{"id":"SUSE-SU-2016:0585-1","summary":"Security update for the Linux Kernel","details":"The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.53 to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n- CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654).\n- CVE-2015-5707: Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request (bnc#940338).\n- CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951).\n- CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936).\n- CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that was (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272 (bnc#955354).\n- CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463).\n- CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886).\n- CVE-2015-8550: Optimizations introduced by the compiler could have lead to double fetch vulnerabilities, potentially  possibly leading to arbitrary code execution in backend (bsc#957988).\n- CVE-2015-8551: Xen PCI backend driver did not perform proper sanity checks on the device's state, allowing for DoS (bsc#957990).\n- CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190).\n- CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959399).\n- CVE-2015-8660: The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel attempted to merge distinct setattr operations, which allowed local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application (bnc#960281).\n- CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509).\n- CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765).\n- CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500).\n- CVE-2016-2069: A race in invalidating paging structures that were not in use locally could have lead to disclosoure of information or arbitrary code exectution (bnc#963767).\n\nThe following non-security bugs were fixed:\n- ACPI: Introduce apic_id in struct processor to save parsed APIC id (bsc#959463).\n- ACPI: Make it possible to get local x2apic id via _MAT (bsc#959463).\n- ACPI: use apic_id and remove duplicated _MAT evaluation (bsc#959463).\n- ACPICA: Correctly cleanup after a ACPI table load failure (bnc#937261).\n- Add sd_mod to initrd modules. For some reason PowerVM backend can't work without sd_mod\n- Do not modify perf bias performance setting by default at boot (bnc#812259, bsc#959629).\n- Documentation: Document kernel.panic_on_io_nmi sysctl (bsc#940946, bsc#937444).\n- Driver for IBM System i/p VNIC protocol\n- Drop blktap patches from SLE12, since the driver is unsupported\n- Improve fairness when locking the per-superblock s_anon list (bsc#957525, bsc#941363).\n- Input: aiptek - fix crash on detecting device without endpoints (bnc#956708).\n- NFSD: Do not start lockd when only NFSv4 is running\n- NFSv4: Recovery of recalled read delegations is broken (bsc#956514).\n- Replace with 176bed1d vmstat: explicitly schedule per-cpu work on the CPU we need it to run on\n- Revert 'ipv6: add complete rcu protection around np-\u003eopt' (bnc#961257).\n- Revert 874bbfe60 workqueue: make sure delayed work run in local cpu 1. Without 22b886dd, 874bbfe60 leads to timer corruption. 2. With 22b886dd applied, victim of 1 reports performance regression (1,2 https://lkml.org/lkml/2016/2/4/618) 3. Leads to scheduling work to offlined CPU (bnc#959463). SLERT: 4. NO_HZ_FULL regressession, unbound delayed work timer is no longer deflected to a housekeeper CPU.\n- be2net: fix some log messages (bnc#855062, bnc#867583).\n- blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976).\n- blktap: refine mm tracking (bsc#952976).\n- block: Always check queue limits for cloned requests (bsc#902606).\n- block: Always check queue limits for cloned requests (bsc#902606).\n- bnx2x: Add new device ids under the Qlogic vendor (bnc#964821).\n- btrfs: Add qgroup tracing (bnc#935087, bnc#945649).\n- btrfs: Update btrfs qgroup status item when rescan is done (bnc#960300).\n- btrfs: backref: Add special time_seq == (u64)-1 case for btrfs_find_all_roots() (bnc#935087, bnc#945649).