc#989680).\n- kvm: fold kvm_pit_timer into kvm_kpit_state (bsc#989680).\n- kvm: make processes waiting on vcpu mutex killable (bsc#989680).\n- kvm: nVMX: Add preemption timer support (bsc#989680).\n- kvm: remove a wrong hack of delivery PIT intr to vcpu0 (bsc#989680).\n- kvm: use symbolic constant for nr interrupts (bsc#989680).\n- kvm: x86: Remove support for reporting coalesced APIC IRQs (bsc#989680).\n- kvm: x86: Run PIT work in own kthread (bsc#989680).\n- kvm: x86: limit difference between kvmclock updates (bsc#989680).\n- kvm: x86: only channel 0 of the i8254 is linked to the HPET (bsc#960689).\n- lib/vsprintf: implement bitmap printing through '%*pb[l]' (bnc#1003866).\n- libata: introduce ata_host->n_tags to avoid oops on SAS controllers (bsc#871728).\n- libata: remove n_tags to avoid kABI breakage (bsc#871728).\n- libata: support the ata host which implements a queue depth less than 32 (bsc#871728)\n- libfc: Do not take rdata->rp_mutex when processing a -FC_EX_CLOSED ELS response (bsc#962846).\n- libfc: Fixup disc_mutex handling (bsc#962846).\n- libfc: Issue PRLI after a PRLO has been received (bsc#962846).\n- libfc: Revisit kref handling (bnc#990245).\n- libfc: Update rport reference counting (bsc#953233).\n- libfc: do not send ABTS when resetting exchanges (bsc#962846).\n- libfc: fixup locking of ptp_setup() (bsc#962846).\n- libfc: reset exchange manager during LOGO handling (bsc#962846).\n- libfc: send LOGO for PLOGI failure (bsc#962846).\n- locking/mutex: Explicitly mark task as running after wakeup (bsc#1012411).\n- md/raid10: Fix memory leak when raid10 reshape completes\n- md/raid10: always set reshape_safe when initializing reshape_position\n- md: Drop sending a change uevent when stopping (bsc#1003568).\n- md: check command validity early in md_ioctl() (bsc#1004520).\n- md: fix problem when adding device to read-only array with bitmap (bnc#771065).\n- memstick: mspro_block: add missing curly braces (bsc#1016688).\n- mlx4: add missing braces in verify_qp_parameters (bsc#786036).\n- mm, vmscan: Do not wait for page writeback for GFP_NOFS allocations (bnc#763198).\n- mm/memory.c: actually remap enough memory (bnc#1005903).\n- mm/memory_hotplug.c: check for missing sections in test_pages_in_a_zone() (bnc#961589).\n- mm: fix crashes from mbind() merging vmas (bnc#1005877).\n- mm: fix sleeping function warning from __put_anon_vma (bnc#1005857).\n- dcache: move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon) (bsc#984194).\n- mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (bsc#1011820).\n- mremap: enforce rmap src/dst vma ordering in case of vma_merge() succeeding in copy_vma() (bsc#1008645).\n- mshyperv: fix recognition of Hyper-V guest crash MSR's (bnc#986337).\n- net/mlx4: Copy/set only sizeof struct mlx4_eqe bytes (bsc#786036).\n- net/mlx4_core: Allow resetting VF admin mac to zero (bsc#919382).\n- net/mlx4_core: Avoid returning success in case of an error flow (bsc#786036).\n- net/mlx4_core: Do not BUG_ON during reset when PCI is offline (bsc#924708).\n- net/mlx4_core: Do not access comm channel if it has not yet been initialized (bsc#924708 bsc#786036).\n- net/mlx4_core: Fix error message deprecation for ConnectX-2 cards (bug#919382).\n- net/mlx4_core: Fix the resource-type enum in res tracker to conform to FW spec (bsc#786036).\n- net/mlx4_core: Implement pci_resume callback (bsc#924708).\n- net/mlx4_core: Update the HCA core clock frequency after INIT_PORT (bug#919382).\n- net/mlx4_en: Choose time-stamping shift value according to HW frequency (bsc#919382).\n- net/mlx4_en: Fix HW timestamp init issue upon system startup (bsc#919382).\n- net/mlx4_en: Fix potential deadlock in port statistics flow (bsc#786036).\n- net/mlx4_en: Move filters cleanup to a proper location (bsc#786036).\n- net/mlx4_en: Remove dependency between timestamping capability and service_task (bsc#919382).\n- net/mlx4_en: fix spurious timestamping callbacks (bsc#919382).\n- netfilter: ipv4: defrag: set local_df flag on defragmented skb (bsc#907611).\n- netfront: do not truncate grant references.\n- netvsc: fix incorrect receive checksum offloading (bnc#1006917).\n- nfs4: reset states to use open_stateid when returning delegation voluntarily (bsc#1007944).\n- nfs: Fix an LOCK/OPEN race when unlinking an open file (bsc#956514).\n- nfsv4.1: Fix an NFSv4.1 state renewal regression (bnc#863873).\n- nfsv4: Cap the transport reconnection timer at 1/2 lease period (bsc#1014410).\n- nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410).\n- nfsv4: Handle timeouts correctly when probing for lease validity (bsc#1014410).\n- nfsv4: add flock_owner to open context (bnc#998689).\n- nfsv4: change nfs4_do_setattr to take an open_context instead of a nfs4_state (bnc#998689).\n- nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of lock_owner (bnc#998689).\n- nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is one (bnc#998689).\n- nvme: Automatic namespace rescan (bsc#1017686).\n- nvme: Metadata format support (bsc#1017686).\n- ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783).\n- oom: print nodemask in the oom report (bnc#1003866).\n- pci_ids: Add PCI device ID functions 3 and 4 for newer F15h models\n- pm / hibernate: Fix rtree_next_node() to avoid walking off list ends (bnc#860441).\n- posix-timers: Remove remaining uses of tasklist_lock (bnc#997401).\n- posix-timers: Use sighand lock instead of tasklist_lock for task clock sample (bnc#997401).\n- posix-timers: Use sighand lock instead of tasklist_lock on timer deletion (bnc#997401).\n- powerpc/64: Fix incorrect return value from __copy_tofrom_user (bsc#1005896).\n- powerpc/MSI: Fix race condition in tearing down MSI interrupts (bsc#1010201, [2016-10-04] Pending Base Kernel Fixes).\n- powerpc/mm/hash64: Fix subpage protection with 4K HPTE config (bsc#1010201, [2016-10-04] Pending Base Kernel Fixes).\n- powerpc/mm: Add 64TB support (bsc#928138,fate#319026).\n- powerpc/mm: Change the swap encoding in pte (bsc#973203).\n- powerpc/mm: Convert virtual address to vpn (bsc#928138,fate#319026).\n- powerpc/mm: Fix hash computation function (bsc#928138,fate#319026).\n- powerpc/mm: Increase the slice range to 64TB (bsc#928138,fate#319026).\n- powerpc/mm: Make KERN_VIRT_SIZE not dependend on PGTABLE_RANGE (bsc#928138,fate#319026).\n- powerpc/mm: Make some of the PGTABLE_RANGE dependency explicit (bsc#928138,fate#319026).\n- powerpc/mm: Replace open coded CONTEXT_BITS value (bsc#928138,fate#319026).\n- powerpc/mm: Simplify hpte_decode (bsc#928138,fate#319026).\n- powerpc/mm: Update VSID allocation documentation (bsc#928138,fate#319026).\n- powerpc/mm: Use 32bit array for slb cache (bsc#928138,fate#319026).\n- powerpc/mm: Use hpt_va to compute virtual address (bsc#928138,fate#319026).\n- powerpc/mm: Use the required number of VSID bits in slbmte (bsc#928138,fate#319026).