<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
  <DocumentTitle xml:lang="en">Security update for the Linux Kernel</DocumentTitle>
  <DocumentType>SUSE Patch</DocumentType>
  <DocumentPublisher Type="Vendor">
    <ContactDetails>security@suse.de</ContactDetails>
    <IssuingAuthority>SUSE Security Team</IssuingAuthority>
  </DocumentPublisher>
  <DocumentTracking>
    <Identification>
      <ID>openSUSE-SU-2017:0547-1</ID>
    </Identification>
    <Status>Final</Status>
    <Version>1</Version>
    <RevisionHistory>
      <Revision>
        <Number>1</Number>
        <Date>2017-02-22T14:32:09Z</Date>
        <Description>current</Description>
      </Revision>
    </RevisionHistory>
    <InitialReleaseDate>2017-02-22T14:32:09Z</InitialReleaseDate>
    <CurrentReleaseDate>2017-02-22T14:32:09Z</CurrentReleaseDate>
    <Generator>
      <Engine>cve-database/bin/generate-cvrf.pl</Engine>
      <Date>2017-02-24T01:00:00Z</Date>
    </Generator>
  </DocumentTracking>
  <DocumentNotes>
    <Note Title="Topic" Type="Summary" Ordinal="1" xml:lang="en">Security update for the Linux Kernel</Note>
    <Note Title="Details" Type="General" Ordinal="2" xml:lang="en">

The openSUSE Leap 42.1 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to cause a denial of service (invalid free) or possibly have unspecified other impact via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024).
- CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bnc#1025235).
- CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bnc#1024938).
- CVE-2017-5897: A potential remote denial of service within the IPv6 GRE protocol was fixed. (bsc#1023762)

The following non-security bugs were fixed:

- btrfs: support NFSv2 export (bnc#929871).
- btrfs: Direct I/O: Fix space accounting (bsc#1025058).
- btrfs: add RAID 5/6 BTRFS_RBIO_REBUILD_MISSING operation (bsc#1025069).
- btrfs: bail out if block group has different mixed flag (bsc#1025072).
- btrfs: be more precise on errors when getting an inode from disk (bsc#981038).
- btrfs: check pending chunks when shrinking fs to avoid corruption (bnc#936445).
- btrfs: check prepare_uptodate_page() error code earlier (bnc#966910).
- btrfs: do not BUG() during drop snapshot (bsc#1025076).
- btrfs: do not collect ordered extents when logging that inode exists (bsc#977685).
- btrfs: do not initialize a space info as full to prevent ENOSPC (bnc#944001).
- btrfs: do not leak reloc root nodes on error (bsc#1025074).
- btrfs: fix block group -&amp;gt;space_info null pointer dereference (bnc#935088).
- btrfs: fix chunk allocation regression leading to transaction abort (bnc#938550).
- btrfs: fix crash on close_ctree() if cleaner starts new transaction (bnc#938891).
- btrfs: fix deadlock between direct IO reads and buffered writes (bsc#973855).
- btrfs: fix deadlock between direct IO write and defrag/readpages (bnc#965344).
- btrfs: fix device replace of a missing RAID 5/6 device (bsc#1025057).
- btrfs: fix empty symlink after creating symlink and fsync parent dir (bsc#977685).
- btrfs: fix extent accounting for partial direct IO writes (bsc#1025062).
- btrfs: fix file corruption after cloning inline extents (bnc#942512).
- btrfs: fix file loss on log replay after renaming a file and fsync (bsc#977685).
- btrfs: fix file read corruption after extent cloning and fsync (bnc#946902).
- btrfs: fix fitrim discarding device area reserved for boot loader's use (bsc#904489).
- btrfs: fix for incorrect directory entries after fsync log replay (bsc#957805, bsc#977685).
- btrfs: fix hang when failing to submit bio of directIO (bnc#942685).
- btrfs: fix incremental send failure caused by balance (bsc#985850).
- btrfs: fix invalid page accesses in extent_same (dedup) ioctl (bnc#968230).
- btrfs: fix listxattrs not listing all xattrs packed in the same item (bsc#1025063).
- btrfs: fix loading of orphan roots leading to BUG_ON (bsc#972844).
- btrfs: fix memory corruption on failure to submit bio for direct IO (bnc#942685).
- btrfs: fix memory leak in do_walk_down (bsc#1025075).
