[SUSE-SU-2015:0832-1] Security update for kgraft-patch-SLE12_Update_1, kgraft-patch-SLE12_Update_2

Severity Important

CVEs 1

Security update for kgraft-patch-SLE12_Update_1, kgraft-patch-SLE12_Update_2

This update supplies kgraft patches to fix one security vulnerability.

CVE-2015-1421: A use-after-free vulnerability in the sctp_assoc_update
function in net/sctp/associola.c in the Linux kernel allowed remote
attackers to cause a denial of service (slab corruption and panic) or
possibly have unspecified other impact by triggering an INIT collision
that leads to improper handling of shared-key data.

This patch supplies kgraft patches for the first kernel update and the second kernel
update published for SUSE Linux Enterprise Server 12. The third kernel update contains
the patch already.

ID

SUSE-SU-2015:0832-1

Severity

important

URL

https://www.suse.com/support/update/announcement/2015/suse-su-20150832-1/

Published

2015-04-01T14:12:12
(9 years ago)

Modified

2015-04-01T14:12:12
(9 years ago)

Rights

Other Advisories

Source	Name	URL
Suse	SUSE ratings	https://www.suse.com/support/security/rating/
Suse	URL of this CSAF notice	https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_0832-1.json
Suse	URL for SUSE-SU-2015:0832-1	https://www.suse.com/support/update/announcement/2015/suse-su-20150832-1/
Suse	E-Mail link for SUSE-SU-2015:0832-1	https://lists.suse.com/pipermail/sle-security-updates/2015-May/001370.html
Bugzilla	SUSE Bug 920633	https://bugzilla.suse.com/920633
Bugzilla	SUSE Bug 922004	https://bugzilla.suse.com/922004
CVE	SUSE CVE CVE-2015-1421 page	https://www.suse.com/security/cve/CVE-2015-1421/

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date