\n- powerpc/numa: Fix multiple bugs in memory_hotplug_max() (bsc#1010201, [2016-10-04] Pending Base Kernel Fixes).\n- powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec (bsc#1003813).\n- powerpc: Add ability to build little endian kernels (bsc#967716).\n- powerpc: Avoid load of static chain register when calling nested functions through a pointer on 64bit (bsc#967716).\n- powerpc: Build fix for powerpc KVM (bsc#928138,fate#319026).\n- powerpc: Do not build assembly files with ABIv2 (bsc#967716).\n- powerpc: Do not use ELFv2 ABI to build the kernel (bsc#967716).\n- powerpc: Fix 64 bit builds with binutils 2.24 (bsc#967716).\n- powerpc: Fix error when cross building TAGS & cscope (bsc#967716).\n- powerpc: Make VSID_BITS* dependency explicit (bsc#928138,fate#319026).\n- powerpc: Make the vdso32 also build big-endian (bsc#967716).\n- powerpc: Move kdump default base address to half RMO size on 64bit (bsc#1003344).\n- powerpc: Remove altivec fix for gcc versions before 4.0 (bsc#967716).\n- powerpc: Remove buggy 9-year-old test for binutils < 2.12.1 (bsc#967716).\n- powerpc: Rename USER_ESID_BITS* to ESID_BITS* (bsc#928138,fate#319026).\n- powerpc: Require gcc 4.0 on 64-bit (bsc#967716).\n- powerpc: Update kernel VSID range (bsc#928138,fate#319026).\n- powerpc: blacklist fixes for unsupported subarchitectures ppc32 only: 6e0fdf9af216 powerpc: fix typo 'CONFIG_PMAC'\n  obscure hardware: f7e9e3583625 powerpc: Fix missing L2 cache size in /sys/devices/system/cpu\n- powerpc: dtc is required to build dtb files (bsc#967716).\n- powerpc: fix typo 'CONFIG_PPC_CPU' (bsc#1010201, [2016-10-04] Pending Base Kernel Fixes).\n- powerpc: scan_features() updates incorrect bits for REAL_LE (bsc#1010201, [2016-10-04] Pending Base Kernel Fixes).\n- printk/sched: Introduce special printk_sched() for those awkward (bsc#1013042, bsc#996541, bsc#1015878).\n- ptrace: __ptrace_may_access() should not deny sub-threads (bsc#1012851).\n- qlcnic: fix a loop exit condition better (bsc#909350).\n- qlcnic: fix a timeout loop (bsc#909350)\n- qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag() (bnc#800999).\n- reiserfs: fix race in prealloc discard (bsc#987576).\n- rpm/constraints.in: Bump ppc64 disk requirements to fix OBS builds again\n- rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422)\n- rpm/package-descriptions: add -bigmem description\n- rt2x00: fix rfkill regression on rt2500pci (bnc#748806).\n- s390/cio: fix accidental interrupt enabling during resume (bnc#1003677, LTC#147606).\n- s390/time: LPAR offset handling (bnc#1003677, LTC#146920).\n- s390/time: move PTFF definitions (bnc#1003677, LTC#146920).\n- scsi: lpfc: Set elsiocb contexts to NULL after freeing it (bsc#996557).\n- scsi: lpfc: avoid double free of resource identifiers (bsc#989896).\n- scsi: zfcp: spin_lock_irqsave() is not nestable (bsc#1003677,LTC#147374).\n- scsi_error: count medium access timeout only once per EH run (bsc#993832).\n- scsi_error: fixup crash in scsi_eh_reset (bsc#993832)\n- serial: 8250_pci: Detach low-level driver during PCI error recovery (bsc#1013070).\n- sfc: on MC reset, clear PIO buffer linkage in TXQs (bsc#909618).\n- softirq: sirq threads raising another sirq delegate to the proper thread Otherwise, high priority timer threads expend\n  cycles precessing other sirqs, potentially increasing wakeup latencies as thes process sirqs at a priority other than\n  the priority specified by the user.\n- sunrpc/cache: drop reference when sunrpc_cache_pipe_upcall() detects a race (bnc#803320).\n- sunrpc: Enforce an upper limit on the number of cached credentials (bsc#1012917).\n- sunrpc: Fix reconnection timeouts (bsc#1014410).\n- sunrpc: Fix two issues with drop_caches and the sunrpc auth cache (bsc#1012917).\n- sunrpc: Limit the reconnect backoff timer to the max RPC message timeout (bsc#1014410).\n- tcp: fix inet6_csk_route_req() for link-local addresses (bsc#1010175).\n- tcp: pass fl6 to inet6_csk_route_req() (bsc#1010175).\n- tcp: plug dst leak in tcp_v6_conn_request() (bsc#1010175).\n- tcp: use inet6_csk_route_req() in tcp_v6_send_synack() (bsc#1010175).\n- tg3: Avoid NULL pointer dereference in tg3_io_error_detected() (bsc#908458).\n- tg3: Fix temperature reporting (bnc#790588).\n- tty: Signal SIGHUP before hanging up ldisc (bnc#989764).\n- usb: console: fix potential use after free (bsc#1015817).\n- usb: console: fix uninitialised ldisc semaphore (bsc#1015817).\n- usb: cp210x: Corrected USB request type definitions (bsc#1015932).\n- usb: cp210x: relocate private data from USB interface to port (bsc#1015932).\n- usb: cp210x: work around cp2108 GET_LINE_CTL bug (bsc#1015932).\n- usb: ftdi_sio: fix null deref at port probe (bsc#1015796).\n- usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices (bsc#922634).\n- usb: hub: Fix unbalanced reference count/memory leak/deadlocks (bsc#968010).\n- usb: ipaq.c: fix a timeout loop (bsc#1015848).\n- usb: opticon: fix non-atomic allocation in write path (bsc#1015803).\n- usb: option: fix runtime PM handling (bsc#1015752).\n- usb: serial: cp210x: add 16-bit register access functions (bsc#1015932).\n- usb: serial: cp210x: add 8-bit and 32-bit register access functions (bsc#1015932).\n- usb: serial: cp210x: add new access functions for large registers (bsc#1015932).\n- usb: serial: cp210x: fix hardware flow-control disable (bsc#1015932).\n- usb: serial: fix potential use-after-free after failed probe (bsc#1015828).\n- usb: serial: io_edgeport: fix memory leaks in attach error path (bsc#1016505).\n- usb: serial: io_edgeport: fix memory leaks in probe error path (bsc#1016505).\n- usb: serial: keyspan: fix use-after-free in probe error path (bsc#1016520).\n- usb: sierra: fix AA deadlock in open error path (bsc#1015561).\n- usb: sierra: fix remote wakeup (bsc#1015561).\n- usb: sierra: fix urb and memory leak in resume error path (bsc#1015561).\n- usb: sierra: fix urb and memory leak on disconnect (bsc#1015561).\n- usb: sierra: fix use after free at suspend/resume (bsc#1015561).\n- usb: usb_wwan: fix potential blocked I/O after resume (bsc#1015760).\n- usb: usb_wwan: fix race between write and resume (bsc#1015760).\n- usb: usb_wwan: fix urb leak at shutdown (bsc#1015760).\n- usb: usb_wwan: fix urb leak in write error path (bsc#1015760).\n- usb: usb_wwan: fix write and suspend race (bsc#1015760).\n- usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615).\n- usblp: do not set TASK_INTERRUPTIBLE before lock (bsc#1015844).\n- vmxnet3: Wake queue from reset work (bsc#999907).\n- x86, amd_nb: Clarify F15h, model 30h GART and L3 support\n- x86/MCE/intel: Cleanup CMCI storm logic (bsc#929141).\n- x86/asm/traps: Disable tracing and kprobes in fixup_bad_iret and sync_regs (bsc#909077).