Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:0301-1 Final 1 1 2016-02-08T14:39:31Z current 2016-02-08T14:39:31Z 2016-02-08T14:39:31Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The openSUSE 13.1 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2016-0728: A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962075). - CVE-2015-7550: A local user could have triggered a race between read and revoke in keyctl (bnc#958951). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2014-8989: The Linux kernel did not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allowed local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a 'negative groups' issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c (bnc#906545). - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI (bnc#937969). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8104: The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-5307: The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527). - CVE-2014-9529: Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key (bnc#912202). - CVE-2015-7990: Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937 (bnc#952384 953052). - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#945825). - CVE-2015-7885: The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel memory via a crafted application (bnc#951627). - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product (bnc#955354). - CVE-2015-8767: A case can occur when sctp_accept() is called by the user during a heartbeat timeout event after the 4-way handshake. Since sctp_assoc_migrate() changes both assoc->base.sk and assoc->ep, the bh_sock_lock in sctp_generate_heartbeat_event() will be taken with the listening socket but released with the new association socket. The result is a deadlock on any future attempts to take the listening socket lock. (bsc#961509) - CVE-2015-8575: Validate socket address length in sco_sock_bind() to prevent information leak (bsc#959399). - CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled (bsc#957990). - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988). The following non-security bugs were fixed: - ALSA: hda - Disable 64bit address for Creative HDA controllers (bnc#814440). - ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504). - Input: aiptek - fix crash on detecting device without endpoints (bnc#956708). - KEYS: Make /proc/keys unconditional if CONFIG_KEYS=y (boo#956934). - KVM: x86: update masterclock values on TSC writes (bsc#961739). - NFS: Fix a NULL pointer dereference of migration recovery ops for v4.2 client (bsc#960839). - apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task (bsc#921949). - blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976). - blktap: refine mm tracking (bsc#952976). - cdrom: Random writing support for BD-RE media (bnc#959568). - genksyms: Handle string literals with spaces in reference files (bsc#958510). - ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224). - ipv6: distinguish frag queues by device for multicast and link-local packets (bsc#955422). - ipv6: fix tunnel error handling (bsc#952579). - route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224). - uas: Add response iu handling (bnc#954138). - usbvision fix overflow of interfaces array (bnc#950998). - x86/evtchn: make use of PHYSDEVOP_map_pirq. - xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set (bsc#957990 XSA-157). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html E-Mail link for openSUSE-SU-2016:0301-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings cloop-2.639-11.23.2 cloop-kmp-default-2.639_k3.11.10_34-11.23.2 cloop-kmp-desktop-2.639_k3.11.10_34-11.23.2 cloop-kmp-pae-2.639_k3.11.10_34-11.23.2 cloop-kmp-xen-2.639_k3.11.10_34-11.23.2 crash-7.0.2-2.23.7 crash-devel-7.0.2-2.23.7 crash-doc-7.0.2-2.23.7 crash-eppic-7.0.2-2.23.7 crash-gcore-7.0.2-2.23.7 crash-kmp-default-7.0.2_k3.11.10_34-2.23.7 crash-kmp-desktop-7.0.2_k3.11.10_34-2.23.7 crash-kmp-pae-7.0.2_k3.11.10_34-2.23.7 crash-kmp-xen-7.0.2_k3.11.10_34-2.23.7 hdjmod-1.28-16.23.2 hdjmod-kmp-default-1.28_k3.11.10_34-16.23.2 hdjmod-kmp-desktop-1.28_k3.11.10_34-16.23.2 hdjmod-kmp-pae-1.28_k3.11.10_34-16.23.2 hdjmod-kmp-xen-1.28_k3.11.10_34-16.23.2 ipset-6.21.1-2.27.2 ipset-devel-6.21.1-2.27.2 ipset-kmp-default-6.21.1_k3.11.10_34-2.27.2 ipset-kmp-desktop-6.21.1_k3.11.10_34-2.27.2 ipset-kmp-pae-6.21.1_k3.11.10_34-2.27.2 ipset-kmp-xen-6.21.1_k3.11.10_34-2.27.2 iscsitarget-1.4.20.3-13.23.2 iscsitarget-kmp-default-1.4.20.3_k3.11.10_34-13.23.2 iscsitarget-kmp-desktop-1.4.20.3_k3.11.10_34-13.23.2 iscsitarget-kmp-pae-1.4.20.3_k3.11.10_34-13.23.2 