\n- btrfs: backref: Do not merge refs which are not for same block (bnc#935087, bnc#945649).\n- btrfs: delayed-ref: Cleanup the unneeded functions (bnc#935087, bnc#945649).\n- btrfs: delayed-ref: Use list to replace the ref_root in ref_head (bnc#935087, bnc#945649).\n- btrfs: extent-tree: Use ref_node to replace unneeded parameters in __inc_extent_ref() and __free_extent() (bnc#935087, bnc#945649).\n- btrfs: fix comp_oper to get right order (bnc#935087, bnc#945649).\n- btrfs: fix deadlock between direct IO write and defrag/readpages (bnc#965344).\n- btrfs: fix leak in qgroup_subtree_accounting() error path (bnc#935087, bnc#945649).\n- btrfs: fix order by which delayed references are run (bnc#949440).\n- btrfs: fix qgroup sanity tests (bnc#951615).\n- btrfs: fix race waiting for qgroup rescan worker (bnc#960300).\n- btrfs: fix regression running delayed references when using qgroups (bnc#951615).\n- btrfs: fix regression when running delayed references (bnc#951615).\n- btrfs: fix sleeping inside atomic context in qgroup rescan worker (bnc#960300).\n- btrfs: keep dropped roots in cache until transaction commit (bnc#935087, bnc#945649).\n- btrfs: qgroup: Add function qgroup_update_counters() (bnc#935087, bnc#945649).\n- btrfs: qgroup: Add function qgroup_update_refcnt() (bnc#935087, bnc#945649).\n- btrfs: qgroup: Add new function to record old_roots (bnc#935087, bnc#945649).\n- btrfs: qgroup: Add new qgroup calculation function btrfs_qgroup_account_extents() (bnc#935087, bnc#945649).\n- btrfs: qgroup: Add the ability to skip given qgroup for old/new_roots (bnc#935087, bnc#945649).\n- btrfs: qgroup: Cleanup open-coded old/new_refcnt update and read (bnc#935087, bnc#945649).\n- btrfs: qgroup: Cleanup the old ref_node-oriented mechanism (bnc#935087, bnc#945649).\n- btrfs: qgroup: Do not copy extent buffer to do qgroup rescan (bnc#960300).\n- btrfs: qgroup: Fix a regression in qgroup reserved space (bnc#935087, bnc#945649).\n- btrfs: qgroup: Make snapshot accounting work with new extent-oriented qgroup (bnc#935087, bnc#945649).\n- btrfs: qgroup: Record possible quota-related extent for qgroup (bnc#935087, bnc#945649).\n- btrfs: qgroup: Switch rescan to new mechanism (bnc#935087, bnc#945649).\n- btrfs: qgroup: Switch self test to extent-oriented qgroup mechanism (bnc#935087, bnc#945649).\n- btrfs: qgroup: Switch to new extent-oriented qgroup mechanism (bnc#935087, bnc#945649).\n- btrfs: qgroup: account shared subtree during snapshot delete (bnc#935087, bnc#945649).\n- btrfs: qgroup: clear STATUS_FLAG_ON in disabling quota (bnc#960300).\n- btrfs: qgroup: exit the rescan worker during umount (bnc#960300).\n- btrfs: qgroup: fix quota disable during rescan (bnc#960300).\n- btrfs: qgroup: move WARN_ON() to the correct location (bnc#935087, bnc#945649).\n- btrfs: remove transaction from send (bnc#935087, bnc#945649).\n- btrfs: skip locking when searching commit root (bnc#963825).\n- btrfs: ulist: Add ulist_del() function (bnc#935087, bnc#945649).\n- btrfs: use btrfs_get_fs_root in resolve_indirect_ref (bnc#935087, bnc#945649).\n- crypto: nx - use common code for both NX decompress success cases (bsc#942476).\n- crypto: nx-842 - Mask XERS0 bit in return value (bsc#960221).\n- driver core: Add BUS_NOTIFY_REMOVED_DEVICE event (bnc#962965).\n- drivers/firmware/memmap.c: do not allocate firmware_map_entry of same memory range (bsc#959463).\n- drivers/firmware/memmap.c: do not create memmap sysfs of same firmware_map_entry (bsc#959463).\n- drivers/firmware/memmap.c: pass the correct argument to firmware_map_find_entry_bootmem() (bsc#959463).\n- e1000e: Do not read ICR in Other interrupt (bsc#924919).\n- e1000e: Do not write lsc to ics in msi-x mode (bsc#924919).\n- e1000e: Fix msi-x interrupt automask (bsc#924919).\n- e1000e: Remove unreachable code (bsc#924919).\n- fuse: break infinite loop in fuse_fill_write_pages() (bsc#963765).\n- group-source-files: mark module.lds as devel file ld: cannot open linker script file /usr/src/linux-4.2.5-1/arch/arm/kernel/module.lds: No such file or directory\n- ipv6: fix tunnel error handling (bsc#952579).