\n- x86/cpu/amd: Set X86_FEATURE_EXTD_APICID for future processors\n- x86/gart: Check for GART support before accessing GART registers\n- xenbus: do not invoke ->is_ready() for most device states (bsc#987333).\n- zcrypt: Fix hang condition on crypto card config-off (bsc#1016320).\n- zcrypt: Fix invalid domain response handling (bsc#1016320).\n- zfcp: Fix erratic device offline during EH (bsc#993832).\n- zfcp: close window with unblocked rport during rport gone (bnc#1003677).\n- zfcp: fix D_ID field with actual value on tracing SAN responses (bnc#1003677).\n- zfcp: fix ELS/GS request&response length for hardware data router (bnc#1003677).\n- zfcp: fix payload trace length for SAN request&response (bnc#1003677).\n- zfcp: restore tracing of handle for port and LUN with HBA records (bnc#1003677).\n- zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace (bnc#1003677).\n- zfcp: retain trace level for SCSI and HBA FSF response records (bnc#1003677).\n- zfcp: trace full payload of all SAN records (req,resp,iels) (bnc#1003677).\n- zfcp: trace on request for open and close of WKA port (bnc#1003677).\n","title":"Description of the patch"},{"category":"details","text":"slertesp4-kernel-13074","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_1102-1.json"},{"category":"self","summary":"URL for SUSE-SU-2017:1102-1","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20171102-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2017:1102-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2017-April/002828.html"},{"category":"self","summary":"SUSE Bug 1003077","url":"https://bugzilla.suse.com/1003077"},{"category":"self","summary":"SUSE Bug 1003344","url":"https://bugzilla.suse.com/1003344"},{"category":"self","summary":"SUSE Bug 1003568","url":"https://bugzilla.suse.com/1003568"},{"category":"self","summary":"SUSE Bug 1003677","url":"https://bugzilla.suse.com/1003677"},{"category":"self","summary":"SUSE Bug 1003813","url":"https://bugzilla.suse.com/1003813"},{"category":"self","summary":"SUSE Bug 1003866","url":"https://bugzilla.suse.com/1003866"},{"category":"self","summary":"SUSE Bug 1003925","url":"https://bugzilla.suse.com/1003925"},{"category":"self","summary":"SUSE Bug 1004517","url":"https://bugzilla.suse.com/1004517"},{"category":"self","summary":"SUSE Bug 1004520","url":"https://bugzilla.suse.com/1004520"},{"category":"self","summary":"SUSE Bug 1005857","url":"https://bugzilla.suse.com/1005857"},{"category":"self","summary":"SUSE Bug 1005877","url":"https://bugzilla.suse.com/1005877"},{"category":"self","summary":"SUSE Bug 1005896","url":"https://bugzilla.suse.com/1005896"},{"category":"self","summary":"SUSE Bug 1005903","url":"https://bugzilla.suse.com/1005903"},{"category":"self","summary":"SUSE Bug 1006917","url":"https://bugzilla.suse.com/1006917"},{"category":"self","summary":"SUSE Bug 1006919","url":"https://bugzilla.suse.com/1006919"},{"category":"self","summary":"SUSE Bug 1007615","url":"https://bugzilla.suse.com/1007615"},{"category":"self","summary":"SUSE Bug 1007944","url":"https://bugzilla.suse.com/1007944"},{"category":"self","summary":"SUSE Bug 1008557","url":"https://bugzilla.suse.com/1008557"},{"category":"self","summary":"SUSE Bug 1008645","url":"https://bugzilla.suse.com/1008645"},{"category":"self","summary":"SUSE Bug 1008831","url":"https://bugzilla.suse.com/1008831"},{"category":"self","summary":"SUSE Bug 1008833","url":"https://bugzilla.suse.com/1008833"},{"category":"self","summary":"SUSE Bug 1008893","url":"https://bugzilla.suse.com/1008893"},{"category":"self","summary":"SUSE Bug 1009875","url":"https://bugzilla.suse.com/1009875"},{"category":"self","summary":"SUSE Bug 1010150","url":"https://bugzilla.suse.com/1010150"},{"category":"self","summary":"SUSE Bug 1010175","url":"https://bugzilla.suse.com/1010175"},{"category":"self","summary":"SUSE Bug 1010201","url":"https://bugzilla.suse.com/1010201"},{"category":"self","summary":"SUSE Bug 1010467","url":"https://bugzilla.suse.com/1010467"},{"category":"self","summary":"SUSE Bug 1010501","url":"https://bugzilla.suse.com/1010501"},{"category":"self","summary":"SUSE Bug 1010507","url":"https://bugzilla.suse.com/1010507"},{"category":"self","summary":"SUSE Bug 1010711","url":"https://bugzilla.suse.com/1010711"},{"category":"self","summary":"SUSE Bug 1010716","url":"https://bugzilla.suse.com/1010716"},{"category":"self","summary":"SUSE Bug 1011685","url":"https://bugzilla.suse.com/1011685"},{"category":"self","summary":"SUSE Bug 1011820","url":"https://bugzilla.suse.com/1011820"},{"category":"self","summary":"SUSE Bug 1012411","url":"https://bugzilla.suse.com/1012411"},{"category":"self","summary":"SUSE Bug 1012422","url":"https://bugzilla.suse.com/1012422"},{"category":"self","summary":"SUSE Bug 1012832","url":"https://bugzilla.suse.com/1012832"},{"category":"self","summary":"SUSE Bug 1012851","url":"https://bugzilla.suse.com/1012851"},{"category":"self","summary":"SUSE Bug 1012917","url":"https://bugzilla.suse.com/1012917"},{"category":"self","summary":"SUSE Bug 1013018","url":"https://bugzilla.suse.com/1013018"},{"category":"self","summary":"SUSE Bug 1013038","url":"https://bugzilla.suse.com/1013038"},{"category":"self","summary":"SUSE Bug 1013042","url":"https://bugzilla.suse.com/1013042"},{"category":"self","summary":"SUSE Bug 1013070","url":"https://bugzilla.suse.com/1013070"},{"category":"self","summary":"SUSE Bug 1013531","url":"https://bugzilla.suse.com/1013531"},{"category":"self","summary":"SUSE Bug 1013533","url":"https://bugzilla.suse.com/1013533"},{"category":"self","summary":"SUSE Bug 1013542","url":"https://bugzilla.suse.com/1013542"},{"category":"self","summary":"SUSE Bug 1013604","url":"https://bugzilla.suse.com/1013604"},{"category":"self","summary":"SUSE Bug 1014410","url":"https://bugzilla.suse.com/1014410"},{"category":"self","summary":"SUSE Bug 1014454","url":"https://bugzilla.suse.com/1014454"},{"category":"self","summary":"SUSE Bug 1014746","url":"https://bugzilla.suse.com/1014746"},{"category":"self","summary":"SUSE Bug 1015561","url":"https://bugzilla.suse.com/1015561"},{"category":"self","summary":"SUSE Bug 1015752","url":"https://bugzilla.suse.com/1015752"},{"category":"self","summary":"SUSE Bug 1015760","url":"https://bugzilla.suse.com/1015760"},{"category":"self","summary":"SUSE Bug 1015796","url":"https://bugzilla.suse.com/1015796"},{"category":"self","summary":"SUSE Bug 1015803","url":"https://bugzilla.suse.com/1015803"},{"category":"self","summary":"SUSE Bug 1015817","url":"https://bugzilla.suse.com/1015817"},{"category":"self","summary":"SUSE Bug 1015828","url":"https://bugzilla.suse.com/1015828"},{"category":"self","summary":"SUSE Bug 1015844","url":"https://bugzilla.suse.com/1015844"},{"category":"self","summary":"SUSE Bug 1015848","url":"https://bugzilla.suse.com/1015848"},{"category":"self","summary":"SUSE Bug 