SUSE-SU-2017:0333-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Jan 30 12:09:00 MST 2017


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:0333-1
Rating:             important
References:         #1003077 #1003925 #1004517 #1007944 #1008645 
                    #1008831 #1008833 #1009443 #1010150 #1010467 
                    #1010501 #1010507 #1010711 #1010716 #1011482 
                    #1011685 #1012422 #1012832 #1013038 #1013531 
                    #1013542 #1014746 #1017710 #1021258 #835175 
                    #839104 #863873 #874145 #896484 #908069 #914939 
                    #922947 #927287 #940966 #950998 #954984 #956514 
                    #958000 #960689 #963053 #967716 #968500 #969340 
                    #971360 #971944 #978401 #978821 #979213 #979274 
                    #979548 #979595 #979879 #979915 #980363 #980371 
                    #980725 #981267 #983143 #983213 #984755 #986362 
                    #986365 #986445 #986572 #989261 #991608 #991665 
                    #992566 #993890 #993891 #994296 #994436 #994618 
                    #994759 #995968 #997059 #999932 
Cross-References:   CVE-2004-0230 CVE-2012-6704 CVE-2013-4312
                    CVE-2015-1350 CVE-2015-7513 CVE-2015-7833
                    CVE-2015-8956 CVE-2015-8962 CVE-2015-8964
                    CVE-2016-0823 CVE-2016-10088 CVE-2016-1583
                    CVE-2016-2187 CVE-2016-2189 CVE-2016-3841
                    CVE-2016-4470 CVE-2016-4482 CVE-2016-4485
                    CVE-2016-4565 CVE-2016-4569 CVE-2016-4578
                    CVE-2016-4580 CVE-2016-4805 CVE-2016-4913
                    CVE-2016-4997 CVE-2016-4998 CVE-2016-5244
                    CVE-2016-5829 CVE-2016-6480 CVE-2016-6828
                    CVE-2016-7042 CVE-2016-7097 CVE-2016-7117
                    CVE-2016-7425 CVE-2016-7910 CVE-2016-7911
                    CVE-2016-7916 CVE-2016-8399 CVE-2016-8632
                    CVE-2016-8633 CVE-2016-8646 CVE-2016-9555
                    CVE-2016-9685 CVE-2016-9756 CVE-2016-9793
                    CVE-2017-5551
Affected Products:
                    SUSE Linux Enterprise Server 11-SP2-LTSS
                    SUSE Linux Enterprise Debuginfo 11-SP2
______________________________________________________________________________

   An update that solves 46 vulnerabilities and has 31 fixes
   is now available.

Description:


   The SUSE Linux Enterprise 11 SP2 LTSS kernel was updated to receive
   various security and bugfixes.

   This is the last planned LTSS kernel update for the SUSE Linux Enterprise
   Server 11 SP2 LTSS.

   The following security bugs were fixed:

   - CVE-2016-10088: The sg implementation in the Linux kernel did not
     properly restrict write operations in situations where the KERNEL_DS
     option is set, which allowed local users to read or write to arbitrary
     kernel memory locations or cause a denial of service (use-after-free) by
     leveraging access to a /dev/sg device, related to block/bsg.c and
     drivers/scsi/sg.c.  NOTE: this vulnerability exists because of an
     incomplete fix for CVE-2016-9576 (bnc#1017710).
   - CVE-2004-0230: TCP, when using a large Window Size, made it easier for
     remote attackers to guess sequence numbers and cause a denial of service
     (connection loss) to persistent TCP connections by repeatedly injecting
     a TCP RST packet, especially in protocols that use long-lived
     connections, such as BGP (bnc#969340).
   - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the
     Linux kernel did not validate the relationship between the minimum
     fragment length and the maximum packet size, which allowed local users
     to gain privileges or cause a denial of service (heap-based buffer
     overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831).
   - CVE-2016-8399: An out of bounds read in the ping protocol handler could
     have lead to information disclosure (bsc#1014746).
   - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the
     Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,
     which allowed local users to cause a denial of service (memory
     corruption and system crash) or possibly have unspecified other impact
     by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt
     system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option
     (bnc#1013531).
   - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the
     Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,
     which allowed local users to cause a denial of service (memory
     corruption and system crash) or possibly have unspecified other impact
     by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt
     system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542).
   - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not
     properly initialize Code Segment (CS) in certain error cases, which
     allowed local users to obtain sensitive information from kernel stack
     memory via a crafted application (bnc#1013038).
   - CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options
     data, which allowed local users to gain privileges or cause a denial of
     service (use-after-free and system crash) via a crafted sendmsg system
     call (bnc#992566).
   - CVE-2016-9685: Multiple memory leaks in error paths in
     fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause
     a denial of service (memory consumption) via crafted XFS filesystem
     operations (bnc#1012832).
   - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provides an
     incomplete set of requirements for setattr operations that
     underspecified removing extended privilege attributes, which allowed
     local users to cause a denial of service (capability stripping) via a
     failed invocation of a system call, as demonstrated by using chown to
     remove a capability from the ping or Wireshark dumpcap program
     (bnc#914939).
   - CVE-2015-8962: Double free vulnerability in the sg_common_write function
     in drivers/scsi/sg.c in the Linux kernel allowed local users to gain
     privileges or cause a denial of service (memory corruption and system
     crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).
   - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in
     the Linux kernel lacked chunk-length checking for the first chunk, which
     allowed remote attackers to cause a denial of service (out-of-bounds
     slab access) or possibly have unspecified other impact via crafted SCTP
     data (bnc#1011685).
   - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop
     function in block/genhd.c in the Linux kernel allowed local users to
     gain privileges by leveraging the execution of a certain stop operation
     even if the corresponding start operation had failed (bnc#1010716).
   - CVE-2016-7911: Race condition in the get_task_ioprio function in
     block/ioprio.c in the Linux kernel allowed local users to gain
     privileges or cause a denial of service (use-after-free) via a crafted
     ioprio_get system call (bnc#1010711).
   - CVE-2015-8964: The tty_set_termios_ldisc function in
     drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to
     obtain sensitive information from kernel memory by reading a tty data
     structure (bnc#1010507).
   - CVE-2016-7916: Race condition in the environ_read function in
     fs/proc/base.c in the Linux kernel allowed local users to obtain
     sensitive information from kernel memory by reading a /proc/*/environ
     file during a process-setup time interval in which environment-variable
     copying is incomplete (bnc#1010467).
   - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the
     Linux kernel allowed local users to cause a denial of service (OOPS) by
     attempting to trigger use of in-kernel hash algorithms for a socket that
     has received zero bytes of data (bnc#1010150).
   - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel before 4.8.7,
     in certain unusual hardware configurations, allowed remote attackers to
     execute arbitrary code via crafted fragmented packets (bnc#1008833).
   - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in
     the Linux kernel used an incorrect buffer size for certain timeout data,
     which allowed local users to cause a denial of service (stack memory
     corruption and panic) by reading the /proc/keys file (bnc#1004517).
   - CVE-2016-7097: The filesystem implementation in the Linux kernel
     preserves the setgid bit during a setxattr call, which allowed local
     users to gain group privileges by leveraging the existence of a setgid
     program with restrictions on execute permissions (bnc#995968).
   - CVE-2017-5551: The filesystem implementation in the Linux kernel
     preserves the setgid bit during a setxattr call, which allowed local
     users to gain group privileges by leveraging the existence of a setgid
     program with restrictions on execute permissions. This CVE tracks the
     fix for the tmpfs filesystem. (bsc#1021258).
   - CVE-2015-8956: The rfcomm_sock_bind function in
     net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to
     obtain sensitive information or cause a denial of service (NULL pointer
     dereference) via vectors involving a bind system call on a Bluetooth
     RFCOMM socket (bnc#1003925).
   - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg
     function in net/socket.c in the Linux kernel allowed remote attackers to