\n- jbd2: Fix unreclaimed pages after truncate in data=journal mode (bsc#961516).\n- kABI: reintroduce blk_rq_check_limits.\n- kabi: protect struct acpi_processor signature (bsc#959463).\n- kernel/watchdog.c: perform all-CPU backtrace in case of hard lockup (bsc#940946, bsc#937444).\n- kernel: Change ASSIGN_ONCE(val, x) to WRITE_ONCE(x, val) (bsc#940946, bsc#937444).\n- kernel: Provide READ_ONCE and ASSIGN_ONCE (bsc#940946, bsc#937444).\n- kernel: inadvertent free of the vector register save area (bnc#961202).\n- kexec: Fix race between panic() and crash_kexec() (bsc#940946, bsc#937444).\n- kgr: Remove the confusing search for fentry\n- kgr: Safe way to avoid an infinite redirection\n- kgr: do not print error for !abort_if_missing symbols (bnc#943989).\n- kgr: do not use WQ_MEM_RECLAIM workqueue (bnc#963572).\n- kgr: log when modifying kernel\n- kgr: mark some more missed kthreads (bnc#962336).\n- kgr: usb/storage: do not emit thread awakened (bnc#899908).\n- kvm: Add arch specific mmu notifier for page invalidation (bsc#959463).\n- kvm: Make init_rmode_identity_map() return 0 on success (bsc#959463).\n- kvm: Remove ept_identity_pagetable from struct kvm_arch (bsc#959463).\n- kvm: Rename make_all_cpus_request() to kvm_make_all_cpus_request() and make it non-static (bsc#959463).\n- kvm: Use APIC_DEFAULT_PHYS_BASE macro as the apic access page address (bsc#959463).\n- kvm: vmx: Implement set_apic_access_page_addr (bsc#959463).\n- kvm: x86: Add request bit to reload APIC access page address (bsc#959463).\n- kvm: x86: Unpin and remove kvm_arch-\u003eapic_access_page (bsc#959463).\n- libiscsi: Fix host busy blocking during connection teardown.\n- lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392).\n- md/bitmap: do not pass -1 to bitmap_storage_alloc (bsc#955118).\n- md/bitmap: remove confusing code from filemap_get_page.\n- md/bitmap: remove rcu annotation from pointer arithmetic.\n- mem-hotplug: reset node managed pages when hot-adding a new pgdat (bsc#959463).\n- mem-hotplug: reset node present pages when hot-adding a new pgdat (bsc#959463).\n- memory-hotplug: clear pgdat which is allocated by bootmem in try_offline_node() (bsc#959463).\n- mm/memory_hotplug.c: check for missing sections in test_pages_in_a_zone() (VM Functionality, bnc#961588).\n- mm/mempolicy.c: convert the shared_policy lock to a rwlock (VM Performance, bnc#959436).\n- module: keep percpu symbols in module's symtab (bsc#962788).\n- nmi: provide the option to issue an NMI back trace to every cpu but current (bsc#940946, bsc#937444).\n- nmi: provide the option to issue an NMI back trace to every cpu but current (bsc#940946, bsc#937444).\n- nvme: Clear BIO_SEG_VALID flag in nvme_bio_split() (bsc#954992).\n- panic, x86: Allow CPUs to save registers even if looping in NMI context (bsc#940946, bsc#937444).\n- panic, x86: Fix re-entrance problem due to panic on NMI (bsc#940946, bsc#937444).\n- pci: Check for valid tags when calculating the VPD size (bsc#959146).\n- qeth: initialize net_device with carrier off (bnc#964230).\n- rpm/constraints.in: Bump disk space requirements up a bit Require 10GB on s390x, 20GB elsewhere.\n- rpm/kernel-binary.spec.in: Fix build if no UEFI certs are installed\n- rpm/kernel-binary.spec.in: Fix kernel-vanilla-devel dependency (bsc#959090)\n- rpm/kernel-binary.spec.in: Fix paths in kernel-vanilla-devel (bsc#959090).\n- rpm/kernel-binary.spec.in: Install libopenssl-devel for newer sign-file\n- rpm/kernel-binary.spec.in: Use bzip compression to speed up build (bsc#962356)\n- rpm/kernel-source.spec.in: Install kernel-macros for kernel-source-vanilla (bsc#959090)\n- rpm/kernel-spec-macros: Do not modify the release string in PTFs (bsc#963449)\n- rpm/package-descriptions: Add kernel-zfcpdump and drop -desktop\n- s390/cio: ensure consistent measurement state (bnc#964230).\n- s390/cio: fix measurement characteristics memleak (bnc#964230).