1015878","url":"https://bugzilla.suse.com/1015878"},{"category":"self","summary":"SUSE Bug 1015932","url":"https://bugzilla.suse.com/1015932"},{"category":"self","summary":"SUSE Bug 1016320","url":"https://bugzilla.suse.com/1016320"},{"category":"self","summary":"SUSE Bug 1016505","url":"https://bugzilla.suse.com/1016505"},{"category":"self","summary":"SUSE Bug 1016520","url":"https://bugzilla.suse.com/1016520"},{"category":"self","summary":"SUSE Bug 1016668","url":"https://bugzilla.suse.com/1016668"},{"category":"self","summary":"SUSE Bug 1016688","url":"https://bugzilla.suse.com/1016688"},{"category":"self","summary":"SUSE Bug 1016824","url":"https://bugzilla.suse.com/1016824"},{"category":"self","summary":"SUSE Bug 1016831","url":"https://bugzilla.suse.com/1016831"},{"category":"self","summary":"SUSE Bug 1017686","url":"https://bugzilla.suse.com/1017686"},{"category":"self","summary":"SUSE Bug 1017710","url":"https://bugzilla.suse.com/1017710"},{"category":"self","summary":"SUSE Bug 1019148","url":"https://bugzilla.suse.com/1019148"},{"category":"self","summary":"SUSE Bug 1019165","url":"https://bugzilla.suse.com/1019165"},{"category":"self","summary":"SUSE Bug 1019348","url":"https://bugzilla.suse.com/1019348"},{"category":"self","summary":"SUSE Bug 1019783","url":"https://bugzilla.suse.com/1019783"},{"category":"self","summary":"SUSE Bug 1020214","url":"https://bugzilla.suse.com/1020214"},{"category":"self","summary":"SUSE Bug 1021258","url":"https://bugzilla.suse.com/1021258"},{"category":"self","summary":"SUSE Bug 748806","url":"https://bugzilla.suse.com/748806"},{"category":"self","summary":"SUSE Bug 763198","url":"https://bugzilla.suse.com/763198"},{"category":"self","summary":"SUSE Bug 771065","url":"https://bugzilla.suse.com/771065"},{"category":"self","summary":"SUSE Bug 786036","url":"https://bugzilla.suse.com/786036"},{"category":"self","summary":"SUSE Bug 790588","url":"https://bugzilla.suse.com/790588"},{"category":"self","summary":"SUSE Bug 795297","url":"https://bugzilla.suse.com/795297"},{"category":"self","summary":"SUSE Bug 799133","url":"https://bugzilla.suse.com/799133"},{"category":"self","summary":"SUSE Bug 800999","url":"https://bugzilla.suse.com/800999"},{"category":"self","summary":"SUSE Bug 803320","url":"https://bugzilla.suse.com/803320"},{"category":"self","summary":"SUSE Bug 821612","url":"https://bugzilla.suse.com/821612"},{"category":"self","summary":"SUSE Bug 824171","url":"https://bugzilla.suse.com/824171"},{"category":"self","summary":"SUSE Bug 851603","url":"https://bugzilla.suse.com/851603"},{"category":"self","summary":"SUSE Bug 853052","url":"https://bugzilla.suse.com/853052"},{"category":"self","summary":"SUSE Bug 860441","url":"https://bugzilla.suse.com/860441"},{"category":"self","summary":"SUSE Bug 863873","url":"https://bugzilla.suse.com/863873"},{"category":"self","summary":"SUSE Bug 865783","url":"https://bugzilla.suse.com/865783"},{"category":"self","summary":"SUSE Bug 871728","url":"https://bugzilla.suse.com/871728"},{"category":"self","summary":"SUSE Bug 901809","url":"https://bugzilla.suse.com/901809"},{"category":"self","summary":"SUSE Bug 907611","url":"https://bugzilla.suse.com/907611"},{"category":"self","summary":"SUSE Bug 908458","url":"https://bugzilla.suse.com/908458"},{"category":"self","summary":"SUSE Bug 908684","url":"https://bugzilla.suse.com/908684"},{"category":"self","summary":"SUSE Bug 909077","url":"https://bugzilla.suse.com/909077"},{"category":"self","summary":"SUSE Bug 909350","url":"https://bugzilla.suse.com/909350"},{"category":"self","summary":"SUSE Bug 909484","url":"https://bugzilla.suse.com/909484"},{"category":"self","summary":"SUSE Bug 909491","url":"https://bugzilla.suse.com/909491"},{"category":"self","summary":"SUSE Bug 909618","url":"https://bugzilla.suse.com/909618"},{"category":"self","summary":"SUSE Bug 913387","url":"https://bugzilla.suse.com/913387"},{"category":"self","summary":"SUSE Bug 914939","url":"https://bugzilla.suse.com/914939"},{"category":"self","summary":"SUSE Bug 919382","url":"https://bugzilla.suse.com/919382"},{"category":"self","summary":"SUSE Bug 922634","url":"https://bugzilla.suse.com/922634"},{"category":"self","summary":"SUSE Bug 924708","url":"https://bugzilla.suse.com/924708"},{"category":"self","summary":"SUSE Bug 925065","url":"https://bugzilla.suse.com/925065"},{"category":"self","summary":"SUSE Bug 928138","url":"https://bugzilla.suse.com/928138"},{"category":"self","summary":"SUSE Bug 929141","url":"https://bugzilla.suse.com/929141"},{"category":"self","summary":"SUSE Bug 953233","url":"https://bugzilla.suse.com/953233"},{"category":"self","summary":"SUSE Bug 956514","url":"https://bugzilla.suse.com/956514"},{"category":"self","summary":"SUSE Bug 960689","url":"https://bugzilla.suse.com/960689"},{"category":"self","summary":"SUSE Bug 961589","url":"https://bugzilla.suse.com/961589"},{"category":"self","summary":"SUSE Bug 962846","url":"https://bugzilla.suse.com/962846"},{"category":"self","summary":"SUSE Bug 963655","url":"https://bugzilla.suse.com/963655"},{"category":"self","summary":"SUSE Bug 967716","url":"https://bugzilla.suse.com/967716"},{"category":"self","summary":"SUSE Bug 968010","url":"https://bugzilla.suse.com/968010"},{"category":"self","summary":"SUSE Bug 969340","url":"https://bugzilla.suse.com/969340"},{"category":"self","summary":"SUSE Bug 973203","url":"https://bugzilla.suse.com/973203"},{"category":"self","summary":"SUSE Bug 973691","url":"https://bugzilla.suse.com/973691"},{"category":"self","summary":"SUSE Bug 979681","url":"https://bugzilla.suse.com/979681"},{"category":"self","summary":"SUSE Bug 984194","url":"https://bugzilla.suse.com/984194"},{"category":"self","summary":"SUSE Bug 986337","url":"https://bugzilla.suse.com/986337"},{"category":"self","summary":"SUSE Bug 987333","url":"https://bugzilla.suse.com/987333"},{"category":"self","summary":"SUSE Bug 987576","url":"https://bugzilla.suse.com/987576"},{"category":"self","summary":"SUSE Bug 989152","url":"https://bugzilla.suse.com/989152"},{"category":"self","summary":"SUSE Bug 989680","url":"https://bugzilla.suse.com/989680"},{"category":"self","summary":"SUSE Bug 989764","url":"https://bugzilla.suse.com/989764"},{"category":"self","summary":"SUSE Bug 989896","url":"https://bugzilla.suse.com/989896"},{"category":"self","summary":"SUSE Bug 990245","url":"https://bugzilla.suse.com/990245"},{"category":"self","summary":"SUSE Bug 992566","url":"https://bugzilla.suse.com/992566"},{"category":"self","summary":"SUSE Bug 992991","url":"https://bugzilla.suse.com/992991"},{"category":"self","summary":"SUSE Bug 993739","url":"https://bugzilla.suse.com/993739"},{"category":"self","summary":"SUSE Bug 993832","url":"https://bugzilla.suse.com/993832"},{"category":"self","summary":"SUSE Bug 