- btrfs: fix memory leak in reading btree blocks (bsc#1025071).
- btrfs: fix order by which delayed references are run (bnc#949440).
- btrfs: fix page reading in extent_same ioctl leading to csum errors (bnc#968230).
- btrfs: fix qgroup rescan worker initialization (bsc#1025077).
- btrfs: fix qgroup sanity tests (bnc#951615).
- btrfs: fix race between balance and unused block group deletion (bnc#938892).
- btrfs: fix race between fsync and lockless direct IO writes (bsc#977685).
- btrfs: fix race waiting for qgroup rescan worker (bnc#960300).
- btrfs: fix regression running delayed references when using qgroups (bnc#951615).
- btrfs: fix regression when running delayed references (bnc#951615).
- btrfs: fix relocation incorrectly dropping data references (bsc#990384).
- btrfs: fix shrinking truncate when the no_holes feature is enabled (bsc#1025053).
- btrfs: fix sleeping inside atomic context in qgroup rescan worker (bnc#960300).
- btrfs: fix stale dir entries after removing a link and fsync (bnc#942925).
- btrfs: fix unreplayable log after snapshot delete + parent dir fsync (bsc#977685).
- btrfs: fix warning in backref walking (bnc#966278).
- btrfs: fix warning of bytes_may_use (bsc#1025065).
- btrfs: fix wrong check for btrfs_force_chunk_alloc() (bnc#938550).
- btrfs: handle quota reserve failure properly (bsc#1005666).
- btrfs: incremental send, check if orphanized dir inode needs delayed rename (bsc#1025049).
- btrfs: incremental send, do not delay directory renames unnecessarily (bsc#1025048).
- btrfs: incremental send, fix clone operations for compressed extents (fate#316463).
- btrfs: incremental send, fix premature rmdir operations (bsc#1025064).
- btrfs: keep dropped roots in cache until transaction commit (bnc#935087, bnc#945649, bnc#951615).
- btrfs: remove misleading handling of missing device scrub (bsc#1025055).
- btrfs: remove unnecessary locking of cleaner_mutex to avoid deadlock (bsc#904489).
- btrfs: return gracefully from balance if fs tree is corrupted (bsc#1025073).
- btrfs: send, do not bug on inconsistent snapshots (bsc#985850).
- btrfs: send, fix corner case for reference overwrite detection (bsc#1025080).
- btrfs: send, fix file corruption due to incorrect cloning operations (bsc#1025060).
- btrfs: set UNWRITTEN for prealloc'ed extents in fiemap (bsc#1025047).
- btrfs: test_check_exists: Fix infinite loop when searching for free space entries (bsc#987192).
- btrfs: use btrfs_get_fs_root in resolve_indirect_ref (bnc#935087, bnc#945649).
- btrfs: use received_uuid of parent during send (bsc#1025051).
- btrfs: wake up extent state waiters on unlock through clear_extent_bits (bsc#1025050).
- btrfs: Add handler for invalidate page (bsc#963193).
- btrfs: Add qgroup tracing (bnc#935087, bnc#945649).
- btrfs: Avoid truncate tailing page if fallocate range does not exceed inode size (bsc#1025059).
- btrfs: Continue write in case of can_not_nocow (bsc#1025070).
- btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space (bsc#1005666).
- btrfs: Export and move leaf/subtree qgroup helpers to qgroup.c (bsc#983087).
- btrfs: Fix a data space underflow warning (bsc#985562, bsc#975596, bsc#984779).
- btrfs: Handle unaligned length in extent_same (bsc#937609).
- btrfs: abort transaction on btrfs_reloc_cow_block() (bsc#1025081).
- btrfs: add missing discards when unpinning extents with -o discard (bsc#904489).
- btrfs: advertise which crc32c implementation is being used on mount (bsc#946057).
- btrfs: allow dedupe of same inode (bsc#1025067).
- btrfs: backref: Add special time_seq == (u64)-1 case for btrfs_find_all_roots() (bnc#935087, bnc#945649).
- btrfs: backref: Do not merge refs which are not for same block (bnc#935087, bnc#945649).
- btrfs: btrfs_issue_discard ensure offset/length are aligned to sector boundaries (bsc#904489).
- btrfs: change max_inline default to 2048 (bsc#949472).
- btrfs: delayed-ref: Cleanup the unneeded functions (bnc#935087, bnc#945649).
