The SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2015-1339: Memory leak in the cuse_channel_release function in
fs/fuse/cuse.c in the Linux kernel allowed local users to cause a denial
of service (memory consumption) or possibly have unspecified other impact
by opening /dev/cuse many times (bnc#969356).
- CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c
in the Linux kernel allowed physically proximate attackers to cause
a denial of service (NULL pointer dereference and system crash) or
possibly have unspecified other impact by inserting a USB device that
lacks a bulk-out endpoint (bnc#961512).
- CVE-2015-8551: The PCI backend driver in Xen, when running on an
x86 system and using Linux 3.1.x through 4.3.x as the driver domain,
allowed local guest administrators to hit BUG conditions and cause
a denial of service (NULL pointer dereference and host OS crash) by
leveraging a system with access to a passed-through MSI or MSI-X capable
physical PCI device and a crafted sequence of XEN_PCI_OP_* operations,
aka 'Linux pciback missing sanity checks (bnc#957990).
- CVE-2015-8552: The PCI backend driver in Xen, when running on an
x86 system and using Linux 3.1.x through 4.3.x as the driver domain,
allowed local guest administrators to generate a continuous stream
of WARN messages and cause a denial of service (disk consumption)
by leveraging a system with access to a passed-through MSI or MSI-X
capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka
'Linux pciback missing sanity checks (bnc#957990).
- CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in
the Linux kernel did not properly maintain a hub-interface data structure,
which allowed physically proximate attackers to cause a denial of service
(invalid memory access and system crash) or possibly have unspecified
other...