995968","url":"https://bugzilla.suse.com/995968"},{"category":"self","summary":"SUSE Bug 996541","url":"https://bugzilla.suse.com/996541"},{"category":"self","summary":"SUSE Bug 996557","url":"https://bugzilla.suse.com/996557"},{"category":"self","summary":"SUSE Bug 997401","url":"https://bugzilla.suse.com/997401"},{"category":"self","summary":"SUSE Bug 998689","url":"https://bugzilla.suse.com/998689"},{"category":"self","summary":"SUSE Bug 999101","url":"https://bugzilla.suse.com/999101"},{"category":"self","summary":"SUSE Bug 999907","url":"https://bugzilla.suse.com/999907"},{"category":"self","summary":"SUSE CVE CVE-2004-0230 page","url":"https://www.suse.com/security/cve/CVE-2004-0230/"},{"category":"self","summary":"SUSE CVE CVE-2012-6704 page","url":"https://www.suse.com/security/cve/CVE-2012-6704/"},{"category":"self","summary":"SUSE CVE CVE-2013-6368 page","url":"https://www.suse.com/security/cve/CVE-2013-6368/"},{"category":"self","summary":"SUSE CVE CVE-2015-1350 page","url":"https://www.suse.com/security/cve/CVE-2015-1350/"},{"category":"self","summary":"SUSE CVE CVE-2015-8956 page","url":"https://www.suse.com/security/cve/CVE-2015-8956/"},{"category":"self","summary":"SUSE CVE CVE-2015-8962 page","url":"https://www.suse.com/security/cve/CVE-2015-8962/"},{"category":"self","summary":"SUSE CVE CVE-2015-8964 page","url":"https://www.suse.com/security/cve/CVE-2015-8964/"},{"category":"self","summary":"SUSE CVE CVE-2016-10088 page","url":"https://www.suse.com/security/cve/CVE-2016-10088/"},{"category":"self","summary":"SUSE CVE CVE-2016-3841 page","url":"https://www.suse.com/security/cve/CVE-2016-3841/"},{"category":"self","summary":"SUSE CVE CVE-2016-5696 page","url":"https://www.suse.com/security/cve/CVE-2016-5696/"},{"category":"self","summary":"SUSE CVE CVE-2016-7042 page","url":"https://www.suse.com/security/cve/CVE-2016-7042/"},{"category":"self","summary":"SUSE CVE CVE-2016-7097 page","url":"https://www.suse.com/security/cve/CVE-2016-7097/"},{"category":"self","summary":"SUSE CVE CVE-2016-7117 page","url":"https://www.suse.com/security/cve/CVE-2016-7117/"},{"category":"self","summary":"SUSE CVE CVE-2016-7910 page","url":"https://www.suse.com/security/cve/CVE-2016-7910/"},{"category":"self","summary":"SUSE CVE CVE-2016-7911 page","url":"https://www.suse.com/security/cve/CVE-2016-7911/"},{"category":"self","summary":"SUSE CVE CVE-2016-7916 page","url":"https://www.suse.com/security/cve/CVE-2016-7916/"},{"category":"self","summary":"SUSE CVE CVE-2016-8399 page","url":"https://www.suse.com/security/cve/CVE-2016-8399/"},{"category":"self","summary":"SUSE CVE CVE-2016-8632 page","url":"https://www.suse.com/security/cve/CVE-2016-8632/"},{"category":"self","summary":"SUSE CVE CVE-2016-8633 page","url":"https://www.suse.com/security/cve/CVE-2016-8633/"},{"category":"self","summary":"SUSE CVE CVE-2016-8646 page","url":"https://www.suse.com/security/cve/CVE-2016-8646/"},{"category":"self","summary":"SUSE CVE CVE-2016-9555 page","url":"https://www.suse.com/security/cve/CVE-2016-9555/"},{"category":"self","summary":"SUSE CVE CVE-2016-9576 page","url":"https://www.suse.com/security/cve/CVE-2016-9576/"},{"category":"self","summary":"SUSE CVE CVE-2016-9685 page","url":"https://www.suse.com/security/cve/CVE-2016-9685/"},{"category":"self","summary":"SUSE CVE CVE-2016-9756 page","url":"https://www.suse.com/security/cve/CVE-2016-9756/"},{"category":"self","summary":"SUSE CVE CVE-2016-9793 page","url":"https://www.suse.com/security/cve/CVE-2016-9793/"},{"category":"self","summary":"SUSE CVE CVE-2016-9794 page","url":"https://www.suse.com/security/cve/CVE-2016-9794/"},{"category":"self","summary":"SUSE CVE CVE-2017-5551 page","url":"https://www.suse.com/security/cve/CVE-2017-5551/"}],"title":"Security update for the Linux Kernel","tracking":{"current_release_date":"2017-04-25T14:34:26Z","generator":{"date":"2017-04-25T14:34:26Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2017:1102-1","initial_release_date":"2017-04-25T14:34:26Z","revision_history":[{"date":"2017-04-25T14:34:26Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"kernel-rt-3.0.101.rt130-68.1.x86_64","product":{"name":"kernel-rt-3.0.101.rt130-68.1.x86_64","product_id":"kernel-rt-3.0.101.rt130-68.1.x86_64"}},{"category":"product_version","name":"kernel-rt-base-3.0.101.rt130-68.1.x86_64","product":{"name":"kernel-rt-base-3.0.101.rt130-68.1.x86_64","product_id":"kernel-rt-base-3.0.101.rt130-68.1.x86_64"}},{"category":"product_version","name":"kernel-rt-devel-3.0.101.rt130-68.1.x86_64","product":{"name":"kernel-rt-devel-3.0.101.rt130-68.1.x86_64","product_id":"kernel-rt-devel-3.0.101.rt130-68.1.x86_64"}},{"category":"product_version","name":"kernel-rt_trace-3.0.101.rt130-68.1.x86_64","product":{"name":"kernel-rt_trace-3.0.101.rt130-68.1.x86_64","product_id":"kernel-rt_trace-3.0.101.rt130-68.1.x86_64"}},{"category":"product_version","name":"kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","product":{"name":"kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","product_id":"kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64"}},{"category":"product_version","name":"kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","product":{"name":"kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","product_id":"kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64"}},{"category":"product_version","name":"kernel-source-rt-3.0.101.rt130-68.1.x86_64","product":{"name":"kernel-source-rt-3.0.101.rt130-68.1.x86_64","product_id":"kernel-source-rt-3.0.101.rt130-68.1.x86_64"}},{"category":"product_version","name":"kernel-syms-rt-3.0.101.rt130-68.1.x86_64","product":{"name":"kernel-syms-rt-3.0.101.rt130-68.1.x86_64","product_id":"kernel-syms-rt-3.0.101.rt130-68.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Real Time 11 SP4","product":{"name":"SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4","product_identification_helper":{"cpe":"cpe:/a:suse:suse-linux-enterprise-rt:11:sp4"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"kernel-rt-3.0.101.rt130-68.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64"},"product_reference":"kernel-rt-3.0.101.rt130-68.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt-base-3.0.101.rt130-68.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64"},"product_reference":"kernel-rt-base-3.0.101.rt130-68.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt-devel-3.0.101.rt130-68.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64"},"product_reference":"kernel-rt-devel-3.0.101.rt130-68.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt_trace-3.0.101.rt130-68.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64"},"product_reference":"kernel-rt_trace-3.0.101.rt130-68.