- btrfs: delayed-ref: Use list to replace the ref_root in ref_head (bnc#935087, bnc#945649).
- btrfs: delayed-ref: double free in btrfs_add_delayed_tree_ref() (bsc#1025079).
- btrfs: delayed_ref: Add new function to record reserved space into delayed ref (bsc#963193).
- btrfs: delayed_ref: release and free qgroup reserved at proper timing (bsc#963193).
- btrfs: disable defrag of tree roots.
- btrfs: do not create or leak aliased root while cleaning up orphans (bsc#994881).
- btrfs: do not update mtime/ctime on deduped inodes (bsc#937616).
- btrfs: explictly delete unused block groups in close_ctree and ro-remount (bsc#904489).
- btrfs: extent-tree: Add new version of btrfs_check_data_free_space and btrfs_free_reserved_data_space (bsc#963193).
- btrfs: extent-tree: Add new version of btrfs_delalloc_reserve/release_space (bsc#963193).
- btrfs: extent-tree: Switch to new check_data_free_space and free_reserved_data_space (bsc#963193).
- btrfs: extent-tree: Switch to new delalloc space reserve and release (bsc#963193).
- btrfs: extent-tree: Use ref_node to replace unneeded parameters in __inc_extent_ref() and __free_extent() (bnc#935087, bnc#945649).
- btrfs: extent_io: Introduce needed structure for recoding set/clear bits (bsc#963193).
- btrfs: extent_io: Introduce new function clear_record_extent_bits() (bsc#963193).
- btrfs: extent_io: Introduce new function set_record_extent_bits (bsc#963193).
- btrfs: fallocate: Add support to accurate qgroup reserve (bsc#963193).
- btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls (bsc#1018100).
- btrfs: fix clone / extent-same deadlocks (bsc#937612).
- btrfs: fix deadlock with extent-same and readpage (bsc#937612).
- btrfs: fix resending received snapshot with parent (bsc#1025061).
- btrfs: handle non-fatal errors in btrfs_qgroup_inherit() (bsc#972951).
- btrfs: increment ctx-&amp;gt;pos for every emitted or skipped dirent in readdir (bsc#981709).
- btrfs: iterate over unused chunk space in FITRIM (bsc#904489).
- btrfs: make btrfs_issue_discard return bytes discarded (bsc#904489).
- btrfs: make file clone aware of fatal signals (bsc#1015787).
- btrfs: pass unaligned length to btrfs_cmp_data() (bsc#937609).
- btrfs: properly track when rescan worker is running (bsc#989953).
- btrfs: provide super_operations-&amp;gt;inode_get_dev (bsc#927455).
- btrfs: qgroup: Add function qgroup_update_counters() (bnc#935087, bnc#945649).
- btrfs: qgroup: Add function qgroup_update_refcnt() (bnc#935087, bnc#945649).
- btrfs: qgroup: Add handler for NOCOW and inline (bsc#963193).
- btrfs: qgroup: Add new function to record old_roots (bnc#935087, bnc#945649).
- btrfs: qgroup: Add new qgroup calculation function btrfs_qgroup_account_extents() (bnc#935087, bnc#945649).
- btrfs: qgroup: Add new trace point for qgroup data reserve (bsc#963193).
- btrfs: qgroup: Add the ability to skip given qgroup for old/new_roots (bnc#935087, bnc#945649).
- btrfs: qgroup: Avoid calling btrfs_free_reserved_data_space in clear_bit_hook (bsc#963193).
- btrfs: qgroup: Check if qgroup reserved space leaked (bsc#963193).
- btrfs: qgroup: Cleanup old inaccurate facilities (bsc#963193).
- btrfs: qgroup: Cleanup open-coded old/new_refcnt update and read (bnc#935087, bnc#945649).
- btrfs: qgroup: Cleanup the old ref_node-oriented mechanism (bnc#935087, bnc#945649).
- btrfs: qgroup: Do not copy extent buffer to do qgroup rescan (bnc#960300).
- btrfs: qgroup: Fix a race in delayed_ref which leads to abort trans (bsc#963193).
- btrfs: qgroup: Fix a rebase bug which will cause qgroup double free (bsc#963193).
- btrfs: qgroup: Fix a regression in qgroup reserved space (bnc#935087, bnc#945649).
- btrfs: qgroup: Fix qgroup accounting when creating snapshot (bsc#972993).
