The SUSE Linux Enterprise 11 SP3 Realtime kernel was updated to receive various security and bugfixes.
Following security bugs were fixed:
- CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS
users to cause a denial of service (host OS panic or hang) by triggering
many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).
- CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS
users to cause a denial of service (host OS panic or hang) by triggering
many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c
(bnc#953527).
- CVE-2015-7990: RDS: Verify the underlying transport exists before
creating a connection, preventing possible DoS (bsc#952384, CVE-2015-7990).
- CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on
the x86_64 platform mishandled IRET faults in processing NMIs that
occurred during userspace execution, which might allow local users to
gain privileges by triggering an NMI (bnc#937969 bnc#937970 bnc#938706
bnc#939207).
- CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c
in the Linux kernel allowed local users to cause a denial of service
(OOPS) via crafted keyctl commands (bnc#951440).
- CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux
kernel did not validate attempted changes to the MTU value, which allowed
context-dependent attackers to cause a denial of service (packet loss)
via a value that is (1) smaller than the minimum compliant value or
(2) larger than the MTU of an interface, as demonstrated by a Router
Advertisement (RA) message that is not validated by a daemon, a different
vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is
limited to the NetworkManager product. (bnc#955354).
- CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c
in the Linux kernel allowed local users to cause a denial of service
(NULL pointer dereference and system crash) or possibly have...