iscsitarget-kmp-xen-1.4.20.3_k3.11.10_34-13.23.2 kernel-debug-3.11.10-34.2 kernel-debug-base-3.11.10-34.2 kernel-debug-devel-3.11.10-34.2 kernel-default-3.11.10-34.2 kernel-default-base-3.11.10-34.2 kernel-default-devel-3.11.10-34.2 kernel-desktop-3.11.10-34.2 kernel-desktop-base-3.11.10-34.2 kernel-desktop-devel-3.11.10-34.2 kernel-devel-3.11.10-34.1 kernel-docs-3.11.10-34.2 kernel-ec2-3.11.10-34.1 kernel-ec2-base-3.11.10-34.1 kernel-ec2-devel-3.11.10-34.1 kernel-pae-3.11.10-34.2 kernel-pae-base-3.11.10-34.2 kernel-pae-devel-3.11.10-34.2 kernel-source-3.11.10-34.1 kernel-source-vanilla-3.11.10-34.1 kernel-syms-3.11.10-34.1 kernel-trace-3.11.10-34.2 kernel-trace-base-3.11.10-34.2 kernel-trace-devel-3.11.10-34.2 kernel-vanilla-3.11.10-34.2 kernel-vanilla-devel-3.11.10-34.2 kernel-xen-3.11.10-34.2 kernel-xen-base-3.11.10-34.2 kernel-xen-devel-3.11.10-34.2 libipset3-6.21.1-2.27.2 ndiswrapper-1.58-23.1 ndiswrapper-kmp-default-1.58_k3.11.10_34-23.1 ndiswrapper-kmp-desktop-1.58_k3.11.10_34-23.1 ndiswrapper-kmp-pae-1.58_k3.11.10_34-23.1 pcfclock-0.44-258.23.1 pcfclock-kmp-default-0.44_k3.11.10_34-258.23.1 pcfclock-kmp-desktop-0.44_k3.11.10_34-258.23.1 pcfclock-kmp-pae-0.44_k3.11.10_34-258.23.1 python-virtualbox-4.2.36-2.56.1 vhba-kmp-20130607-2.24.1 vhba-kmp-default-20130607_k3.11.10_34-2.24.1 vhba-kmp-desktop-20130607_k3.11.10_34-2.24.1 vhba-kmp-pae-20130607_k3.11.10_34-2.24.1 vhba-kmp-xen-20130607_k3.11.10_34-2.24.1 virtualbox-4.2.36-2.56.1 virtualbox-devel-4.2.36-2.56.1 virtualbox-guest-kmp-default-4.2.36_k3.11.10_34-2.56.1 virtualbox-guest-kmp-desktop-4.2.36_k3.11.10_34-2.56.1 virtualbox-guest-kmp-pae-4.2.36_k3.11.10_34-2.56.1 virtualbox-guest-tools-4.2.36-2.56.1 virtualbox-guest-x11-4.2.36-2.56.1 virtualbox-host-kmp-default-4.2.36_k3.11.10_34-2.56.1 virtualbox-host-kmp-desktop-4.2.36_k3.11.10_34-2.56.1 virtualbox-host-kmp-pae-4.2.36_k3.11.10_34-2.56.1 virtualbox-host-source-4.2.36-2.56.1 virtualbox-qt-4.2.36-2.56.1 virtualbox-websrv-4.2.36-2.56.1 xen-4.3.4_10-57.1 xen-devel-4.3.4_10-57.1 xen-doc-html-4.3.4_10-57.1 xen-kmp-default-4.3.4_10_k3.11.10_34-57.1 xen-kmp-desktop-4.3.4_10_k3.11.10_34-57.1 xen-kmp-pae-4.3.4_10_k3.11.10_34-57.1 xen-libs-4.3.4_10-57.1 xen-libs-32bit-4.3.4_10-57.1 xen-tools-4.3.4_10-57.1 xen-tools-domU-4.3.4_10-57.1 xen-xend-tools-4.3.4_10-57.1 xtables-addons-2.3-2.23.1 xtables-addons-kmp-default-2.3_k3.11.10_34-2.23.1 xtables-addons-kmp-desktop-2.3_k3.11.10_34-2.23.1 xtables-addons-kmp-pae-2.3_k3.11.10_34-2.23.1 xtables-addons-kmp-xen-2.3_k3.11.10_34-2.23.1 Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced. CVE-2014-2568 important 3.8 AV:L/AC:H/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2014-2568.html CVE-2014-2568 https://bugzilla.suse.com/869564 SUSE Bug 869564 arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value. CVE-2014-8133 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2014-8133.html CVE-2014-8133 https://bugzilla.suse.com/817142 SUSE Bug 817142 https://bugzilla.suse.com/906545 SUSE Bug 906545 https://bugzilla.suse.com/907818 SUSE Bug 907818 https://bugzilla.suse.com/909077 SUSE Bug 909077 https://bugzilla.suse.com/923485 SUSE Bug 923485 The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a "negative groups" issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c. CVE-2014-8989 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2014-8989.html CVE-2014-8989 https://bugzilla.suse.com/906545 SUSE Bug 906545 The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite. CVE-2014-9090 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2014-9090.html CVE-2014-9090 https://bugzilla.suse.com/817142 SUSE Bug 817142 https://bugzilla.suse.com/907818 SUSE Bug 907818 https://bugzilla.suse.com/909077 SUSE Bug 909077 https://bugzilla.suse.com/910251 SUSE Bug 910251 The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address. CVE-2014-9419 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2014-9419.html CVE-2014-9419 https://bugzilla.suse.com/911326 SUSE Bug 911326 Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. CVE-2014-9529 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2014-9529.html CVE-2014-9529 https://bugzilla.suse.com/912202 SUSE Bug 912202 Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename. CVE-2014-9683 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2014-9683.html CVE-2014-9683 https://bugzilla.suse.com/918333 SUSE Bug 918333 include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment. CVE-2014-9715 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2014-9715.html CVE-2014-9715 https://bugzilla.suse.com/927780 SUSE Bug 