- btrfs: qgroup: Fix qgroup data leaking by using subtree tracing (bsc#983087).
- btrfs: qgroup: Introduce btrfs_qgroup_reserve_data function (bsc#963193).
- btrfs: qgroup: Introduce functions to release/free qgroup reserve data space (bsc#963193).
- btrfs: qgroup: Introduce new functions to reserve/free metadata (bsc#963193).
- btrfs: qgroup: Make snapshot accounting work with new extent-oriented qgroup (bnc#935087, bnc#945649).
- btrfs: qgroup: Record possible quota-related extent for qgroup (bnc#935087, bnc#945649).
- btrfs: qgroup: Switch rescan to new mechanism (bnc#935087, bnc#945649).
- btrfs: qgroup: Switch self test to extent-oriented qgroup mechanism (bnc#935087, bnc#945649).
- btrfs: qgroup: Switch to new extent-oriented qgroup mechanism (bnc#935087, bnc#945649).
- btrfs: qgroup: Use new metadata reservation (bsc#963193).
- btrfs: qgroup: account shared subtree during snapshot delete (bnc#935087, bnc#945649).
- btrfs: qgroup: exit the rescan worker during umount (bnc#960300).
- btrfs: qgroup: fix quota disable during rescan (bnc#960300).
- btrfs: remove old tree_root dirent processing in btrfs_real_readdir() (bsc#981709).
- btrfs: serialize subvolume mounts with potentially mismatching rw flags (bsc#951844).
- btrfs: skip superblocks during discard (bsc#904489).
- btrfs: syslog when quota is disabled.
- btrfs: syslog when quota is enabled
- btrfs: ulist: Add ulist_del() function (bnc#935087, bnc#945649).
- btrfs: use the new VFS super_block_dev (bnc#865869).
- btrfs: waiting on qgroup rescan should not always be interruptible (bsc#992712).
- fs/super.c: add new super block sub devices super_block_dev (bnc#865869).
- fs/super.c: fix race between freeze_super() and thaw_super() (bsc#1025066).
- kabi: only use sops-&amp;gt;get_inode_dev with proper fsflag (bsc#927455).
- qgroup: Prevent qgroup-&amp;gt;reserved from going subzero (bsc#993841).
- vfs: add super_operations-&amp;gt;get_inode_dev (bsc#927455).
- xfs: do not allow di_size with high bit set (bsc#1024234).
- xfs: exclude never-released buffers from buftarg I/O accounting (bsc#1024508).
- xfs: fix broken multi-fsb buffer logging (bsc#1024081).
- xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888).
- xfs: track and serialize in-flight async buffers against unmount - kABI (bsc#1024508).
- xfs: track and serialize in-flight async buffers against unmount (bsc#1024508).
</Note>
    <Note Title="Terms of Use" Type="Legal Disclaimer" Ordinal="3" xml:lang="en">The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).</Note>
  </DocumentNotes>
  <DocumentDistribution xml:lang="en">Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)</DocumentDistribution>
  <DocumentReferences>
    <Reference Type="Self">
      <URL>https://lists.opensuse.org/opensuse-security-announce/2017-02/msg00037.html</URL>
      <Description>E-Mail link for openSUSE-SU-2017:0547-1</Description>
    </Reference>
    <Reference Type="Self">
      <URL>https://www.suse.com/support/security/rating/</URL>
      <Description>SUSE Security Ratings</Description>
    </Reference>
  </DocumentReferences>
  <ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
    <Branch Type="Product Family" Name="openSUSE Leap 42.1">
      <Branch Type="Product Name" Name="openSUSE Leap 42.1">
        <FullProductName ProductID="openSUSE Leap 42.1">openSUSE Leap 42.1</FullProductName>
      </Branch>
    </Branch>
    <Branch Type="Product Version" Name="kernel-debug-4.1.38-50.1">
      <FullProductName ProductID="kernel-debug-4.1.38-50.1">kernel-debug-4.1.38-50.1</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-debug-base-4.1.38-50.1">
      <FullProductName ProductID="kernel-debug-base-4.1.38-50.1">kernel-debug-base-4.1.38-50.1</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-debug-devel-4.1.38-50.1">
      <FullProductName ProductID="kernel-debug-devel-4.1.38-50.1">kernel-debug-devel-4.1.38-50.1</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-default-4.1.38-50.1">
      <FullProductName ProductID="kernel-default-4.1.38-50.1">kernel-default-4.1.38-50.1</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-default-base-4.1.38-50.1">
      <FullProductName ProductID="kernel-default-base-4.1.38-50.1">kernel-default-base-4.1.38-50.1</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-default-devel-4.1.38-50.1">
      <FullProductName ProductID="kernel-default-devel-4.1.38-50.1">kernel-default-devel-4.1.38-50.1</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-devel-4.1.38-50.1">
      <FullProductName ProductID="kernel-devel-4.1.38-50.1">kernel-devel-4.1.38-50.1</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-docs-4.1.38-50.3">
      <FullProductName ProductID="kernel-docs-4.1.38-50.3">kernel-docs-4.1.38-50.3</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-docs-html-4.1.38-50.3">
      <FullProductName ProductID="kernel-docs-html-4.1.38-50.3">kernel-docs-html-4.1.38-50.3</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-docs-pdf-4.1.38-50.3">
      <FullProductName ProductID="kernel-docs-pdf-4.1.38-50.3">kernel-docs-pdf-4.1.38-50.3</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-ec2-4.1.38-50.1">
      <FullProductName ProductID="kernel-ec2-4.1.38-50.1">kernel-ec2-4.1.38-50.1</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-ec2-base-4.1.38-50.1">
      <FullProductName ProductID="kernel-ec2-base-4.1.38-50.1">kernel-ec2-base-4.1.38-50.1</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-ec2-devel-4.1.38-50.1">