     execute arbitrary code via vectors involving a recvmmsg system call that
     is mishandled during error processing (bnc#1003077).
   - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the
     Linux kernel allowed local users to obtain sensitive physical-address
     information by reading a pagemap file, aka Android internal bug 25739721
     (bnc#994759).
   - CVE-2016-7425: The arcmsr_iop_message_xfer function in
     drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a
     certain length field, which allowed local users to gain privileges or
     cause a denial of service (heap-based buffer overflow) via an
     ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).
   - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in
     the Linux kernel did not properly maintain certain SACK state after a
     failed data copy, which allowed local users to cause a denial of service
     (tcp_xmit_retransmit_queue use-after-free and system crash) via a
     crafted SACK option (bnc#994296).
   - CVE-2016-6480: Race condition in the ioctl_send_fib function in
     drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users
     to cause a denial of service (out-of-bounds access or system crash) by
     changing a certain size value, aka a "double fetch" vulnerability
     (bnc#991608).
   - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the
     netfilter subsystem in the Linux kernel allowed local users to cause a
     denial of service (out-of-bounds read) or possibly obtain sensitive
     information from kernel heap memory by leveraging in-container root
     access to provide a crafted offset value that leads to crossing a
     ruleset blob boundary (bsc#986365).
   - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the
     PIT counter values during state restoration, which allowed guest OS
     users to cause a denial of service (divide-by-zero error and host OS
     crash) via a zero value, related to the kvm_vm_ioctl_set_pit and
     kvm_vm_ioctl_set_pit2 functions (bnc#960689).
   - CVE-2013-4312: The Linux kernel allowed local users to bypass
     file-descriptor limits and cause a denial of service (memory
     consumption) by sending each descriptor over a UNIX socket before
     closing it, related to net/unix/af_unix.c and net/unix/garbage.c
     (bnc#839104).
   - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE
     setsockopt implementations in the netfilter subsystem in the Linux
     kernel allow local users to gain privileges or cause a denial of service
     (memory corruption) by leveraging in-container root access to provide a
     crafted offset value that triggers an unintended decrement (bnc#986362).
   - CVE-2016-5829: Multiple heap-based buffer overflows in the
     hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux
     kernel allow local users to cause a denial of service or possibly have
     unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2)
     HIDIOCSUSAGES ioctl call (bnc#986572).
   - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c
     in the Linux kernel did not ensure that a certain data structure is
     initialized, which allowed local users to cause a denial of service
     (system crash) via vectors involving a crafted keyctl request2 command
     (bnc#984755).
   - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the
     Linux kernel did not initialize a certain structure member, which
     allowed remote attackers to obtain sensitive information from kernel
     stack memory by reading an RDS message (bnc#983213).
   - CVE-2016-1583: The ecryptfs_privileged_open function in
     fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain
     privileges or cause a denial of service (stack memory consumption) via
     vectors involving crafted mmap calls for /proc pathnames, leading to
     recursive pagefault handling (bnc#983143).
   - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c
     in the Linux kernel mishandled NM (aka alternate name) entries
     containing \0 characters, which allowed local users to obtain sensitive
     information from kernel memory or possibly have unspecified other impact
     via a crafted isofs filesystem (bnc#980725).
   - CVE-2016-4580: The x25_negotiate_facilities function in
     net/x25/x25_facilities.c in the Linux kernel did not properly initialize
     a certain data structure, which allowed attackers to obtain sensitive
     information from kernel stack memory via an X.25 Call Request
     (bnc#981267).
   - CVE-2016-4805: Use-after-free vulnerability in
     drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to
     cause a denial of service (memory corruption and system crash, or
     spinlock) or possibly have unspecified other impact by removing a
     network namespace, related to the ppp_register_net_channel and
     ppp_unregister_channel functions (bnc#980371).
   - CVE-2015-7833: The usbvision driver in the Linux kernel allowed
     physically proximate attackers to cause a denial of service (panic) via
     a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998).
   - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in
     the Linux kernel allowed physically proximate attackers to cause a
     denial of service (NULL pointer dereference and system crash) via a
     crafted endpoints value in a USB device descriptor (bnc#971944).
   - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c
     in the Linux kernel did not initialize a certain data structure, which
     allowed local users to obtain sensitive information from kernel stack
     memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401).
   - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel
     incorrectly relies on the write system call, which allowed local users
     to cause a denial of service (kernel memory write operation) or possibly
     have unspecified other impact via a uAPI interface (bnc#979548).
   - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the
     Linux kernel did not initialize a certain data structure, which allowed
     attackers to obtain sensitive information from kernel stack memory by
     reading a message (bnc#978821).
   - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize
     certain r1 data structures, which allowed local users to obtain
     sensitive information from kernel stack memory via crafted use of the
     ALSA timer interface, related to the (1) snd_timer_user_ccallback and
     (2) snd_timer_user_tinterrupt functions (bnc#979879).
   - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c
     in the Linux kernel did not initialize a certain data structure, which
     allowed local users to obtain sensitive information from kernel stack
     memory via crafted use of the ALSA timer interface (bnc#979213).