927780 The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c. CVE-2014-9728 moderate 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2014-9728.html CVE-2014-9728 https://bugzilla.suse.com/911325 SUSE Bug 911325 https://bugzilla.suse.com/933904 SUSE Bug 933904 The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image. CVE-2014-9729 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2014-9729.html CVE-2014-9729 https://bugzilla.suse.com/911325 SUSE Bug 911325 https://bugzilla.suse.com/933904 SUSE Bug 933904 The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image. CVE-2014-9730 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2014-9730.html CVE-2014-9730 https://bugzilla.suse.com/911325 SUSE Bug 911325 https://bugzilla.suse.com/933904 SUSE Bug 933904 The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allows local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c. CVE-2014-9731 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2014-9731.html CVE-2014-9731 https://bugzilla.suse.com/911325 SUSE Bug 911325 https://bugzilla.suse.com/933896 SUSE Bug 933896 GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215. CVE-2015-0272 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-0272.html CVE-2015-0272 https://bugzilla.suse.com/944296 SUSE Bug 944296 https://bugzilla.suse.com/951638 SUSE Bug 951638 https://bugzilla.suse.com/955354 SUSE Bug 955354 drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors. CVE-2015-0777 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-0777.html CVE-2015-0777 https://bugzilla.suse.com/917830 SUSE Bug 917830 Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function. CVE-2015-1420 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-1420.html CVE-2015-1420 https://bugzilla.suse.com/915517 SUSE Bug 915517 Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data. CVE-2015-1421 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-1421.html CVE-2015-1421 https://bugzilla.suse.com/915577 SUSE Bug 915577 https://bugzilla.suse.com/922004 SUSE Bug 922004 https://bugzilla.suse.com/939261 SUSE Bug 939261 net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. CVE-2015-2041 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-2041.html CVE-2015-2041 https://bugzilla.suse.com/903967 SUSE Bug 903967 https://bugzilla.suse.com/919007 SUSE Bug 919007 net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. CVE-2015-2042 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-2042.html CVE-2015-2042 https://bugzilla.suse.com/903967 SUSE Bug 903967 https://bugzilla.suse.com/919018 SUSE Bug 919018 Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. CVE-2015-2150 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-2150.html CVE-2015-2150 https://bugzilla.suse.com/800280 SUSE Bug 800280 https://bugzilla.suse.com/903967 SUSE Bug 903967 https://bugzilla.suse.com/919463 SUSE Bug 919463 Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd. CVE-2015-2666 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-2666.html CVE-2015-2666 https://bugzilla.suse.com/922944 SUSE Bug 922944 arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16. CVE-2015-2830 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-2830.html CVE-2015-2830 https://bugzilla.suse.com/903967 SUSE Bug 903967 https://bugzilla.suse.com/926240 SUSE Bug 926240 The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. CVE-2015-2922 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-2922.html CVE-2015-2922 https://bugzilla.suse.com/903967 SUSE Bug 903967 https://bugzilla.suse.com/922583 SUSE Bug 922583 https://bugzilla.suse.com/926223 SUSE Bug 926223 The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack." CVE-2015-2925 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-2925.html CVE-2015-2925 https://bugzilla.suse.com/926238 SUSE Bug 926238 https://bugzilla.suse.com/951625 SUSE Bug 951625 https://bugzilla.suse.com/951638 SUSE Bug 951638 https://bugzilla.suse.com/963994 SUSE Bug 963994 Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls. CVE-2015-3212 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-3212.html CVE-2015-3212 https://bugzilla.suse.com/936502 SUSE Bug 936502 Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. CVE-2015-3339 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-3339.html CVE-2015-3339 https://bugzilla.suse.com/903967 SUSE Bug 903967 https://bugzilla.suse.com/928130 SUSE Bug 928130 https://bugzilla.suse.com/939263 SUSE Bug 939263 The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect. CVE-2015-3636 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-3636.html CVE-2015-3636 