      <FullProductName ProductID="kernel-ec2-devel-4.1.38-50.1">kernel-ec2-devel-4.1.38-50.1</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-macros-4.1.38-50.1">
      <FullProductName ProductID="kernel-macros-4.1.38-50.1">kernel-macros-4.1.38-50.1</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-obs-build-4.1.38-50.2">
      <FullProductName ProductID="kernel-obs-build-4.1.38-50.2">kernel-obs-build-4.1.38-50.2</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-obs-qa-4.1.38-50.1">
      <FullProductName ProductID="kernel-obs-qa-4.1.38-50.1">kernel-obs-qa-4.1.38-50.1</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-pae-4.1.38-50.1">
      <FullProductName ProductID="kernel-pae-4.1.38-50.1">kernel-pae-4.1.38-50.1</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-pae-base-4.1.38-50.1">
      <FullProductName ProductID="kernel-pae-base-4.1.38-50.1">kernel-pae-base-4.1.38-50.1</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-pae-devel-4.1.38-50.1">
      <FullProductName ProductID="kernel-pae-devel-4.1.38-50.1">kernel-pae-devel-4.1.38-50.1</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-pv-4.1.38-50.1">
      <FullProductName ProductID="kernel-pv-4.1.38-50.1">kernel-pv-4.1.38-50.1</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-pv-base-4.1.38-50.1">
      <FullProductName ProductID="kernel-pv-base-4.1.38-50.1">kernel-pv-base-4.1.38-50.1</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-pv-devel-4.1.38-50.1">
      <FullProductName ProductID="kernel-pv-devel-4.1.38-50.1">kernel-pv-devel-4.1.38-50.1</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-source-4.1.38-50.1">
      <FullProductName ProductID="kernel-source-4.1.38-50.1">kernel-source-4.1.38-50.1</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-source-vanilla-4.1.38-50.1">
      <FullProductName ProductID="kernel-source-vanilla-4.1.38-50.1">kernel-source-vanilla-4.1.38-50.1</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-syms-4.1.38-50.1">
      <FullProductName ProductID="kernel-syms-4.1.38-50.1">kernel-syms-4.1.38-50.1</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-vanilla-4.1.38-50.1">
      <FullProductName ProductID="kernel-vanilla-4.1.38-50.1">kernel-vanilla-4.1.38-50.1</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-vanilla-devel-4.1.38-50.1">
      <FullProductName ProductID="kernel-vanilla-devel-4.1.38-50.1">kernel-vanilla-devel-4.1.38-50.1</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-xen-4.1.38-50.1">
      <FullProductName ProductID="kernel-xen-4.1.38-50.1">kernel-xen-4.1.38-50.1</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-xen-base-4.1.38-50.1">
      <FullProductName ProductID="kernel-xen-base-4.1.38-50.1">kernel-xen-base-4.1.38-50.1</FullProductName>
    </Branch>
    <Branch Type="Product Version" Name="kernel-xen-devel-4.1.38-50.1">
      <FullProductName ProductID="kernel-xen-devel-4.1.38-50.1">kernel-xen-devel-4.1.38-50.1</FullProductName>
    </Branch>
    <Relationship ProductReference="kernel-debug-4.1.38-50.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-debug-4.1.38-50.1">kernel-debug-4.1.38-50.1 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-debug-base-4.1.38-50.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-debug-base-4.1.38-50.1">kernel-debug-base-4.1.38-50.1 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-debug-devel-4.1.38-50.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-debug-devel-4.1.38-50.1">kernel-debug-devel-4.1.38-50.1 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-default-4.1.38-50.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-default-4.1.38-50.1">kernel-default-4.1.38-50.1 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-default-base-4.1.38-50.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-default-base-4.1.38-50.1">kernel-default-base-4.1.38-50.1 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-default-devel-4.1.38-50.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-default-devel-4.1.38-50.1">kernel-default-devel-4.1.38-50.1 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-devel-4.1.38-50.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-devel-4.1.38-50.1">kernel-devel-4.1.38-50.1 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-docs-4.1.38-50.3" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-docs-4.1.38-50.3">kernel-docs-4.1.38-50.3 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-docs-html-4.1.38-50.3" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-docs-html-4.1.38-50.3">kernel-docs-html-4.1.38-50.3 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-docs-pdf-4.1.38-50.3" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-docs-pdf-4.1.38-50.3">kernel-docs-pdf-4.1.38-50.3 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-ec2-4.1.38-50.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-ec2-4.1.38-50.1">kernel-ec2-4.1.38-50.1 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-ec2-base-4.1.38-50.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-ec2-base-4.1.38-50.1">kernel-ec2-base-4.1.38-50.1 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-ec2-devel-4.1.38-50.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-ec2-devel-4.1.38-50.1">kernel-ec2-devel-4.1.38-50.1 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-macros-4.1.38-50.