SUSE-SU-2017:0494-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Feb 17 10:08:15 MST 2017


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:0494-1
Rating:             important
References:         #1001419 #1002165 #1003077 #1003253 #1003925 
                    #1004517 #1007944 #1008374 #1008645 #1008831 
                    #1008833 #1008850 #1009875 #1010150 #1010467 
                    #1010501 #1010507 #1010711 #1010713 #1010716 
                    #1011685 #1011820 #1012183 #1012422 #1012832 
                    #1012851 #1012852 #1012895 #1013038 #1013042 
                    #1013531 #1013542 #1014454 #1014746 #1015878 
                    #1017710 #1018446 #1019079 #1019783 #1021258 
                    #821612 #824171 #914939 #929141 #935436 #956514 
                    #961923 #966826 #967716 #969340 #973691 #979595 
                    #987576 #989152 #989261 #991665 #992566 #992569 
                    #992906 #992991 #993890 #993891 #994296 #994618 
                    #994759 #995968 #996329 #996541 #996557 #997059 
                    #997401 #997708 #998689 #999932 #999943 
Cross-References:   CVE-2004-0230 CVE-2012-6704 CVE-2015-1350
                    CVE-2015-8956 CVE-2015-8962 CVE-2015-8964
                    CVE-2015-8970 CVE-2016-0823 CVE-2016-10088
                    CVE-2016-3841 CVE-2016-6828 CVE-2016-7042
                    CVE-2016-7097 CVE-2016-7117 CVE-2016-7425
                    CVE-2016-7910 CVE-2016-7911 CVE-2016-7916
                    CVE-2016-8399 CVE-2016-8632 CVE-2016-8633
                    CVE-2016-8646 CVE-2016-9555 CVE-2016-9685
                    CVE-2016-9756 CVE-2016-9793 CVE-2017-5551
                   
Affected Products:
                    SUSE OpenStack Cloud 5
                    SUSE Manager Proxy 2.1
                    SUSE Manager 2.1
                    SUSE Linux Enterprise Server 11-SP3-LTSS
                    SUSE Linux Enterprise Server 11-EXTRA
                    SUSE Linux Enterprise Point of Sale 11-SP3
                    SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

   An update that solves 27 vulnerabilities and has 48 fixes
   is now available.

Description:


   The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive
   various security and bugfixes.

   The following security bugs were fixed:

   - CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not
     verify that a setkey operation has been performed on an AF_ALG socket
     before an accept system call is processed, which allowed local users to
     cause a denial of service (NULL pointer dereference and system crash)
     via a crafted application that did not supply a key, related to the
     lrw_crypt function in crypto/lrw.c (bnc#1008374).
   - CVE-2017-5551: Clear S_ISGID on tmpfs when setting posix ACLs
     (bsc#1021258).
   - CVE-2016-7097: The filesystem implementation in the Linux kernel
     preserves the setgid bit during a setxattr call, which allowed local
     users to gain group privileges by leveraging the existence of a setgid
     program with restrictions on execute permissions (bnc#995968).
   - CVE-2016-10088: The sg implementation in the Linux kernel did not
     properly restrict write operations in situations where the KERNEL_DS
     option is set, which allowed local users to read or write to arbitrary
     kernel memory locations or cause a denial of service (use-after-free) by
     leveraging access to a /dev/sg device, related to block/bsg.c and
     drivers/scsi/sg.c.  NOTE: this vulnerability exists because of an
     incomplete fix for CVE-2016-9576 (bnc#1017710).
   - CVE-2004-0230: TCP, when using a large Window Size, made it easier for
     remote attackers to guess sequence numbers and cause a denial of service
     (connection loss) to persistent TCP connections by repeatedly injecting
     a TCP RST packet, especially in protocols that use long-lived
     connections, such as BGP (bnc#969340).
   - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the
     Linux kernel did not validate the relationship between the minimum
     fragment length and the maximum packet size, which allowed local users
     to gain privileges or cause a denial of service (heap-based buffer
     overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831).
   - CVE-2016-8399: An elevation of privilege vulnerability in the kernel
     networking subsystem could have enabled a local malicious application to
     execute arbitrary code within the context of the kernel bnc#1014746).
   - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the
     Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,
     which allowed local users to cause a denial of service (memory
     corruption and system crash) or possibly have unspecified other impact
     by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt
     system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option
     (bnc#1013531).
   - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the
     Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,
     which allowed local users to cause a denial of service (memory
     corruption and system crash) or possibly have unspecified other impact
     by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt
     system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542).
   - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not
     properly initialize Code Segment (CS) in certain error cases, which
     allowed local users to obtain sensitive information from kernel stack
     memory via a crafted application (bnc#1013038).
   - CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options
     data, which allowed local users to gain privileges or cause a denial of
     service (use-after-free and system crash) via a crafted sendmsg system
     call (bnc#992566).
   - CVE-2016-9685: Multiple memory leaks in error paths in
     fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause
     a denial of service (memory consumption) via crafted XFS filesystem
     operations (bnc#1012832).
   - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an
     incomplete set of requirements for setattr operations that
     underspecifies removing extended privilege attributes, which allowed
     local users to cause a denial of service (capability stripping) via a
     failed invocation of a system call, as demonstrated by using chown to
     remove a capability from the ping or Wireshark dumpcap program
     (bnc#914939).
   - CVE-2015-8962: Double free vulnerability in the sg_common_write function
     in drivers/scsi/sg.c in the Linux kernel allowed local users to gain
     privileges or cause a denial of service (memory corruption and system
     crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).
   - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in
     the Linux kernel lacked chunk-length checking for the first chunk, which
     allowed remote attackers to cause a denial of service (out-of-bounds
     slab access) or possibly have unspecified other impact via crafted SCTP
     data (bnc#1011685).
   - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop
     function in block/genhd.c in the Linux kernel allowed local users to
     gain privileges by leveraging the execution of a certain stop operation
     even if the corresponding start operation had failed (bnc#1010716).
   - CVE-2016-7911: Race condition in the get_task_ioprio function in
     block/ioprio.c in the Linux kernel allowed local users to gain
     privileges or cause a denial of service (use-after-free) via a crafted
     ioprio_get system call (bnc#1010711).
   - CVE-2015-8964: The tty_set_termios_ldisc function in
     drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to
     obtain sensitive information from kernel memory by reading a tty data
     structure (bnc#1010507).
   - CVE-2016-7916: Race condition in the environ_read function in
     fs/proc/base.c in the Linux kernel allowed local users to obtain
     sensitive information from kernel memory by reading a /proc/*/environ
     file during a process-setup time interval in which environment-variable
     copying is incomplete (bnc#1010467).
   - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the
     Linux kernel allowed local users to cause a denial of service (OOPS) by
     attempting to trigger use of in-kernel hash algorithms for a socket that
     has received zero bytes of data (bnc#1010150).
   - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel in certain
     unusual hardware configurations allowed remote attackers to execute
     arbitrary code via crafted fragmented packets (bnc#1008833).
   - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in
     the Linux, when the GNU Compiler Collection (gcc) stack protector is
     enabled, used an incorrect buffer size for certain timeout data, which
     allowed local users to cause a denial of service (stack memory
     corruption and panic) by reading the /proc/keys file (bnc#1004517).
   - CVE-2015-8956: The rfcomm_sock_bind function in
     net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to
     obtain sensitive information or cause a denial of service (NULL pointer
     dereference) via vectors involving a bind system call on a Bluetooth
     RFCOMM socket (bnc#1003925).
   - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg
     function in net/socket.c in the Linux kernel allowed remote attackers to
     execute arbitrary code via vectors involving a recvmmsg system call that
     is mishandled during error processing (bnc#1003077).
   - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the
     Linux kernel allowed local users to obtain sensitive physical-address
     information by reading a pagemap file (bnc#994759).
   - CVE-2016-7425: The arcmsr_iop_message_xfer function in
     drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a
     certain length field, which allowed local users to gain privileges or
     cause a denial of service (heap-based buffer overflow) via an
     ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).
   - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in
     the Linux kernel did not properly maintain certain SACK state after a
     failed data copy, which allowed local users to cause a denial of service
     (tcp_xmit_retransmit_queue use-after-free and system crash) via a
     crafted SACK option (bnc#994296).

