The SLE-11 SP4 kernel was updated to 3.0.101.rt130-68 to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2017-5551: The simple_set_acl function in fs/posix_acl.c in the Linux kernel preserved the setgid bit during
a setxattr call involving a tmpfs filesystem, which allowed local users to gain group privileges by leveraging the
existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of
an incomplete fix for CVE-2016-7097 (bnc#1021258).
- CVE-2016-7097: posix_acl: Clear SGID bit when setting file permissions (bsc#995968).
- CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations
where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or
cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and
drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710).
- CVE-2016-5696: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and
cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet,
especially in protocols that use long-lived connections, such as BGP (bnc#989152).
- CVE-2015-1350: Denial of service in notify_change for filesystem xattrs (bsc#914939).
- CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship
between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause
a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831).
- CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could have enabled a local
malicious application...