The SUSE Linux Enterprise 12 rt-kernel was updated to 3.12.69 to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2015-8962: Fixed a double free vulnerability in the SCSI subsystem that allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) (bnc#1010501).
- CVE-2015-8963: Fixed a race condition in kernel/events/core.c that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1010502).
- CVE-2015-8964: Fixed a bug in the tty_set_termios_ldisc function that allowed local users to obtain sensitive information from kernel memory (bnc#1010507).
- CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) (bnc#1017710).
- CVE-2016-7910: Fixed a use-after-free vulnerability in the block subsystem that allowed local users to gain privileges (bnc#1010716).
- CVE-2016-7911: Fixed a race condition in the get_task_ioprio function that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1010711).
- CVE-2016-7913: Fixed a bug in the xc2028_set_config function that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1010478).
- CVE-2016-7914: The assoc_array_insert_into_terminal_node function did not check whether a slot is a leaf, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) (bnc#1010475).
- CVE-2016-8399: Fixed a bug in the kernel networking subsystem that could have enabled a local malicious application to execute arbitrary code within the context of the kernel. (bnc#1014746).
- CVE-2016-8632: The net subsystem did not validate the relationship between...