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-macros-4.1.38-50.1">kernel-macros-4.1.38-50.1 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-obs-build-4.1.38-50.2" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-obs-build-4.1.38-50.2">kernel-obs-build-4.1.38-50.2 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-obs-qa-4.1.38-50.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-obs-qa-4.1.38-50.1">kernel-obs-qa-4.1.38-50.1 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-pae-4.1.38-50.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-pae-4.1.38-50.1">kernel-pae-4.1.38-50.1 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-pae-base-4.1.38-50.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-pae-base-4.1.38-50.1">kernel-pae-base-4.1.38-50.1 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-pae-devel-4.1.38-50.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-pae-devel-4.1.38-50.1">kernel-pae-devel-4.1.38-50.1 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-pv-4.1.38-50.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-pv-4.1.38-50.1">kernel-pv-4.1.38-50.1 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-pv-base-4.1.38-50.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-pv-base-4.1.38-50.1">kernel-pv-base-4.1.38-50.1 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-pv-devel-4.1.38-50.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-pv-devel-4.1.38-50.1">kernel-pv-devel-4.1.38-50.1 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-source-4.1.38-50.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-source-4.1.38-50.1">kernel-source-4.1.38-50.1 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-source-vanilla-4.1.38-50.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-source-vanilla-4.1.38-50.1">kernel-source-vanilla-4.1.38-50.1 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-syms-4.1.38-50.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-syms-4.1.38-50.1">kernel-syms-4.1.38-50.1 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-vanilla-4.1.38-50.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-vanilla-4.1.38-50.1">kernel-vanilla-4.1.38-50.1 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-vanilla-devel-4.1.38-50.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-vanilla-devel-4.1.38-50.1">kernel-vanilla-devel-4.1.38-50.1 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-xen-4.1.38-50.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-xen-4.1.38-50.1">kernel-xen-4.1.38-50.1 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-xen-base-4.1.38-50.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-xen-base-4.1.38-50.1">kernel-xen-base-4.1.38-50.1 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
    <Relationship ProductReference="kernel-xen-devel-4.1.38-50.1" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 42.1">
      <FullProductName ProductID="openSUSE Leap 42.1:kernel-xen-devel-4.1.38-50.1">kernel-xen-devel-4.1.38-50.1 as a component of openSUSE Leap 42.1</FullProductName>
    </Relationship>
  </ProductTree>
  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="1">
    <Notes>
      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.</Note>
    </Notes>
    <CVE>CVE-2017-5897</CVE>
    <ProductStatuses>
      <Status Type="Fixed">
        <ProductID>openSUSE Leap 42.1:kernel-debug-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-debug-base-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-debug-devel-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-default-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-default-base-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-default-devel-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-devel-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-docs-4.1.38-50.3</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-docs-html-4.1.38-50.3</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-docs-pdf-4.1.38-50.3</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-ec2-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-ec2-base-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-ec2-devel-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-macros-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-obs-build-4.1.38-50.2</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-obs-qa-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-pae-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-pae-base-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-pae-devel-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-pv-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-pv-base-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-pv-devel-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-source-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-source-vanilla-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-syms-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-vanilla-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-vanilla-devel-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-xen-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-xen-base-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-xen-devel-4.1.38-50.1</ProductID>
      </Status>
    </ProductStatuses>
    <Threats>
      <Threat Type="Impact">
        <Description>important</Description>
      </Threat>
    </Threats>
    <CVSSScoreSets>