   The following non-security bugs were fixed:

   - Always include the git commit in KOTD builds. This allows us not to set
     it explicitly in builds submitted to the official distribution
     (bnc#821612, bnc#824171).
   - KVM: x86: SYSENTER emulation is broken (bsc#994618).
   - NFS: Do not disconnect open-owner on NFS4ERR_BAD_SEQID (bsc#989261).
   - NFS: Refresh open-owner id when server says SEQID is bad (bsc#989261).
   - NFSv4: Ensure that we do not drop a state owner more than once
     (bsc#979595).
   - NFSv4: add flock_owner to open context (bnc#998689).
   - NFSv4: change nfs4_do_setattr to take an open_context instead of a
     nfs4_state (bnc#998689).
   - NFSv4: change nfs4_select_rw_stateid to take a lock_context inplace of
     lock_owner (bnc#998689).
   - NFSv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is
     one (bnc#998689).
   - NFSv4: fix broken patch relating to v4 read delegations (bsc#956514,
     bsc#989261, bsc#979595).
   - SELinux: Fix possible NULL pointer dereference in
     selinux_inode_permission() (bsc#1012895).
   - USB: fix typo in wMaxPacketSize validation (bsc#991665).
   - USB: validate wMaxPacketValue entries in endpoint descriptors
     (bnc#991665).
   - Update patches.xen/xen3-auto-arch-x86.diff (bsc#929141, among others).
   - __ptrace_may_access() should not deny sub-threads (bsc#1012851).
   - apparmor: fix IRQ stack overflow during free_profile (bsc#1009875).
   - arch/powerpc: Remove duplicate/redundant Altivec entries (bsc#967716).
   - cdc-acm: added sanity checking for probe() (bsc#993891).
   - include/linux/math64.h: add div64_ul() (bsc#996329).
   - kabi-fix for flock_owner addition (bsc#998689).
   - kabi: get back scsi_device.current_cmnd (bsc#935436).
   - kaweth: fix firmware download (bsc#993890).
   - kaweth: fix oops upon failed memory allocation (bsc#993890).
   - kexec: add a kexec_crash_loaded() function (bsc#973691).
   - md linear: fix a race between linear_add() and linear_congested()
     (bsc#1018446).
   - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (bsc#1011820).
   - mpt3sas: Fix panic when aer correct error occurred (bsc#997708,
     bsc#999943).
   - mremap: enforce rmap src/dst vma ordering in case of vma_merge()
     succeeding in copy_vma() (VM Functionality, bsc#1008645).
   - nfs4: reset states to use open_stateid when returning delegation
     voluntarily (bsc#1007944).
   - ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783).
   - posix-timers: Remove remaining uses of tasklist_lock (bnc#997401).
   - posix-timers: Use sighand lock instead of tasklist_lock for task clock
     sample (bnc#997401).
   - posix-timers: Use sighand lock instead of tasklist_lock on timer
     deletion (bnc#997401).
   - powerpc: Add ability to build little endian kernels (bsc#967716).
   - powerpc: Avoid load of static chain register when calling nested
     functions through a pointer on 64bit (bsc#967716).
   - powerpc: Do not build assembly files with ABIv2 (bsc#967716).
   - powerpc: Do not use ELFv2 ABI to build the kernel (bsc#967716).
   - powerpc: Fix 64 bit builds with binutils 2.24 (bsc#967716).
   - powerpc: Fix error when cross building TAGS and cscope (bsc#967716).
   - powerpc: Make the vdso32 also build big-endian (bsc#967716).
   - powerpc: Remove altivec fix for gcc versions before 4.0 (bsc#967716).
   - powerpc: Remove buggy 9-year-old test for binutils lower than 2.12.1
     (bsc#967716).
   - powerpc: Require gcc 4.0 on 64-bit (bsc#967716).
   - powerpc: dtc is required to build dtb files (bsc#967716).
   - printk/sched: Introduce special printk_sched() for those awkward
     (bsc#1013042, bsc#996541, bsc#1015878).
   - qlcnic: Schedule napi directly in netpoll (bsc#966826).
   - reiserfs: fix race in prealloc discard (bsc#987576).
   - rpm/config.sh: Set a fitting release string (bsc#997059)
   - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422)
   - rpm/mkspec: Read a default release string from rpm/config.sh (bsc997059)
   - s390/dasd: fix failfast for disconnected devices (bnc#961923,
     LTC#135138).
   - sched/core: Fix a race between try_to_wake_up() and a woken up task
     (bnc#1002165).
   - sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule()
     (bnc#1001419).
   - sched: Fix possible divide by zero in avg_atom() calculation
     (bsc#996329).
   - scsi: lpfc: Set elsiocb contexts to NULL after freeing it (bsc#996557).
   - scsi: remove current_cmnd field from struct scsi_device (bsc#935436).
   - x86/MCE/intel: Cleanup CMCI storm logic (bsc#929141).
   - xfs: remove the deprecated nodelaylog option (bsc#992906).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud 5:

      zypper in -t patch sleclo50sp3-linux-kernel-12992=1

   - SUSE Manager Proxy 2.1:

      zypper in -t patch slemap21-linux-kernel-12992=1

   - SUSE Manager 2.1:

      zypper in -t patch sleman21-linux-kernel-12992=1

   - SUSE Linux Enterprise Server 11-SP3-LTSS:

      zypper in -t patch slessp3-linux-kernel-12992=1

   - SUSE Linux Enterprise Server 11-EXTRA:

      zypper in -t patch slexsp3-linux-kernel-12992=1

   - SUSE Linux Enterprise Point of Sale 11-SP3:

      zypper in -t patch sleposp3-linux-kernel-12992=1

   - SUSE Linux Enterprise Debuginfo 11-SP3:

      zypper in -t patch dbgsp3-linux-kernel-12992=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE OpenStack Cloud 5 (x86_64):

      kernel-bigsmp-3.0.101-0.47.96.1
      kernel-bigsmp-base-3.0.101-0.47.96.1
      kernel-bigsmp-devel-3.0.101-0.47.96.1
      kernel-default-3.0.101-0.47.96.1
      kernel-default-base-3.0.101-0.47.96.1
      kernel-default-devel-3.0.101-0.47.96.1
      kernel-ec2-3.0.101-0.47.96.1
      kernel-ec2-base-3.0.101-0.47.96.1
      kernel-ec2-devel-3.0.101-0.47.96.1
      kernel-source-3.0.101-0.47.96.1
      kernel-syms-3.0.101-0.47.96.1
      kernel-trace-3.0.101-0.47.96.1
      kernel-trace-base-3.0.101-0.47.96.1
      kernel-trace-devel-3.0.101-0.47.96.1
      kernel-xen-3.0.101-0.47.96.1
      kernel-xen-base-3.0.101-0.47.96.1
      kernel-xen-devel-3.0.101-0.47.96.1

   - SUSE Manager Proxy 2.1 (x86_64):

      kernel-bigsmp-3.0.101-0.47.96.1
      kernel-bigsmp-base-3.0.101-0.47.96.1
      kernel-bigsmp-devel-3.0.101-0.47.96.1
      kernel-default-3.0.101-0.47.96.1
      kernel-default-base-3.0.101-0.47.96.1
      kernel-default-devel-3.0.101-0.47.96.1
      kernel-ec2-3.0.101-0.47.96.1
      kernel-ec2-base-3.0.101-0.47.96.1
      kernel-ec2-devel-3.0.101-0.47.96.1
      kernel-source-3.0.101-0.47.96.1
      kernel-syms-3.0.101-0.47.96.1
      kernel-trace-3.0.101-0.47.96.1
      kernel-trace-base-3.0.101-0.47.96.1
      kernel-trace-devel-3.0.101-0.47.96.1
      kernel-xen-3.0.101-0.47.96.1
      kernel-xen-base-3.0.101-0.47.96.1
      kernel-xen-devel-3.0.101-0.47.96.1

   - SUSE Manager 2.1 (s390x x86_64):

      kernel-default-3.0.101-0.47.96.1
      kernel-default-base-3.0.101-0.47.96.1
      kernel-default-devel-3.0.101-0.47.96.1
      kernel-source-3.0.101-0.47.96.1
      kernel-syms-3.0.101-0.47.96.1
      kernel-trace-3.0.101-0.47.96.1
      kernel-trace-base-3.0.101-0.47.96.1
      kernel-trace-devel-3.0.101-0.47.96.1

   - SUSE Manager 2.1 (x86_64):

      kernel-bigsmp-3.0.101-0.47.96.1
      kernel-bigsmp-base-3.0.101-0.47.96.1
      kernel-bigsmp-devel-3.0.101-0.47.96.1
      kernel-ec2-3.0.101-0.47.96.1
      kernel-ec2-base-3.0.101-0.47.96.1
      kernel-ec2-devel-3.0.101-0.47.96.1
      kernel-xen-3.0.101-0.47.96.1
      kernel-xen-base-3.0.101-0.47.96.1
      kernel-xen-devel-3.0.101-0.47.96.1