\n- s390/cio: update measurement characteristics (bnc#964230).\n- s390/dasd: fix failfast for disconnected devices (bnc#961202).\n- s390/vtime: correct scaled cputime for SMT (bnc#964230).\n- s390/vtime: correct scaled cputime of partially idle CPUs (bnc#964230).\n- s390/vtime: limit MT scaling value updates (bnc#964230).\n- sched,numa: cap pte scanning overhead to 3% of run time (Automatic NUMA Balancing).\n- sched/fair: Care divide error in update_task_scan_period() (bsc#959463).\n- sched/fair: Disable tg load_avg/runnable_avg update for root_task_group (bnc#960227).\n- sched/fair: Move cache hot load_avg/runnable_avg into separate cacheline (bnc#960227).\n- sched/numa: Cap PTE scanning overhead to 3% of run time (Automatic NUMA Balancing).\n- sched: Fix race between task_group and sched_task_group (Automatic NUMA Balancing).\n- scsi: restart list search after unlock in scsi_remove_target (bsc#944749, bsc#959257).\n- supported.conf: Add more QEMU and VMware drivers to -base (bsc#965840).\n- supported.conf: Add netfilter modules to base (bsc#950292)\n- supported.conf: Add nls_iso8859-1 and nls_cp437 to -base (bsc#950292)\n- supported.conf: Add vfat to -base to be able to mount the ESP (bsc#950292).\n- supported.conf: Add virtio_{blk,net,scsi} to kernel-default-base (bsc#950292)\n- supported.conf: Also add virtio_pci to kernel-default-base (bsc#950292).\n- supported.conf: drop +external from ghash-clmulni-intel It was agreed that it does not make sense to maintain 'external' for this specific module. Furthermore it causes problems in rather ordinary VMware environments. (bsc#961971)\n- udp: properly support MSG_PEEK with truncated buffers (bsc#951199 bsc#959364).\n- x86, xsave: Support eager-only xsave features, add MPX support (bsc#938577).\n- x86/apic: Introduce apic_extnmi command line parameter (bsc#940946, bsc#937444).\n- x86/fpu/xstate: Do not assume the first zero xfeatures zero bit means the end (bsc#938577).\n- x86/fpu: Fix double-increment in setup_xstate_features() (bsc#938577).\n- x86/fpu: Remove xsave_init() bootmem allocations (bsc#938577).\n- x86/nmi: Save regs in crash dump on external NMI (bsc#940946, bsc#937444).\n- x86/nmi: Save regs in crash dump on external NMI (bsc#940946, bsc#937444).\n- xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set (bsc#957990 XSA-157).\n- xfs: add a few more verifier tests (bsc#947953).\n- xfs: fix double free in xlog_recover_commit_trans (bsc#947953).\n- xfs: recovery of XLOG_UNMOUNT_TRANS leaks memory (bsc#947953).\n","modified":"2026-02-04T04:40:40.107871Z","published":"2016-02-25T16:23:22Z","related":["CVE-2013-7446","CVE-2015-0272","CVE-2015-5707","CVE-2015-7550","CVE-2015-7799","CVE-2015-8215","CVE-2015-8539","CVE-2015-8543","CVE-2015-8550","CVE-2015-8551","CVE-2015-8569","CVE-2015-8575","CVE-2015-8660","CVE-2015-8767","CVE-2015-8785","CVE-2016-0723","CVE-2016-2069"],"upstream":["CVE-2013-7446","CVE-2015-0272","CVE-2015-5707","CVE-2015-7550","CVE-2015-7799","CVE-2015-8215","CVE-2015-8539","CVE-2015-8543","CVE-2015-8550","CVE-2015-8551","CVE-2015-8569","CVE-2015-8575","CVE-2015-8660","CVE-2015-8767","CVE-2015-8785","CVE-2016-0723","CVE-2016-2069"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20160585-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/812259"},{"type":"REPORT","url":"https://bugzilla.suse.com/855062"},{"type":"REPORT","url":"https://bugzilla.suse.com/867583"},{"type":"REPORT","url":"https://bugzilla.suse.com/899908"},{"type":"REPORT","url":"https://bugzilla.suse.com/902606"},{"type":"REPORT","url":"https://bugzilla.suse.com/924919"},{"type":"REPORT","url":"https://bugzilla.suse.com/935087"},{"type":"REPORT","url":"https://bugzilla.suse.com/937261"},{"type":"REPORT","url":"https://bugzilla.suse.com/937444"},{"type":"REPORT","url":"https://bugzilla.suse.com/938577"},{"type":"REPORT","url":"https://bugzilla.suse.com/940338"},{"type":"REPORT","url":"https://bugzilla.suse.com/940946"},{"type":"REPORT","url":"https://bugzilla.suse.com/941363"},{"type":"REPORT","url":"