      <ScoreSet>
        <BaseScore>4.3</BaseScore>
        <Vector>AV:N/AC:M/Au:N/C:N/I:N/A:P</Vector>
      </ScoreSet>
    </CVSSScoreSets>
    <Remediations>
      <Remediation Type="Vendor Fix">
        <Description xml:lang="en">Please Install the update.</Description>
        <URL>https://lists.opensuse.org/opensuse-security-announce/2017-02/msg00037.html</URL>
      </Remediation>
    </Remediations>
    <References>
      <Reference>
        <URL>https://www.suse.com/security/cve/CVE-2017-5897.html</URL>
        <Description>CVE-2017-5897</Description>
      </Reference>
      <Reference>
        <URL>https://bugzilla.suse.com/1023762</URL>
        <Description>SUSE Bug 1023762</Description>
      </Reference>
      <Reference>
        <URL>https://bugzilla.suse.com/1025039</URL>
        <Description>SUSE Bug 1025039</Description>
      </Reference>
      <Reference>
        <URL>https://bugzilla.suse.com/1087082</URL>
        <Description>SUSE Bug 1087082</Description>
      </Reference>
    </References>
  </Vulnerability>
  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="2">
    <Notes>
      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options.</Note>
    </Notes>
    <CVE>CVE-2017-5970</CVE>
    <ProductStatuses>
      <Status Type="Fixed">
        <ProductID>openSUSE Leap 42.1:kernel-debug-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-debug-base-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-debug-devel-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-default-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-default-base-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-default-devel-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-devel-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-docs-4.1.38-50.3</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-docs-html-4.1.38-50.3</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-docs-pdf-4.1.38-50.3</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-ec2-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-ec2-base-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-ec2-devel-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-macros-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-obs-build-4.1.38-50.2</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-obs-qa-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-pae-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-pae-base-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-pae-devel-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-pv-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-pv-base-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-pv-devel-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-source-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-source-vanilla-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-syms-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-vanilla-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-vanilla-devel-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-xen-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-xen-base-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-xen-devel-4.1.38-50.1</ProductID>
      </Status>
    </ProductStatuses>
    <Threats>
      <Threat Type="Impact">
        <Description>important</Description>
      </Threat>
    </Threats>
    <CVSSScoreSets>
      <ScoreSet>
        <BaseScore>7.1</BaseScore>
        <Vector>AV:N/AC:M/Au:N/C:N/I:N/A:C</Vector>
      </ScoreSet>
    </CVSSScoreSets>
    <Remediations>
      <Remediation Type="Vendor Fix">
        <Description xml:lang="en">Please Install the update.</Description>
        <URL>https://lists.opensuse.org/opensuse-security-announce/2017-02/msg00037.html</URL>
      </Remediation>
    </Remediations>
    <References>
      <Reference>
        <URL>https://www.suse.com/security/cve/CVE-2017-5970.html</URL>
        <Description>CVE-2017-5970</Description>
      </Reference>
      <Reference>
        <URL>https://bugzilla.suse.com/1024938</URL>
        <Description>SUSE Bug 1024938</Description>
      </Reference>
      <Reference>
        <URL>https://bugzilla.suse.com/1025013</URL>
        <Description>SUSE Bug 1025013</Description>
      </Reference>
    </References>
  </Vulnerability>
  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="3">
    <Notes>
      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state.</Note>
    </Notes>
    <CVE>CVE-2017-5986</CVE>
    <ProductStatuses>
      <Status Type="Fixed">
        <ProductID>openSUSE Leap 42.1:kernel-debug-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-debug-base-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-debug-devel-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-default-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-default-base-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-default-devel-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-devel-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-docs-4.1.38-50.3</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-docs-html-4.1.38-50.3</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-docs-pdf-4.1.38-50.3</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-ec2-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-ec2-base-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-ec2-devel-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