The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2017-1000251: The native Bluetooth stack was vulnerable to a stack
overflow vulnerability in the processing of L2CAP configuration responses
resulting in remote code execution in kernel space (bnc#1057389).
- CVE-2017-14340: The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h did not
verify that a filesystem has a realtime device, which allowed local users to
cause a denial of service (NULL pointer dereference and OOPS) via vectors
related to setting an RHINHERIT flag on a directory (bnc#1058524).
- CVE-2017-14140: The move_pages system call in mm/migrate.c did not check the
effective uid of the target process, enabling a local attacker to learn the
memory layout of a setuid executable despite ASLR (bnc#1057179).
- CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl
function in drivers/scsi/qla2xxx/qla_attr.c allowed local users to cause a
denial of service (memory corruption and system crash) by leveraging root
access (bnc#1056588).
- CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain
privileges or cause a denial of service (list corruption or use-after-free) via
simultaneous file-descriptor operations that leverage improper might_cancel
queueing (bnc#1053152).
- CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c a user-controlled buffer was
copied into a local buffer of constant size using strcpy without a length check
which can cause a buffer overflow (bnc#1053148).
- CVE-2017-8831: The saa7164_bus_get function allowed local users to cause a
denial of service (out-of-bounds array access) or possibly have unspecified
other impact by changing a certain sequence-number value, aka a 'double fetch'
vulnerability (bnc#1037994).
- CVE-2017-1000112: Prevent race condition in net-packet code that could have
been exploited by unprivileged users to...