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64"},"product_reference":"kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64"},"product_reference":"kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-source-rt-3.0.101.rt130-68.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64"},"product_reference":"kernel-source-rt-3.0.101.rt130-68.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-syms-rt-3.0.101.rt130-68.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"},"product_reference":"kernel-syms-rt-3.0.101.rt130-68.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"}]},"vulnerabilities":[{"cve":"CVE-2004-0230","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2004-0230"}],"notes":[{"category":"general","text":"TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2004-0230","url":"https://www.suse.com/security/cve/CVE-2004-0230"},{"category":"external","summary":"SUSE Bug 1184394 for CVE-2004-0230","url":"https://bugzilla.suse.com/1184394"},{"category":"external","summary":"SUSE Bug 1198501 for CVE-2004-0230","url":"https://bugzilla.suse.com/1198501"},{"category":"external","summary":"SUSE Bug 1206598 for CVE-2004-0230","url":"https://bugzilla.suse.com/1206598"},{"category":"external","summary":"SUSE Bug 969340 for CVE-2004-0230","url":"https://bugzilla.suse.com/969340"},{"category":"external","summary":"SUSE Bug 989152 for CVE-2004-0230","url":"https://bugzilla.suse.com/989152"},{"category":"external","summary":"SUSE Bug 992991 for CVE-2004-0230","url":"https://bugzilla.suse.com/992991"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":3.7,"baseSeverity":"LOW","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"threats":[{"category":"impact","date":"2017-04-25T14:34:26Z","details":"low"}],"title":"CVE-2004-0230"},{"cve":"CVE-2012-6704","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2012-6704"}],"notes":[{"category":"general","text":"The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2012-6704","url":"https://www.suse.com/security/cve/CVE-2012-6704"},{"category":"external","summary":"SUSE Bug 1013531 for CVE-2012-6704","url":"https://bugzilla.suse.com/1013531"},{"category":"external","summary":"SUSE Bug 1013542 for CVE-2012-6704","url":"https://bugzilla.suse.com/1013542"},{"category":"external","summary":"SUSE Bug 1115893 for CVE-2012-6704","url":"https://bugzilla.suse.com/1115893"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.7,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"threats":[{"category":"impact","date":"2017-04-25T14:34:26Z","details":"moderate"}],"title":"CVE-2012-6704"},{"cve":"CVE-2013-6368","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2013-6368"}],"notes":[{"category":"general","text":"The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2013-6368","url":"https://www.suse.com/security/cve/CVE-2013-6368"},{"category":"external","summary":"SUSE Bug 853052 for CVE-2013-6368","url":"https://bugzilla.suse.com/853052"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"threats":[{"category":"impact","date":"2017-04-25T14:34:26Z","details":"moderate"}],"title":"CVE-2013-6368"},{"cve":"CVE-2015-1350","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-1350"}],"notes":[{"category":"general","text":"The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-1350","url":"https://www.suse.com/security/cve/CVE-2015-1350"},{"category":"external","summary":"SUSE Bug 1052256 for CVE-2015-1350","url":"https://bugzilla.suse.com/1052256"},{"category":"external","summary":"SUSE Bug 914939 for CVE-2015-1350","url":"https://bugzilla.suse.com/914939"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"threats":[{"category":"impact","date":"2017-04-25T14:34:26Z","details":"moderate"}],"title":"CVE-2015-1350"},{"cve":"CVE-2015-8956","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-8956"}],"notes":[{"category":"general","text":"The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-8956","url":"https://www.suse.com/security/cve/CVE-2015-8956"},{"category":"external","summary":"SUSE Bug 1003925 for CVE-2015-8956","url":"https://bugzilla.suse.com/1003925"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.1,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L","version":"3.0"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"threats":[{"category":"impact","date":"2017-04-25T14:34:26Z","details":"moderate"}],"title":"CVE-2015-8956"},{"cve":"CVE-2015-8962","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-8962"}],"notes":[{"category":"general","text":"Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-8962","url":"https://www.suse.com/security/cve/CVE-2015-8962"},{"category":"external","summary":"SUSE Bug 1010501 for CVE-2015-8962","url":"https://bugzilla.suse.com/1010501"},{"category":"external","summary":"SUSE Bug 1115893 for CVE-2015-8962","url":"https://bugzilla.suse.com/1115893"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"threats":[{"category":"impact","date":"2017-04-25T14:34:26Z","details":"important"}],"title":"CVE-2015-8962"},{"cve":"CVE-2015-8964","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-8964"}],"notes":[{"category":"general","text":"The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-8964","url":"https://www.suse.com/security/cve/CVE-2015-8964"},{"category":"external","summary":"SUSE Bug 1010507 for CVE-2015-8964","url":"https://bugzilla.suse.com/1010507"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":3.3,"baseSeverity":"LOW","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"threats":[{"category":"impact","date":"2017-04-25T14:34:26Z","details":"low"}],"title":"CVE-2015-8964"},{"cve":"CVE-2016-10088","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-10088"}],"notes":[{"category":"general","text":"The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-10088","url":"https://www.suse.com/security/cve/CVE-2016-10088"},{"category":"external","summary":"SUSE Bug 1013604 for CVE-2016-10088","url":"https://bugzilla.suse.com/1013604"},{"category":"external","summary":"SUSE Bug 1014271 for CVE-2016-10088","url":"https://bugzilla.suse.com/1014271"},{"category":"external","summary":"SUSE Bug 1017710 for CVE-2016-10088","url":"https://bugzilla.suse.com/1017710"},{"category":"external","summary":"SUSE Bug 1019079 for CVE-2016-10088","url":"https://bugzilla.suse.com/1019079"},{"category":"external","summary":"SUSE Bug 1115893 for CVE-2016-10088","url":"https://bugzilla.suse.com/1115893"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"threats":[{"category":"impact","date":"2017-04-25T14:34:26Z","details":"important"}],"title":"CVE-2016-10088"},{"cve":"CVE-2016-3841","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-3841"}],"notes":[{"category":"general","text":"The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-3841","url":"https://www.suse.com/security/cve/CVE-2016-3841"},{"category":"external","summary":"SUSE Bug 1052256 for