https://bugzilla.suse.com/929525 SUSE Bug 929525 https://bugzilla.suse.com/939277 SUSE Bug 939277 https://bugzilla.suse.com/994624 SUSE Bug 994624 Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet. CVE-2015-4001 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-4001.html CVE-2015-4001 https://bugzilla.suse.com/933934 SUSE Bug 933934 drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions. CVE-2015-4002 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-4002.html CVE-2015-4002 https://bugzilla.suse.com/933934 SUSE Bug 933934 The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet. CVE-2015-4003 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-4003.html CVE-2015-4003 https://bugzilla.suse.com/933934 SUSE Bug 933934 The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet. CVE-2015-4004 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-4004.html CVE-2015-4004 https://bugzilla.suse.com/933934 SUSE Bug 933934 Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced. CVE-2015-4036 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-4036.html CVE-2015-4036 https://bugzilla.suse.com/931988 SUSE Bug 931988 The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem. CVE-2015-4167 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-4167.html CVE-2015-4167 https://bugzilla.suse.com/917839 SUSE Bug 917839 https://bugzilla.suse.com/933907 SUSE Bug 933907 The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call. CVE-2015-4692 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-4692.html CVE-2015-4692 https://bugzilla.suse.com/935542 SUSE Bug 935542 The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler. CVE-2015-4700 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-4700.html CVE-2015-4700 https://bugzilla.suse.com/935705 SUSE Bug 935705 https://bugzilla.suse.com/939273 SUSE Bug 939273 arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI. CVE-2015-5157 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-5157.html CVE-2015-5157 https://bugzilla.suse.com/937969 SUSE Bug 937969 https://bugzilla.suse.com/937970 SUSE Bug 937970 https://bugzilla.suse.com/938706 SUSE Bug 938706 https://bugzilla.suse.com/939207 SUSE Bug 939207 The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished. CVE-2015-5283 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-5283.html CVE-2015-5283 https://bugzilla.suse.com/947155 SUSE Bug 947155 The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. CVE-2015-5307 moderate 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-5307.html CVE-2015-5307 https://bugzilla.suse.com/953527 SUSE Bug 953527 https://bugzilla.suse.com/954018 SUSE Bug 954018 https://bugzilla.suse.com/954404 SUSE Bug 954404 https://bugzilla.suse.com/954405 SUSE Bug 954405 https://bugzilla.suse.com/962977 SUSE Bug 962977 The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood. CVE-2015-5364 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-5364.html CVE-2015-5364 https://bugzilla.suse.com/781018 SUSE Bug 781018 https://bugzilla.suse.com/936831 SUSE Bug 936831 https://bugzilla.suse.com/939276 SUSE Bug 939276 https://bugzilla.suse.com/945112 SUSE Bug 945112 The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364. CVE-2015-5366 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-5366.html CVE-2015-5366 https://bugzilla.suse.com/781018 SUSE Bug 781018 https://bugzilla.suse.com/936831 SUSE Bug 936831 https://bugzilla.suse.com/939276 SUSE Bug 939276 https://bugzilla.suse.com/945112 SUSE Bug 945112 Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request. CVE-2015-5707 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-5707.html CVE-2015-5707 https://bugzilla.suse.com/923755 SUSE Bug 923755 https://bugzilla.suse.com/940338 SUSE Bug 940338 https://bugzilla.suse.com/940342 SUSE Bug 940342 https://bugzilla.suse.com/963994 SUSE Bug 963994 The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. CVE-2015-6937 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-6937.html CVE-2015-6937 https://bugzilla.suse.com/923755 SUSE Bug 923755 https://bugzilla.suse.com/945825 SUSE Bug 945825 https://bugzilla.suse.com/952384 SUSE Bug 952384 https://bugzilla.suse.com/953052 SUSE Bug 953052 https://bugzilla.suse.com/963994 SUSE Bug 963994 The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls. CVE-2015-7550 moderate 4.6 AV:L/AC:L/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-7550.html CVE-2015-7550 https://bugzilla.suse.com/1052256 SUSE Bug 1052256 https://bugzilla.suse.com/958951 SUSE Bug 958951 The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call. CVE-2015-7799 