-macros-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-obs-build-4.1.38-50.2</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-obs-qa-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-pae-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-pae-base-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-pae-devel-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-pv-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-pv-base-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-pv-devel-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-source-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-source-vanilla-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-syms-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-vanilla-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-vanilla-devel-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-xen-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-xen-base-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-xen-devel-4.1.38-50.1</ProductID>
      </Status>
    </ProductStatuses>
    <Threats>
      <Threat Type="Impact">
        <Description>moderate</Description>
      </Threat>
    </Threats>
    <CVSSScoreSets>
      <ScoreSet>
        <BaseScore>4.7</BaseScore>
        <Vector>AV:L/AC:M/Au:N/C:N/I:N/A:C</Vector>
      </ScoreSet>
    </CVSSScoreSets>
    <Remediations>
      <Remediation Type="Vendor Fix">
        <Description xml:lang="en">Please Install the update.</Description>
        <URL>https://lists.opensuse.org/opensuse-security-announce/2017-02/msg00037.html</URL>
      </Remediation>
    </Remediations>
    <References>
      <Reference>
        <URL>https://www.suse.com/security/cve/CVE-2017-5986.html</URL>
        <Description>CVE-2017-5986</Description>
      </Reference>
      <Reference>
        <URL>https://bugzilla.suse.com/1025235</URL>
        <Description>SUSE Bug 1025235</Description>
      </Reference>
      <Reference>
        <URL>https://bugzilla.suse.com/1027066</URL>
        <Description>SUSE Bug 1027066</Description>
      </Reference>
    </References>
  </Vulnerability>
  <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="4">
    <Notes>
      <Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.</Note>
    </Notes>
    <CVE>CVE-2017-6074</CVE>
    <ProductStatuses>
      <Status Type="Fixed">
        <ProductID>openSUSE Leap 42.1:kernel-debug-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-debug-base-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-debug-devel-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-default-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-default-base-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-default-devel-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-devel-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-docs-4.1.38-50.3</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-docs-html-4.1.38-50.3</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-docs-pdf-4.1.38-50.3</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-ec2-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-ec2-base-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-ec2-devel-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-macros-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-obs-build-4.1.38-50.2</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-obs-qa-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-pae-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-pae-base-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-pae-devel-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-pv-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-pv-base-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-pv-devel-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-source-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-source-vanilla-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-syms-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-vanilla-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-vanilla-devel-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-xen-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-xen-base-4.1.38-50.1</ProductID>
        <ProductID>openSUSE Leap 42.1:kernel-xen-devel-4.1.38-50.1</ProductID>
      </Status>
    </ProductStatuses>
    <Threats>
      <Threat Type="Impact">
        <Description>important</Description>
      </Threat>
    </Threats>
    <CVSSScoreSets>
      <ScoreSet>
        <BaseScore>7.2</BaseScore>
        <Vector>AV:L/AC:L/Au:N/C:C/I:C/A:C</Vector>
      </ScoreSet>
    </CVSSScoreSets>
    <Remediations>
      <Remediation Type="Vendor Fix">
        <Description xml:lang="en">Please Install the update.</Description>
        <URL>https://lists.opensuse.org/opensuse-security-announce/2017-02/msg00037.html</URL>
      </Remediation>
    </Remediations>
    <References>
      <Reference>
        <URL>https://www.suse.com/security/cve/CVE-2017-6074.html</URL>
        <Description>CVE-2017-6074</Description>
      </Reference>
      <Reference>
        <URL>https://bugzilla.suse.com/1026024</URL>
        <Description>SUSE Bug 1026024</Description>
      </Reference>
      <Reference>
        <URL>https://bugzilla.suse.com/1033287</URL>
        <Description>SUSE Bug 1033287</Description>
      </Reference>
    </References>
  </Vulnerability>
</cvrfdoc>