CVE-2016-3841","url":"https://bugzilla.suse.com/1052256"},{"category":"external","summary":"SUSE Bug 1115893 for CVE-2016-3841","url":"https://bugzilla.suse.com/1115893"},{"category":"external","summary":"SUSE Bug 992566 for CVE-2016-3841","url":"https://bugzilla.suse.com/992566"},{"category":"external","summary":"SUSE Bug 992569 for CVE-2016-3841","url":"https://bugzilla.suse.com/992569"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.3,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"threats":[{"category":"impact","date":"2017-04-25T14:34:26Z","details":"moderate"}],"title":"CVE-2016-3841"},{"cve":"CVE-2016-5696","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-5696"}],"notes":[{"category":"general","text":"net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-5696","url":"https://www.suse.com/security/cve/CVE-2016-5696"},{"category":"external","summary":"SUSE Bug 1020452 for CVE-2016-5696","url":"https://bugzilla.suse.com/1020452"},{"category":"external","summary":"SUSE Bug 1175721 for CVE-2016-5696","url":"https://bugzilla.suse.com/1175721"},{"category":"external","summary":"SUSE Bug 989152 for CVE-2016-5696","url":"https://bugzilla.suse.com/989152"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.8,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"threats":[{"category":"impact","date":"2017-04-25T14:34:26Z","details":"moderate"}],"title":"CVE-2016-5696"},{"cve":"CVE-2016-7042","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-7042"}],"notes":[{"category":"general","text":"The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-7042","url":"https://www.suse.com/security/cve/CVE-2016-7042"},{"category":"external","summary":"SUSE Bug 1004517 for CVE-2016-7042","url":"https://bugzilla.suse.com/1004517"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.2,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"threats":[{"category":"impact","date":"2017-04-25T14:34:26Z","details":"moderate"}],"title":"CVE-2016-7042"},{"cve":"CVE-2016-7097","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-7097"}],"notes":[{"category":"general","text":"The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-7097","url":"https://www.suse.com/security/cve/CVE-2016-7097"},{"category":"external","summary":"SUSE Bug 1021258 for CVE-2016-7097","url":"https://bugzilla.suse.com/1021258"},{"category":"external","summary":"SUSE Bug 1052256 for CVE-2016-7097","url":"https://bugzilla.suse.com/1052256"},{"category":"external","summary":"SUSE Bug 870618 for CVE-2016-7097","url":"https://bugzilla.suse.com/870618"},{"category":"external","summary":"SUSE Bug 995968 for CVE-2016-7097","url":"https://bugzilla.suse.com/995968"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.4,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","version":"3.0"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"threats":[{"category":"impact","date":"2017-04-25T14:34:26Z","details":"low"}],"title":"CVE-2016-7097"},{"cve":"CVE-2016-7117","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-7117"}],"notes":[{"category":"general","text":"Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-7117","url":"https://www.suse.com/security/cve/CVE-2016-7117"},{"category":"external","summary":"SUSE Bug 1003077 for CVE-2016-7117","url":"https://bugzilla.suse.com/1003077"},{"category":"external","summary":"SUSE Bug 1003253 for CVE-2016-7117","url":"https://bugzilla.suse.com/1003253"},{"category":"external","summary":"SUSE Bug 1057478 for CVE-2016-7117","url":"https://bugzilla.suse.com/1057478"},{"category":"external","summary":"SUSE Bug 1071943 for CVE-2016-7117","url":"https://bugzilla.suse.com/1071943"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.1,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"threats":[{"category":"impact","date":"2017-04-25T14:34:26Z","details":"moderate"}],"title":"CVE-2016-7117"},{"cve":"CVE-2016-7910","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-7910"}],"notes":[{"category":"general","text":"Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-7910","url":"https://www.suse.com/security/cve/CVE-2016-7910"},{"category":"external","summary":"SUSE Bug 1010716 for CVE-2016-7910","url":"https://bugzilla.suse.com/1010716"},{"category":"external","summary":"SUSE Bug 1115893 for CVE-2016-7910","url":"https://bugzilla.suse.com/1115893"},{"category":"external","summary":"SUSE Bug 1196722 for CVE-2016-7910","url":"https://bugzilla.suse.com/1196722"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"threats":[{"category":"impact","date":"2017-04-25T14:34:26Z","details":"important"}],"title":"CVE-2016-7910"},{"cve":"CVE-2016-7911","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-7911"}],"notes":[{"category":"general","text":"Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-7911","url":"https://www.suse.com/security/cve/CVE-2016-7911"},{"category":"external","summary":"SUSE Bug 1010711 for CVE-2016-7911","url":"https://bugzilla.suse.com/1010711"},{"category":"external","summary":"SUSE Bug 1010713 for CVE-2016-7911","url":"https://bugzilla.suse.com/1010713"},{"category":"external","summary":"SUSE Bug 1115893 for CVE-2016-7911","url":"https://bugzilla.suse.com/1115893"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"threats":[{"category":"impact","date":"2017-04-25T14:34:26Z","details":"moderate"}],"title":"CVE-2016-7911"},{"cve":"CVE-2016-7916","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-7916"}],"notes":[{"category":"general","text":"Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-7916","url":"https://www.suse.com/security/cve/CVE-2016-7916"},{"category":"external","summary":"SUSE Bug 1010467 for CVE-2016-7916","url":"https://bugzilla.suse.com/1010467"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","version":"3.0"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"threats":[{"category":"impact","date":"2017-04-25T14:34:26Z","details":"moderate"}],"title":"CVE-2016-7916"},{"cve":"CVE-2016-8399","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-8399"}],"notes":[{"category":"general","text":"An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-8399","url":"https://www.suse.com/security/cve/CVE-2016-8399"},{"category":"external","summary":"SUSE Bug 1014746 for CVE-2016-8399","url":"https://bugzilla.suse.com/1014746"},{"category":"external","summary":"SUSE Bug 1115893 for CVE-2016-8399","url":"https://bugzilla.suse.com/1115893"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"threats":[{"category":"impact","date":"2017-04-25T14:34:26Z","details":"moderate"}],"title":"CVE-2016-8399"},{"cve":"CVE-2016-8632","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-8632"}],"notes":[{"category":"general","text":"The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-8632","url":"https://www.suse.com/security/cve/CVE-2016-8632"},{"category":"external","summary":"SUSE