https://bugzilla.suse.com/942476"},{"type":"REPORT","url":"https://bugzilla.suse.com/943989"},{"type":"REPORT","url":"https://bugzilla.suse.com/944749"},{"type":"REPORT","url":"https://bugzilla.suse.com/945649"},{"type":"REPORT","url":"https://bugzilla.suse.com/947953"},{"type":"REPORT","url":"https://bugzilla.suse.com/949440"},{"type":"REPORT","url":"https://bugzilla.suse.com/949936"},{"type":"REPORT","url":"https://bugzilla.suse.com/950292"},{"type":"REPORT","url":"https://bugzilla.suse.com/951199"},{"type":"REPORT","url":"https://bugzilla.suse.com/951392"},{"type":"REPORT","url":"https://bugzilla.suse.com/951615"},{"type":"REPORT","url":"https://bugzilla.suse.com/952579"},{"type":"REPORT","url":"https://bugzilla.suse.com/952976"},{"type":"REPORT","url":"https://bugzilla.suse.com/954992"},{"type":"REPORT","url":"https://bugzilla.suse.com/955118"},{"type":"REPORT","url":"https://bugzilla.suse.com/955354"},{"type":"REPORT","url":"https://bugzilla.suse.com/955654"},{"type":"REPORT","url":"https://bugzilla.suse.com/956514"},{"type":"REPORT","url":"https://bugzilla.suse.com/956708"},{"type":"REPORT","url":"https://bugzilla.suse.com/957525"},{"type":"REPORT","url":"https://bugzilla.suse.com/957988"},{"type":"REPORT","url":"https://bugzilla.suse.com/957990"},{"type":"REPORT","url":"https://bugzilla.suse.com/958463"},{"type":"REPORT","url":"https://bugzilla.suse.com/958886"},{"type":"REPORT","url":"https://bugzilla.suse.com/958951"},{"type":"REPORT","url":"https://bugzilla.suse.com/959090"},{"type":"REPORT","url":"https://bugzilla.suse.com/959146"},{"type":"REPORT","url":"https://bugzilla.suse.com/959190"},{"type":"REPORT","url":"https://bugzilla.suse.com/959257"},{"type":"REPORT","url":"https://bugzilla.suse.com/959364"},{"type":"REPORT","url":"https://bugzilla.suse.com/959399"},{"type":"REPORT","url":"https://bugzilla.suse.com/959436"},{"type":"REPORT","url":"https://bugzilla.suse.com/959463"},{"type":"REPORT","url":"https://bugzilla.suse.com/959629"},{"type":"REPORT","url":"https://bugzilla.suse.com/960221"},{"type":"REPORT","url":"https://bugzilla.suse.com/960227"},{"type":"REPORT","url":"https://bugzilla.suse.com/960281"},{"type":"REPORT","url":"https://bugzilla.suse.com/960300"},{"type":"REPORT","url":"https://bugzilla.suse.com/961202"},{"type":"REPORT","url":"https://bugzilla.suse.com/961257"},{"type":"REPORT","url":"https://bugzilla.suse.com/961500"},{"type":"REPORT","url":"https://bugzilla.suse.com/961509"},{"type":"REPORT","url":"https://bugzilla.suse.com/961516"},{"type":"REPORT","url":"https://bugzilla.suse.com/961588"},{"type":"REPORT","url":"https://bugzilla.suse.com/961971"},{"type":"REPORT","url":"https://bugzilla.suse.com/962336"},{"type":"REPORT","url":"https://bugzilla.suse.com/962356"},{"type":"REPORT","url":"https://bugzilla.suse.com/962788"},{"type":"REPORT","url":"https://bugzilla.suse.com/962965"},{"type":"REPORT","url":"https://bugzilla.suse.com/963449"},{"type":"REPORT","url":"https://bugzilla.suse.com/963572"},{"type":"REPORT","url":"https://bugzilla.suse.com/963765"},{"type":"REPORT","url":"https://bugzilla.suse.com/963767"},{"type":"REPORT","url":"https://bugzilla.suse.com/963825"},{"type":"REPORT","url":"https://bugzilla.suse.com/964230"},{"type":"REPORT","url":"https://bugzilla.suse.com/964821"},{"type":"REPORT","url":"https://bugzilla.suse.com/965344"},{"type":"REPORT","url":"https://bugzilla.suse.com/965840"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2013-7446"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-0272"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5707"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-7550"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-7799"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8215"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8539"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8543"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8550"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8551"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8569"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8575"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8660"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8767"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8785"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-0723"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2069"}],"affected":[{"package":{"name":"kernel-default","ecosystem":"SUSE:Linux