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-7799.html CVE-2015-7799 https://bugzilla.suse.com/1052256 SUSE Bug 1052256 https://bugzilla.suse.com/949936 SUSE Bug 949936 https://bugzilla.suse.com/951638 SUSE Bug 951638 The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor. CVE-2015-7833 moderate 4 AV:L/AC:H/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-7833.html CVE-2015-7833 https://bugzilla.suse.com/950998 SUSE Bug 950998 https://bugzilla.suse.com/990058 SUSE Bug 990058 The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands. CVE-2015-7872 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-7872.html CVE-2015-7872 https://bugzilla.suse.com/951440 SUSE Bug 951440 https://bugzilla.suse.com/951542 SUSE Bug 951542 https://bugzilla.suse.com/951638 SUSE Bug 951638 https://bugzilla.suse.com/958463 SUSE Bug 958463 The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. CVE-2015-7885 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-7885.html CVE-2015-7885 https://bugzilla.suse.com/1126909 SUSE Bug 1126909 https://bugzilla.suse.com/951626 SUSE Bug 951626 https://bugzilla.suse.com/951627 SUSE Bug 951627 Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937. CVE-2015-7990 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-7990.html CVE-2015-7990 https://bugzilla.suse.com/945825 SUSE Bug 945825 https://bugzilla.suse.com/952384 SUSE Bug 952384 https://bugzilla.suse.com/953052 SUSE Bug 953052 The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. CVE-2015-8104 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-8104.html CVE-2015-8104 https://bugzilla.suse.com/953527 SUSE Bug 953527 https://bugzilla.suse.com/954018 SUSE Bug 954018 https://bugzilla.suse.com/954404 SUSE Bug 954404 https://bugzilla.suse.com/954405 SUSE Bug 954405 https://bugzilla.suse.com/962977 SUSE Bug 962977 net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product. CVE-2015-8215 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-8215.html CVE-2015-8215 https://bugzilla.suse.com/1052256 SUSE Bug 1052256 https://bugzilla.suse.com/944296 SUSE Bug 944296 https://bugzilla.suse.com/951638 SUSE Bug 951638 https://bugzilla.suse.com/955354 SUSE Bug 955354 The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application. CVE-2015-8543 moderate 1.7 AV:L/AC:L/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-8543.html CVE-2015-8543 https://bugzilla.suse.com/1052256 SUSE Bug 1052256 https://bugzilla.suse.com/923755 SUSE Bug 923755 https://bugzilla.suse.com/958886 SUSE Bug 958886 https://bugzilla.suse.com/963994 SUSE Bug 963994 https://bugzilla.suse.com/969522 SUSE Bug 969522 Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability. CVE-2015-8550 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-8550.html CVE-2015-8550 https://bugzilla.suse.com/1052256 SUSE Bug 1052256 https://bugzilla.suse.com/957988 SUSE Bug 957988 The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks." CVE-2015-8551 moderate 5.2 AV:A/AC:M/Au:S/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-8551.html CVE-2015-8551 https://bugzilla.suse.com/957990 SUSE Bug 957990 https://bugzilla.suse.com/990058 SUSE Bug 990058 The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks." CVE-2015-8552 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-8552.html CVE-2015-8552 https://bugzilla.suse.com/957990 SUSE Bug 957990 https://bugzilla.suse.com/990058 SUSE Bug 990058 The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. CVE-2015-8569 low 1.7 AV:L/AC:L/Au:S/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-8569.html CVE-2015-8569 https://bugzilla.suse.com/923755 SUSE Bug 923755 https://bugzilla.suse.com/959190 SUSE Bug 959190 https://bugzilla.suse.com/959399 SUSE Bug 959399 https://bugzilla.suse.com/963994 SUSE Bug 963994 The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. CVE-2015-8575 moderate 1.5 AV:L/AC:M/Au:S/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-8575.html CVE-2015-8575 https://bugzilla.suse.com/959190 SUSE Bug 959190 https://bugzilla.suse.com/959399 SUSE Bug 959399 net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. CVE-2015-8767 low 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2015-8767.html CVE-2015-8767 https://bugzilla.suse.com/961509 SUSE Bug 961509 The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. CVE-2016-0728 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html https://www.suse.com/security/cve/CVE-2016-0728.html CVE-2016-0728 https://bugzilla.suse.com/923755 SUSE Bug 923755 https://bugzilla.suse.com/962075 SUSE Bug 962075 https://bugzilla.suse.com/962078 SUSE Bug 962078 https://bugzilla.suse.com/963994 SUSE Bug 963994