Bug 1008831 for CVE-2016-8632","url":"https://bugzilla.suse.com/1008831"},{"category":"external","summary":"SUSE Bug 1012852 for CVE-2016-8632","url":"https://bugzilla.suse.com/1012852"},{"category":"external","summary":"SUSE Bug 1115893 for CVE-2016-8632","url":"https://bugzilla.suse.com/1115893"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"threats":[{"category":"impact","date":"2017-04-25T14:34:26Z","details":"moderate"}],"title":"CVE-2016-8632"},{"cve":"CVE-2016-8633","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-8633"}],"notes":[{"category":"general","text":"drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-8633","url":"https://www.suse.com/security/cve/CVE-2016-8633"},{"category":"external","summary":"SUSE Bug 1008833 for CVE-2016-8633","url":"https://bugzilla.suse.com/1008833"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.8,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"threats":[{"category":"impact","date":"2017-04-25T14:34:26Z","details":"moderate"}],"title":"CVE-2016-8633"},{"cve":"CVE-2016-8646","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-8646"}],"notes":[{"category":"general","text":"The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-8646","url":"https://www.suse.com/security/cve/CVE-2016-8646"},{"category":"external","summary":"SUSE Bug 1010150 for CVE-2016-8646","url":"https://bugzilla.suse.com/1010150"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"threats":[{"category":"impact","date":"2017-04-25T14:34:26Z","details":"moderate"}],"title":"CVE-2016-8646"},{"cve":"CVE-2016-9555","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-9555"}],"notes":[{"category":"general","text":"The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-9555","url":"https://www.suse.com/security/cve/CVE-2016-9555"},{"category":"external","summary":"SUSE Bug 1011685 for CVE-2016-9555","url":"https://bugzilla.suse.com/1011685"},{"category":"external","summary":"SUSE Bug 1012183 for CVE-2016-9555","url":"https://bugzilla.suse.com/1012183"},{"category":"external","summary":"SUSE Bug 1115893 for CVE-2016-9555","url":"https://bugzilla.suse.com/1115893"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.9,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"threats":[{"category":"impact","date":"2017-04-25T14:34:26Z","details":"moderate"}],"title":"CVE-2016-9555"},{"cve":"CVE-2016-9576","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-9576"}],"notes":[{"category":"general","text":"The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-9576","url":"https://www.suse.com/security/cve/CVE-2016-9576"},{"category":"external","summary":"SUSE Bug 1013604 for CVE-2016-9576","url":"https://bugzilla.suse.com/1013604"},{"category":"external","summary":"SUSE Bug 1014271 for CVE-2016-9576","url":"https://bugzilla.suse.com/1014271"},{"category":"external","summary":"SUSE Bug 1017710 for CVE-2016-9576","url":"https://bugzilla.suse.com/1017710"},{"category":"external","summary":"SUSE Bug 1019079 for CVE-2016-9576","url":"https://bugzilla.suse.com/1019079"},{"category":"external","summary":"SUSE Bug 1019668 for CVE-2016-9576","url":"https://bugzilla.suse.com/1019668"},{"category":"external","summary":"SUSE Bug 1115893 for CVE-2016-9576","url":"https://bugzilla.suse.com/1115893"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"threats":[{"category":"impact","date":"2017-04-25T14:34:26Z","details":"important"}],"title":"CVE-2016-9576"},{"cve":"CVE-2016-9685","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-9685"}],"notes":[{"category":"general","text":"Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-9685","url":"https://www.suse.com/security/cve/CVE-2016-9685"},{"category":"external","summary":"SUSE Bug 1012832 for CVE-2016-9685","url":"https://bugzilla.suse.com/1012832"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"threats":[{"category":"impact","date":"2017-04-25T14:34:26Z","details":"low"}],"title":"CVE-2016-9685"},{"cve":"CVE-2016-9756","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-9756"}],"notes":[{"category":"general","text":"arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-9756","url":"https://www.suse.com/security/cve/CVE-2016-9756"},{"category":"external","summary":"SUSE Bug 1013038 for CVE-2016-9756","url":"https://bugzilla.suse.com/1013038"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.1,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"threats":[{"category":"impact","date":"2017-04-25T14:34:26Z","details":"moderate"}],"title":"CVE-2016-9756"},{"cve":"CVE-2016-9793","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-9793"}],"notes":[{"category":"general","text":"The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-9793","url":"https://www.suse.com/security/cve/CVE-2016-9793"},{"category":"external","summary":"SUSE Bug 1013531 for CVE-2016-9793","url":"https://bugzilla.suse.com/1013531"},{"category":"external","summary":"SUSE Bug 1013542 for CVE-2016-9793","url":"https://bugzilla.suse.com/1013542"},{"category":"external","summary":"SUSE Bug 1115893 for CVE-2016-9793","url":"https://bugzilla.suse.com/1115893"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"threats":[{"category":"impact","date":"2017-04-25T14:34:26Z","details":"moderate"}],"title":"CVE-2016-9793"},{"cve":"CVE-2016-9794","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-9794"}],"notes":[{"category":"general","text":"Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-9794","url":"https://www.suse.com/security/cve/CVE-2016-9794"},{"category":"external","summary":"SUSE Bug 1013533 for CVE-2016-9794","url":"https://bugzilla.suse.com/1013533"},{"category":"external","summary":"SUSE Bug 1013543 for CVE-2016-9794","url":"https://bugzilla.suse.com/1013543"},{"category":"external","summary":"SUSE Bug 1013604 for CVE-2016-9794","url":"https://bugzilla.suse.com/1013604"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"threats":[{"category":"impact","date":"2017-04-25T14:34:26Z","details":"important"}],"title":"CVE-2016-9794"},{"cve":"CVE-2017-5551","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2017-5551"}],"notes":[{"category":"general","text":"The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2017-5551","url":"https://www.suse.com/security/cve/CVE-2017-5551"},{"category":"external","summary":"SUSE Bug 1021258 for CVE-2017-5551","url":"https://bugzilla.suse.com/1021258"},{"category":"external","summary":"SUSE Bug 995968 for CVE-2017-5551","url":"https://bugzilla.suse.com/995968"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.4,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-68.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-68.1.x86_64"]}],"threats":[{"category":"impact","date":"2017-04-25T14:34:26Z","details":"moderate"}],"title":"CVE-2017-5551"}]}