   The following non-security bugs were fixed:

   - arch/powerpc: Remove duplicate/redundant Altivec entries (bsc#967716).
   - cdc-acm: added sanity checking for probe() (bsc#993891).
   - cgroups: do not attach task to subsystem if migration failed
     (bnc#979274).
   - cgroups: more safe tasklist locking in cgroup_attach_proc (bnc#979274).
   - dasd: fix hanging system after LCU changes (bnc#968500, LTC#136671).
   - dasd: Fix unresumed device after suspend/resume (bnc#927287, LTC#123892).
   - ipv4/fib: do not warn when primary address is missing if in_dev is dead
     (bsc#971360).
   - kabi, unix: properly account for FDs passed over unix sockets
     (bnc#839104).
   - kaweth: fix firmware download (bsc#993890).
   - kaweth: fix oops upon failed memory allocation (bsc#993890).
   - kvm: x86: SYSENTER emulation is broken (bsc#994618).
   - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED
     (VM Functionality, bnc#986445).
   - mremap: enforce rmap src/dst vma ordering in case of vma_merge()
     succeeding in copy_vma() (VM Functionality, bsc#1008645).
   - nfs4: reset states to use open_stateid when returning delegation
     voluntarily (bsc#1007944).
   - nfs: Do not disconnect open-owner on NFS4ERR_BAD_SEQID (bsc#989261,
     bsc#1011482).
   - nfs: do not do blind d_drop() in nfs_prime_dcache() (bnc#908069
     bnc#896484 bsc#963053).
   - nfs_prime_dcache needs fh to be set (bnc#908069 bnc#896484 bsc#963053).
   - nfs: Refresh open-owner id when server says SEQID is bad (bsc#989261).
   - nfsv4: Ensure that we do not drop a state owner more than once
     (bsc#979595).
   - nfsv4: fix broken patch relating to v4 read delegations (bsc#956514,
     bsc#989261, bsc#979595, bsc#1011482).
   - nfsv4: nfs4_proc_renew should be declared static (bnc#863873).
   - nfsv4: OPEN must handle the NFS4ERR_IO return code correctly
     (bsc#979595).
   - nfsv4: Recovery of recalled read delegations is broken (bsc#956514
     bsc#1011482).
   - nfsv4: The NFSv4.0 client must send RENEW calls if it holds a delegation
     (bnc#863873).
   - powerpc: Add ability to build little endian kernels (bsc#967716).
   - powerpc: Avoid load of static chain register when calling nested
     functions through a pointer on 64bit (bsc#967716).
   - powerpc: Do not build assembly files with ABIv2 (bsc#967716).
   - powerpc: Do not use ELFv2 ABI to build the kernel (bsc#967716).
   - powerpc: dtc is required to build dtb files (bsc#967716).
   - powerpc: Fix 64 bit builds with binutils 2.24 (bsc#967716).
   - powerpc: Fix error when cross building TAGS & cscope (bsc#967716).
   - powerpc: Make the vdso32 also build big-endian (bsc#967716).
   - powerpc: Remove altivec fix for gcc versions before 4.0 (bsc#967716).
   - powerpc: Remove buggy 9-year-old test for binutils < 2.12.1 (bsc#967716).
   - powerpc: Require gcc 4.0 on 64-bit (bsc#967716).
   - ppp: defer netns reference release for ppp channel (bsc#980371).
   - qeth: delete napi struct when removing a qeth device (bnc#979915,
     LTC#143590).
   - qeth: Fix crash on initial MTU size change (bnc#835175, LTC#96809).
   - qeth: postpone freeing of qdio memory (bnc#874145, LTC#107873).
   - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422)
   - Revert "s390/mm: fix asce_bits handling with dynamic pagetable levels"
     This reverts commit 6e00b1d803fa2ab4b130e04b7fbcc99f0b5ecba8.
   - rpm/config.sh: Set the release string to 0.7.<RELEASE> (bsc#997059)
   - rpm/mkspec: Read a default release string from rpm/config.sh (bsc997059)
   - s390/dasd: fix failfast for disconnected devices (bnc#958000,
     LTC#135138).
   - s390/dasd: fix hanging device after clear subchannel (bnc#994436,
     LTC#144640).
   - s390/dasd: fix kernel panic when alias is set offline (bnc#940966,
     LTC#128595).
   - s390/dasd: fix list_del corruption after lcu changes (bnc#954984,
     LTC#133077).
   - s390/mm: fix asce_bits handling with dynamic pagetable levels
     (bnc#979915, LTC#141456). Conflicts: 	series.conf
   - s390/pageattr: do a single TLB flush for change_page_attr
     (bsc#1009443,LTC#148182).
   - Set CONFIG_DEBUG_INFO=y and CONFIG_DEBUG_INFO_REDUCED=n on all platforms
     The specfile adjusts the config if necessary, but a new version of
     run_oldconfig.sh requires the settings to be present in the repository.
   - usb: fix typo in wMaxPacketSize validation (bsc#991665).
   - usb: validate wMaxPacketValue entries in endpoint descriptors
     (bnc#991665).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP2-LTSS:

      zypper in -t patch slessp2-kernel-12961=1

   - SUSE Linux Enterprise Debuginfo 11-SP2:

      zypper in -t patch dbgsp2-kernel-12961=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64):

      kernel-default-3.0.101-0.7.53.1
      kernel-default-base-3.0.101-0.7.53.1
      kernel-default-devel-3.0.101-0.7.53.1
      kernel-source-3.0.101-0.7.53.1
      kernel-syms-3.0.101-0.7.53.1
      kernel-trace-3.0.101-0.7.53.1
      kernel-trace-base-3.0.101-0.7.53.1
      kernel-trace-devel-3.0.101-0.7.53.1

   - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64):

      kernel-ec2-3.0.101-0.7.53.1
      kernel-ec2-base-3.0.101-0.7.53.1
      kernel-ec2-devel-3.0.101-0.7.53.1
      kernel-xen-3.0.101-0.7.53.1
      kernel-xen-base-3.0.101-0.7.53.1
      kernel-xen-devel-3.0.101-0.7.53.1

   - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x):

      kernel-default-man-3.0.101-0.7.53.1

   - SUSE Linux Enterprise Server 11-SP2-LTSS (i586):

      kernel-pae-3.0.101-0.7.53.1
      kernel-pae-base-3.0.101-0.7.53.1
      kernel-pae-devel-3.0.101-0.7.53.1

   - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64):

      kernel-default-debuginfo-3.0.101-0.7.53.1
      kernel-default-debugsource-3.0.101-0.7.53.1
      kernel-default-devel-debuginfo-3.0.101-0.7.53.1
      kernel-trace-debuginfo-3.0.101-0.7.53.1
      kernel-trace-debugsource-3.0.101-0.7.53.1
      kernel-trace-devel-debuginfo-3.0.101-0.7.53.1

   - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 x86_64):

      kernel-ec2-debuginfo-3.0.101-0.7.53.1
      kernel-ec2-debugsource-3.0.101-0.7.53.1
      kernel-xen-debuginfo-3.0.101-0.7.53.1
      kernel-xen-debugsource-3.0.101-0.7.53.1
      kernel-xen-devel-debuginfo-3.0.101-0.7.53.1

   - SUSE Linux Enterprise Debuginfo 11-SP2 (i586):

      kernel-pae-debuginfo-3.0.101-0.7.53.1
      kernel-pae-debugsource-3.0.101-0.7.53.1
      kernel-pae-devel-debuginfo-3.0.101-0.7.53.1


References:

   https://www.suse.com/security/cve/CVE-2004-0230.html
   https://www.suse.com/security/cve/CVE-2012-6704.html
   https://www.suse.com/security/cve/CVE-2013-4312.html
   https://www.suse.com/security/cve/CVE-2015-1350.html
   https://www.suse.com/security/cve/CVE-2015-7513.html
   https://www.suse.com/security/cve/CVE-2015-7833.html
   https://www.suse.com/security/cve/CVE-2015-8956.html
   https://www.suse.com/security/cve/CVE-2015-8962.html
   https://www.suse.com/security/cve/CVE-2015-8964.html
   https://www.suse.com/security/cve/CVE-2016-0823.html
   https://www.suse.com/security/cve/CVE-2016-10088.html
   https://www.suse.com/security/cve/CVE-2016-1583.html
   https://www.suse.com/security/cve/CVE-2016-2187.html
   https://www.suse.com/security/cve/CVE-2016-2189.html
   https://www.suse.com/security/cve/CVE-2016-3841.html
   https://www.suse.com/security/cve/CVE-2016-4470.html
   https://www.suse.com/security/cve/CVE-2016-4482.html
   https://www.suse.com/security/cve/CVE-2016-4485.html
   https://www.suse.com/security/cve/CVE-2016-4565.html
   https://www.suse.com/security/cve/CVE-2016-4569.html
   https://www.suse.com/security/cve/CVE-2016-4578.html
   https://www.suse.com/security/cve/CVE-2016-4580.html
   https://www.suse.com/security/cve/CVE-2016-4805.html
   https://www.suse.com/security/cve/CVE-2016-4913.html
   https://www.suse.com/security/cve/CVE-2016-4997.html
   https://www.suse.com/security/cve/CVE-2016-4998.html
   https://www.suse.com/security/cve/CVE-2016-5244.html
   https://www.suse.com/security/cve/CVE-2016-5829.html
   https://www.suse.com/security/cve/CVE-2016-6480.html
   https://www.suse.com/security/cve/CVE-2016-6828.html
   https://www.suse.com/security/cve/CVE-2016-7042.html
   https://www.suse.com/security/cve/CVE-2016-7097.html
   https://www.suse.com/security/cve/CVE-2016-7117.html
   https://www.suse.com/security/cve/CVE-2016-7425.html
   https://www.suse.com/security/cve/CVE-2016-7910.html
   https://www.suse.com/security/cve/CVE-2016-7911.html
   https://www.suse.com/security/cve/CVE-2016-7916.html
   https://www.suse.com/security/cve/CVE-2016-8399.html
   https://www.suse.com/security/cve/CVE-2016-8632.html
   https://www.suse.com/security/cve/CVE-2016-8633.html
   https://www.suse.com/security/cve/CVE-2016-8646.html