   - SUSE Manager 2.1 (s390x):

      kernel-default-man-3.0.101-0.47.96.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):

      kernel-default-3.0.101-0.47.96.1
      kernel-default-base-3.0.101-0.47.96.1
      kernel-default-devel-3.0.101-0.47.96.1
      kernel-source-3.0.101-0.47.96.1
      kernel-syms-3.0.101-0.47.96.1
      kernel-trace-3.0.101-0.47.96.1
      kernel-trace-base-3.0.101-0.47.96.1
      kernel-trace-devel-3.0.101-0.47.96.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64):

      kernel-ec2-3.0.101-0.47.96.1
      kernel-ec2-base-3.0.101-0.47.96.1
      kernel-ec2-devel-3.0.101-0.47.96.1
      kernel-xen-3.0.101-0.47.96.1
      kernel-xen-base-3.0.101-0.47.96.1
      kernel-xen-devel-3.0.101-0.47.96.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64):

      kernel-bigsmp-3.0.101-0.47.96.1
      kernel-bigsmp-base-3.0.101-0.47.96.1
      kernel-bigsmp-devel-3.0.101-0.47.96.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x):

      kernel-default-man-3.0.101-0.47.96.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586):

      kernel-pae-3.0.101-0.47.96.1
      kernel-pae-base-3.0.101-0.47.96.1
      kernel-pae-devel-3.0.101-0.47.96.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):

      kernel-default-extra-3.0.101-0.47.96.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):

      kernel-xen-extra-3.0.101-0.47.96.1

   - SUSE Linux Enterprise Server 11-EXTRA (x86_64):

      kernel-bigsmp-extra-3.0.101-0.47.96.1
      kernel-trace-extra-3.0.101-0.47.96.1

   - SUSE Linux Enterprise Server 11-EXTRA (ppc64):

      kernel-ppc64-extra-3.0.101-0.47.96.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586):

      kernel-pae-extra-3.0.101-0.47.96.1

   - SUSE Linux Enterprise Point of Sale 11-SP3 (i586):

      kernel-default-3.0.101-0.47.96.1
      kernel-default-base-3.0.101-0.47.96.1
      kernel-default-devel-3.0.101-0.47.96.1
      kernel-ec2-3.0.101-0.47.96.1
      kernel-ec2-base-3.0.101-0.47.96.1
      kernel-ec2-devel-3.0.101-0.47.96.1
      kernel-pae-3.0.101-0.47.96.1
      kernel-pae-base-3.0.101-0.47.96.1
      kernel-pae-devel-3.0.101-0.47.96.1
      kernel-source-3.0.101-0.47.96.1
      kernel-syms-3.0.101-0.47.96.1
      kernel-trace-3.0.101-0.47.96.1
      kernel-trace-base-3.0.101-0.47.96.1
      kernel-trace-devel-3.0.101-0.47.96.1
      kernel-xen-3.0.101-0.47.96.1
      kernel-xen-base-3.0.101-0.47.96.1
      kernel-xen-devel-3.0.101-0.47.96.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):

      kernel-default-debuginfo-3.0.101-0.47.96.1
      kernel-default-debugsource-3.0.101-0.47.96.1
      kernel-trace-debuginfo-3.0.101-0.47.96.1
      kernel-trace-debugsource-3.0.101-0.47.96.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64):

      kernel-ec2-debuginfo-3.0.101-0.47.96.1
      kernel-ec2-debugsource-3.0.101-0.47.96.1
      kernel-xen-debuginfo-3.0.101-0.47.96.1
      kernel-xen-debugsource-3.0.101-0.47.96.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64):

      kernel-bigsmp-debuginfo-3.0.101-0.47.96.1
      kernel-bigsmp-debugsource-3.0.101-0.47.96.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586):

      kernel-pae-debuginfo-3.0.101-0.47.96.1
      kernel-pae-debugsource-3.0.101-0.47.96.1


References:

   https://www.suse.com/security/cve/CVE-2004-0230.html
   https://www.suse.com/security/cve/CVE-2012-6704.html
   https://www.suse.com/security/cve/CVE-2015-1350.html
   https://www.suse.com/security/cve/CVE-2015-8956.html
   https://www.suse.com/security/cve/CVE-2015-8962.html
   https://www.suse.com/security/cve/CVE-2015-8964.html
   https://www.suse.com/security/cve/CVE-2015-8970.html
   https://www.suse.com/security/cve/CVE-2016-0823.html
   https://www.suse.com/security/cve/CVE-2016-10088.html
   https://www.suse.com/security/cve/CVE-2016-3841.html
   https://www.suse.com/security/cve/CVE-2016-6828.html
   https://www.suse.com/security/cve/CVE-2016-7042.html
   https://www.suse.com/security/cve/CVE-2016-7097.html
   https://www.suse.com/security/cve/CVE-2016-7117.html
   https://www.suse.com/security/cve/CVE-2016-7425.html
   https://www.suse.com/security/cve/CVE-2016-7910.html
   https://www.suse.com/security/cve/CVE-2016-7911.html
   https://www.suse.com/security/cve/CVE-2016-7916.html
   https://www.suse.com/security/cve/CVE-2016-8399.html
   https://www.suse.com/security/cve/CVE-2016-8632.html
   https://www.suse.com/security/cve/CVE-2016-8633.html
   https://www.suse.com/security/cve/CVE-2016-8646.html
   https://www.suse.com/security/cve/CVE-2016-9555.html
   https://www.suse.com/security/cve/CVE-2016-9685.html
   https://www.suse.com/security/cve/CVE-2016-9756.html
   https://www.suse.com/security/cve/CVE-2016-9793.html
   https://www.suse.com/security/cve/CVE-2017-5551.html
   https://bugzilla.suse.com/1001419
   https://bugzilla.suse.com/1002165
   https://bugzilla.suse.com/1003077
   https://bugzilla.suse.com/1003253
   https://bugzilla.suse.com/1003925
   https://bugzilla.suse.com/1004517
   https://bugzilla.suse.com/1007944
   https://bugzilla.suse.com/1008374
   https://bugzilla.suse.com/1008645
   https://bugzilla.suse.com/1008831
   https://bugzilla.suse.com/1008833
   https://bugzilla.suse.com/1008850
   https://bugzilla.suse.com/1009875
   https://bugzilla.suse.com/1010150
   https://bugzilla.suse.com/1010467
   https://bugzilla.suse.com/1010501
   https://bugzilla.suse.com/1010507
   https://bugzilla.suse.com/1010711
   https://bugzilla.suse.com/1010713
   https://bugzilla.suse.com/1010716
   https://bugzilla.suse.com/1011685
   https://bugzilla.suse.com/1011820
   https://bugzilla.suse.com/1012183
   https://bugzilla.suse.com/1012422
   https://bugzilla.suse.com/1012832
   https://bugzilla.suse.com/1012851
   https://bugzilla.suse.com/1012852
   https://bugzilla.suse.com/1012895
   https://bugzilla.suse.com/1013038
   https://bugzilla.suse.com/1013042
   https://bugzilla.suse.com/1013531
   https://bugzilla.suse.com/1013542
   https://bugzilla.suse.com/1014454
   https://bugzilla.suse.com/1014746
   https://bugzilla.suse.com/1015878
   https://bugzilla.suse.com/1017710
   https://bugzilla.suse.com/1018446
   https://bugzilla.suse.com/1019079
   https://bugzilla.suse.com/1019783
   https://bugzilla.suse.com/1021258
   https://bugzilla.suse.com/821612
   https://bugzilla.suse.com/824171
   https://bugzilla.suse.com/914939
   https://bugzilla.suse.com/929141
   https://bugzilla.suse.com/935436
   https://bugzilla.suse.com/956514
   https://bugzilla.suse.com/961923
   https://bugzilla.suse.com/966826
   https://bugzilla.suse.com/967716
   https://bugzilla.suse.com/969340
   https://bugzilla.suse.com/973691
   https://bugzilla.suse.com/979595
   https://bugzilla.suse.com/987576
   https://bugzilla.suse.com/989152
   https://bugzilla.suse.com/989261
   https://bugzilla.suse.com/991665
   https://bugzilla.suse.com/992566
   https://bugzilla.suse.com/992569
   https://bugzilla.suse.com/992906
   https://bugzilla.suse.com/992991
   https://bugzilla.suse.com/993890
   https://bugzilla.suse.com/993891
   https://bugzilla.suse.com/994296
   https://bugzilla.suse.com/994618
   https://bugzilla.suse.com/994759
   https://bugzilla.suse.com/995968
   https://bugzilla.suse.com/996329
   https://bugzilla.suse.com/996541
   https://bugzilla.suse.com/996557
   https://bugzilla.suse.com/997059
   https://bugzilla.suse.com/997401
   https://bugzilla.suse.com/997708
   https://bugzilla.suse.com/998689
   https://bugzilla.suse.com/999932
   https://bugzilla.suse.com/999943



More information about the sle-security-updates mailing list