The SUSE Linux Enterprise 12 kernel was updated to 3.12.55 to receive various security and bugfixes.
Features added:
- A improved XEN blkfront module was added, which allows more I/O bandwidth. (FATE#320625)
It is called xen-blkfront in PV, and xen-vbd-upstream in HVM mode.
The following security bugs were fixed:
- CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in
the Linux kernel allowed local users to bypass intended AF_UNIX socket
permissions or cause a denial of service (panic) via crafted epoll_ctl
calls (bnc#955654).
- CVE-2015-5707: Integer overflow in the sg_start_req function in
drivers/scsi/sg.c in the Linux kernel allowed local users to cause a
denial of service or possibly have unspecified other impact via a large
iov_count value in a write request (bnc#940338).
- CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and
gid mappings, which allowed local users to gain privileges by establishing
a user namespace, waiting for a root process to enter that namespace
with an unsafe uid or gid, and then using the ptrace system call. NOTE:
the vendor states 'there is no kernel bug here' (bnc#959709 bnc#960561).
- CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not
properly manage the relationship between a lock and a socket, which
allowed local users to cause a denial of service (deadlock) via a crafted
sctp_accept call (bnc#961509).
- CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c
in the Linux kernel allowed local users to cause a denial of service
(infinite loop) via a writev system call that triggers a zero length
for the first segment of an iov (bnc#963765).
- CVE-2015-8812: A use-after-free flaw was found in the CXGB3 kernel
driver when the network was considered to be congested. This could be
used by local attackers to cause machine crashes or potentially code
executuon (bsc#966437).
- CVE-2016-0723: Race condition in the tty_ioctl function in...