Enterprise Desktop 12 SP1","purl":"pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.53-60.30.1"}]}],"ecosystem_specific":{"binaries":[{"kernel-devel":"3.12.53-60.30.1","kernel-macros":"3.12.53-60.30.1","kernel-source":"3.12.53-60.30.1","kernel-xen":"3.12.53-60.30.1","kernel-xen-devel":"3.12.53-60.30.1","kernel-default-extra":"3.12.53-60.30.1","kernel-default-devel":"3.12.53-60.30.1","kernel-default":"3.12.53-60.30.1","kernel-syms":"3.12.53-60.30.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0585-1.json"}},{"package":{"name":"kernel-source","ecosystem":"SUSE:Linux Enterprise Desktop 12 SP1","purl":"pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.53-60.30.1"}]}],"ecosystem_specific":{"binaries":[{"kernel-devel":"3.12.53-60.30.1","kernel-macros":"3.12.53-60.30.1","kernel-source":"3.12.53-60.30.1","kernel-xen":"3.12.53-60.30.1","kernel-xen-devel":"3.12.53-60.30.1","kernel-default-extra":"3.12.53-60.30.1","kernel-default-devel":"3.12.53-60.30.1","kernel-default":"3.12.53-60.30.1","kernel-syms":"3.12.53-60.30.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0585-1.json"}},{"package":{"name":"kernel-syms","ecosystem":"SUSE:Linux Enterprise Desktop 12 SP1","purl":"pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.53-60.30.1"}]}],"ecosystem_specific":{"binaries":[{"kernel-devel":"3.12.53-60.30.1","kernel-macros":"3.12.53-60.30.1","kernel-source":"3.12.53-60.30.1","kernel-xen":"3.12.53-60.30.1","kernel-xen-devel":"3.12.53-60.30.1","kernel-default-extra":"3.12.53-60.30.1","kernel-default-devel":"3.12.53-60.30.1","kernel-default":"3.12.53-60.30.1","kernel-syms":"3.12.53-60.30.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0585-1.json"}},{"package":{"name":"kernel-xen","ecosystem":"SUSE:Linux Enterprise Desktop 12 SP1","purl":"pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.53-60.30.1"}]}],"ecosystem_specific":{"binaries":[{"kernel-devel":"3.12.53-60.30.1","kernel-macros":"3.12.53-60.30.1","kernel-source":"3.12.53-60.30.1","kernel-xen":"3.12.53-60.30.1","kernel-xen-devel":"3.12.53-60.30.1","kernel-default-extra":"3.12.53-60.30.1","kernel-default-devel":"3.12.53-60.30.1","kernel-default":"3.12.53-60.30.1","kernel-syms":"3.12.53-60.30.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0585-1.json"}},{"package":{"name":"kgraft-patch-SLE12-SP1_Update_3","ecosystem":"SUSE:Linux Enterprise Live Patching 12","purl":"pkg:rpm/suse/kgraft-patch-SLE12-SP1_Update_3&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1-2.1"}]}],"ecosystem_specific":{"binaries":[{"kgraft-patch-3_12_53-60_30-default":"1-2.1","kgraft-patch-3_12_53-60_30-xen":"1-2.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0585-1.json"}},{"package":{"name":"kernel-ec2","ecosystem":"SUSE:Linux Enterprise Module for Public Cloud 12","purl":"pkg:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.53-60.30.1"}]}],"ecosystem_specific":{"binaries":[{"kernel-ec2-extra":"3.12.53-60.30.1","kernel-ec2":"3.12.53-60.30.1","kernel-ec2-devel":"3.12.53-60.30.