{"id":"SUSE-SU-2017:1281-1","summary":"Security update for Linux Kernel Live Patch 20 for SLE 12","details":"\nThis update the for Linux Kernel 3.12.61-52.69 fixes one issue.\n\nThe following security bug was fixed:\n\n- CVE-2017-5970: The ipv4_pktinfo_prepare function in\n  net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a\n  denial of service (system crash) via (1) an application that made\n  crafted system calls or possibly (2) IPv4 traffic with invalid IP\n  options (bsc#1025013).\n- CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1030575, bsc#1031660).\n","modified":"2026-02-04T04:26:13.471784Z","published":"2017-05-15T15:58:36Z","related":["CVE-2017-5970","CVE-2017-7308"],"upstream":["CVE-2017-5970","CVE-2017-7308"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20171281-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1025013"},{"type":"REPORT","url":"https://bugzilla.suse.com/1030575"},{"type":"REPORT","url":"https://bugzilla.suse.com/1031660"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5970"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7308"}],"affected":[{"package":{"name":"kgraft-patch-SLE12_Update_20","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12","purl":"pkg:rpm/suse/kgraft-patch-SLE12_Update_20&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2-4.1"}]}],"ecosystem_specific":{"binaries":[{"kgraft-patch-3_12_61-52_69-xen":"2-4.1","kgraft-patch-3_12_61-52_69-default":"2-4.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:1281-1.json"}},{"package":{"name":"kgraft-patch-SLE12_Update_20","ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","purl":"pkg:rpm/suse/kgraft-patch-SLE12_Update_20&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2-4.1"}]}],"ecosystem_specific":{"binaries":[{"kgraft-patch-3_12_61-52_69-xen":"2-4.1","kgraft-patch-3_12_61-52_69-default":"2-4.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:1281-1.json"}}],"schema_version":"1.7.3"}