   https://www.suse.com/security/cve/CVE-2016-9555.html
   https://www.suse.com/security/cve/CVE-2016-9685.html
   https://www.suse.com/security/cve/CVE-2016-9756.html
   https://www.suse.com/security/cve/CVE-2016-9793.html
   https://www.suse.com/security/cve/CVE-2017-5551.html
   https://bugzilla.suse.com/1003077
   https://bugzilla.suse.com/1003925
   https://bugzilla.suse.com/1004517
   https://bugzilla.suse.com/1007944
   https://bugzilla.suse.com/1008645
   https://bugzilla.suse.com/1008831
   https://bugzilla.suse.com/1008833
   https://bugzilla.suse.com/1009443
   https://bugzilla.suse.com/1010150
   https://bugzilla.suse.com/1010467
   https://bugzilla.suse.com/1010501
   https://bugzilla.suse.com/1010507
   https://bugzilla.suse.com/1010711
   https://bugzilla.suse.com/1010716
   https://bugzilla.suse.com/1011482
   https://bugzilla.suse.com/1011685
   https://bugzilla.suse.com/1012422
   https://bugzilla.suse.com/1012832
   https://bugzilla.suse.com/1013038
   https://bugzilla.suse.com/1013531
   https://bugzilla.suse.com/1013542
   https://bugzilla.suse.com/1014746
   https://bugzilla.suse.com/1017710
   https://bugzilla.suse.com/1021258
   https://bugzilla.suse.com/835175
   https://bugzilla.suse.com/839104
   https://bugzilla.suse.com/863873
   https://bugzilla.suse.com/874145
   https://bugzilla.suse.com/896484
   https://bugzilla.suse.com/908069
   https://bugzilla.suse.com/914939
   https://bugzilla.suse.com/922947
   https://bugzilla.suse.com/927287
   https://bugzilla.suse.com/940966
   https://bugzilla.suse.com/950998
   https://bugzilla.suse.com/954984
   https://bugzilla.suse.com/956514
   https://bugzilla.suse.com/958000
   https://bugzilla.suse.com/960689
   https://bugzilla.suse.com/963053
   https://bugzilla.suse.com/967716
   https://bugzilla.suse.com/968500
   https://bugzilla.suse.com/969340
   https://bugzilla.suse.com/971360
   https://bugzilla.suse.com/971944
   https://bugzilla.suse.com/978401
   https://bugzilla.suse.com/978821
   https://bugzilla.suse.com/979213
   https://bugzilla.suse.com/979274
   https://bugzilla.suse.com/979548
   https://bugzilla.suse.com/979595
   https://bugzilla.suse.com/979879
   https://bugzilla.suse.com/979915
   https://bugzilla.suse.com/980363
   https://bugzilla.suse.com/980371
   https://bugzilla.suse.com/980725
   https://bugzilla.suse.com/981267
   https://bugzilla.suse.com/983143
   https://bugzilla.suse.com/983213
   https://bugzilla.suse.com/984755
   https://bugzilla.suse.com/986362
   https://bugzilla.suse.com/986365
   https://bugzilla.suse.com/986445
   https://bugzilla.suse.com/986572
   https://bugzilla.suse.com/989261
   https://bugzilla.suse.com/991608
   https://bugzilla.suse.com/991665
   https://bugzilla.suse.com/992566
   https://bugzilla.suse.com/993890
   https://bugzilla.suse.com/993891
   https://bugzilla.suse.com/994296
   https://bugzilla.suse.com/994436
   https://bugzilla.suse.com/994618
   https://bugzilla.suse.com/994759
   https://bugzilla.suse.com/995968
   https://bugzilla.suse.com/997059
   https://bugzilla.suse.com/999932



More information about the sle-security-updates mailing list