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0585-1.json"}},{"package":{"name":"kernel-docs","ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP1","purl":"pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.53-60.30.2"}]}],"ecosystem_specific":{"binaries":[{"kernel-obs-build":"3.12.53-60.30.2","kernel-docs":"3.12.53-60.30.2"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0585-1.json"}},{"package":{"name":"kernel-obs-build","ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP1","purl":"pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.53-60.30.2"}]}],"ecosystem_specific":{"binaries":[{"kernel-obs-build":"3.12.53-60.30.2","kernel-docs":"3.12.53-60.30.2"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0585-1.json"}},{"package":{"name":"kernel-default","ecosystem":"SUSE:Linux Enterprise Server 12 SP1","purl":"pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.53-60.30.1"}]}],"ecosystem_specific":{"binaries":[{"lttng-modules-kmp-default":"2.7.0_k3.12.53_60.30-3.1","kernel-devel":"3.12.53-60.30.1","kernel-macros":"3.12.53-60.30.1","kernel-source":"3.12.53-60.30.1","kernel-default-base":"3.12.53-60.30.1","kernel-xen":"3.12.53-60.30.1","kernel-xen-devel":"3.12.53-60.30.1","kernel-xen-base":"3.12.53-60.30.1","kernel-syms":"3.12.53-60.30.1","lttng-modules":"2.7.0-3.1","kernel-default":"3.12.53-60.30.1","kernel-default-devel":"3.12.53-60.30.1","kernel-default-man":"3.12.53-60.30.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0585-1.json"}},{"package":{"name":"kernel-source","ecosystem":"SUSE:Linux Enterprise Server 12 SP1","purl":"pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.53-60.30.1"}]}],"ecosystem_specific":{"binaries":[{"lttng-modules-kmp-default":"2.7.0_k3.12.53_60.30-3.1","kernel-devel":"3.12.53-60.30.1","kernel-macros":"3.12.53-60.30.1","kernel-source":"3.12.53-60.30.1","kernel-default-base":"3.12.53-60.30.1","kernel-xen":"3.12.53-60.30.1","kernel-xen-devel":"3.12.53-60.30.1","kernel-xen-base":"3.12.53-60.30.1","kernel-syms":"3.12.53-60.30.1","lttng-modules":"2.7.0-3.1","kernel-default":"3.12.53-60.30.1","kernel-default-devel":"3.12.53-60.30.1","kernel-default-man":"3.12.53-60.30.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0585-1.json"}},{"package":{"name":"kernel-syms","ecosystem":"SUSE:Linux Enterprise Server 12 SP1","purl":"pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.53-60.30.1"}]}],"ecosystem_specific":{"binaries":[{"lttng-modules-kmp-default":"2.7.0_k3.12.53_60.30-3.1","kernel-devel":"3.12.53-60.30.1","kernel-macros":"3.12.53-60.30.1","kernel-source":"3.12.53-60.30.1","kernel-default-base":"3.12.53-60.30.1","kernel-xen":"3.12.53-60.30.1","kernel-xen-devel":"3.12.53-60.30.1","kernel-xen-base":"3.12.53-60.30.1","kernel-syms":"3.12.53-60.30.1","lttng-modules":"2.7.0-3.1","kernel-default":"3.12.53-60.30.1","kernel-default-devel":"3.12.53-60.30.1","kernel-default-man":"3.12.53-60.30.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0585-1.json"}},{"package":{"name":"kernel-xen","ecosystem":"SUSE:Linux Enterprise Server 12 SP1","purl":"pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.53-60.30.1"}]}],"ecosystem_specific":{"binaries":[{"lttng-modules-kmp-default":"2.7.0_k3.12.53_60.30-3.1","kernel-devel":"3.12.53-60.30.1","kernel-macros":"3.12.53-60.30.1","kernel-source":"3.12.53-60.30.1","kernel-default-base":"3.12.53-60.30.1","kernel-xen":"3.12.53-60.30.1","kernel-xen-devel":"3.12.53-60.30.1","kernel-xen-base":"3.12.53-60.30.1","kernel-syms":"3.12.53-60.30.1","lttng-modules":"2.7.0-3.1","kernel-default":"3.12.53-60.30.1","kernel-default-devel":"3.12.53-60.30.1","kernel-default-man":"3.12.53-60.30.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0585-1.json"}},{"package":{"name":"lttng-modules","ecosystem":"SUSE:Linux Enterprise Server 12 SP1","purl":"pkg:rpm/suse/lttng-modules&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.0-3.1"}]}],"ecosystem_specific":{"binaries":[{"lttng-modules-kmp-default":"2.7.0_k3.12.53_60.30-3.1","kernel-devel":"3.12.53-60.30.1","kernel-macros":"3.12.53-60.30.1","kernel-source":"3.12.53-60.30.1","kernel-default-base":"3.12.53-60.30.1","kernel-xen":"3.12.53-60.30.1","kernel-xen-devel":"3.12.53-60.30.1","kernel-xen-base":"3.12.53-60.30.1","kernel-syms":"3.12.53-60.30.1","lttng-modules":"2.7.0-3.1","kernel-default":"3.12.53-60.30.1","kernel-default-devel":"3.12.53-60.30.1","kernel-default-man":"3.12.53-60.30.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0585-1.json"}},{"package":{"name":"kernel-default","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP1","purl":"pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.53-60.30.1"}]}],"ecosystem_specific":{"binaries":[{"lttng-modules-kmp-default":"2.7.0_k3.12.53_60.30-3.1","kernel-devel":"3.12.53-60.30.1","kernel-macros":"3.12.53-60.30.1","kernel-source":"3.12.53-60.30.1","kernel-default-base":"3.12.53-60.30.1","kernel-xen":"3.12.53-60.30.1","kernel-xen-devel":"3.12.53-60.30.1","kernel-xen-base":"3.12.53-60.30.1","kernel-syms":"3.12.53-60.30.1","lttng-modules":"2.7.0-3.1","kernel-default":"3.12.53-60.30.1","kernel-default-devel":"3.12.53-60.30.1","kernel-default-man":"3.12.53-60.30.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0585-1.json"}},{"package":{"name":"kernel-source","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP1","purl":"pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.53-60.30.1"}]}],"ecosystem_specific":{"binaries":[{"lttng-modules-kmp-default":"2.7.0_k3.12.53_60.30-3.1","kernel-devel":"3.12.53-60.30.1","kernel-macros":"3.12.53-60.30.1","kernel-source":"3.12.53-60.30.1","kernel-default-base":"3.12.53-60.30.1","kernel-xen":"3.12.53-60.30.1","kernel-xen-devel":"3.12.53-60.30.1","kernel-xen-base":"3.12.53-60.30.1","kernel-syms":"3.12.53-60.30.1","lttng-modules":"2.7.0-3.1","kernel-default":"3.12.53-60.30.1","kernel-default-devel":"3.12.53-60.30.1","kernel-default-man":"3.12.53-60.30.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0585-1.json"}},{"package":{"name":"kernel-syms","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP1","purl":"pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.53-60.30.1"}]}],"ecosystem_specific":{"binaries":[{"lttng-modules-kmp-default":"2.7.0_k3.12.53_60.30-3.1","kernel-devel":"3.12.53-60.30.1","kernel-macros":"3.12.53-60.30.1","kernel-source":"3.12.53-60.30.1","kernel-default-base":"3.12.53-60.30.1","kernel-xen":"3.12.53-60.30.1","kernel-xen-devel":"3.12.53-60.30.1","kernel-xen-base":"3.12.53-60.30.1","kernel-syms":"3.12.53-60.30.1","lttng-modules":"2.7.0-3.1","kernel-default":"3.12.53-60.30.1","kernel-default-devel":"3.12.53-60.30.1","kernel-default-man":"3.12.53-60.30.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0585-1.json"}},{"package":{"name":"kernel-xen","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP1","purl":"pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.53-60.30.1"}]}],"ecosystem_specific":{"binaries":[{"lttng-modules-kmp-default":"2.7.0_k3.12.53_60.30-3.1","kernel-devel":"3.12.53-60.30.1","kernel-macros":"3.12.53-60.30.1","kernel-source":"3.12.53-60.30.1","kernel-default-base":"3.12.53-60.30.1","kernel-xen":"3.12.53-60.30.1","kernel-xen-devel":"3.12.53-60.30.1","kernel-xen-base":"3.12.53-60.30.1","kernel-syms":"3.12.53-60.30.1","lttng-modules":"2.7.0-3.1","kernel-default":"3.12.53-60.30.1","kernel-default-devel":"3.12.53-60.30.1","kernel-default-man":"3.12.53-60.30.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0585-1.json"}},{"package":{"name":"lttng-modules","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP1","purl":"pkg:rpm/suse/lttng-modules&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.0-3.1"}]}],"ecosystem_specific":{"binaries":[{"lttng-modules-kmp-default":"2.7.0_k3.12.53_60.30-3.1","kernel-devel":"3.12.53-60.30.1","kernel-macros":"3.12.53-60.30.1","kernel-source":"3.12.53-60.30.1","kernel-default-base":"3.12.53-60.30.1","kernel-xen":"3.12.53-60.30.1","kernel-xen-devel":"3.12.53-60.30.1","kernel-xen-base":"3.12.53-60.30.1","kernel-syms":"3.12.53-60.30.1","lttng-modules":"2.7.0-3.1","kernel-default":"3.12.53-60.30.1","kernel-default-devel":"3.12.53-60.30.1","kernel-default-man":"3.12.53-60.30.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0585-1.json"}},{"package":{"name":"kernel-default","ecosystem":"SUSE:Linux Enterprise Workstation Extension 12 SP1","purl":"pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.53-60.30.1"}]}],"ecosystem_specific":{"binaries":[{"kernel-default-extra":"3.12.53-60.30.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0585-1.json"}}],"schema_version":"1.7.3"}