Bugzilla – Bug 964730
VUL-0: CVE-2016-0774: kernel: pipe buffer state corruption after unsuccessful atomic read from pipe
Last modified: 2016-08-31 16:21:33 UTC
Quoting from RH bugzilla: "It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync, potentially resulting in pipe buffer overrun on failed atomic read. A local, unprivileged user could use this flaw to crash the system. Upstream Linux kernel is not affected by this flaw as it was introduced by the Red Hat Enterprise Linux only fix for CVE-2015-1805. Acknowledgements: The security impact of this issue was discovered by Red Hat." rh#1303961 References: https://bugzilla.redhat.com/show_bug.cgi?id=1303961 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0774
I went through my stable@ inbox and can see: http://article.gmane.org/gmane.linux.kernel.stable/164635 It has just gone into stable-3.12.
Ok, want me to apply it to SLE12 or are you going to? Thanks.
Ok, fix is in SLE12{,-SP1}. Bouncing back.
SUSE-SU-2016:0785-1: An update that solves 10 vulnerabilities and has 66 fixes is now available. Category: security (important) Bug References: 812259,816099,855062,867583,884701,899908,922071,937444,940338,940946,941363,943989,945219,947953,949752,950292,951155,955308,955654,956084,956514,957525,957986,959090,959146,959257,959463,959629,959709,960174,960227,960458,960561,960629,961257,961500,961509,961516,961588,961658,961971,962336,962356,962788,962965,963193,963449,963572,963746,963765,963767,963825,963960,964201,964730,965199,965344,965830,965840,965891,966026,966094,966278,966437,966471,966693,966864,966910,967802,968018,968074,968206,968230,968234,968253,969112 CVE References: CVE-2013-7446,CVE-2015-5707,CVE-2015-8709,CVE-2015-8767,CVE-2015-8785,CVE-2015-8812,CVE-2016-0723,CVE-2016-0774,CVE-2016-2069,CVE-2016-2384 Sources used: SUSE Linux Enterprise Workstation Extension 12 (src): kernel-default-3.12.55-52.42.1 SUSE Linux Enterprise Software Development Kit 12 (src): kernel-docs-3.12.55-52.42.2, kernel-obs-build-3.12.55-52.42.2 SUSE Linux Enterprise Server 12 (src): kernel-default-3.12.55-52.42.1, kernel-source-3.12.55-52.42.1, kernel-syms-3.12.55-52.42.1, kernel-xen-3.12.55-52.42.1 SUSE Linux Enterprise Module for Public Cloud 12 (src): kernel-ec2-3.12.55-52.42.1 SUSE Linux Enterprise Live Patching 12 (src): kgraft-patch-SLE12_Update_12-1-2.1 SUSE Linux Enterprise Desktop 12 (src): kernel-default-3.12.55-52.42.1, kernel-source-3.12.55-52.42.1, kernel-syms-3.12.55-52.42.1, kernel-xen-3.12.55-52.42.1
SUSE-SU-2016:1019-1: An update that solves 9 vulnerabilities and has 70 fixes is now available. Category: security (important) Bug References: 816099,867251,875631,880007,943645,944749,945219,949752,955308,956084,956852,957986,959146,959257,959463,959709,960174,960458,960561,960629,961257,961500,961516,961588,961658,963193,963746,963765,963827,963960,964201,964730,965087,965199,965830,965891,965924,966026,966094,966278,966437,966471,966693,966831,966864,966910,967047,967292,967299,967650,967651,967802,967903,968010,968018,968074,968141,968206,968230,968234,968253,968448,968512,968643,968670,969112,969439,969571,969655,969690,969735,969992,969993,970062,970160,970249,970909,971125,971360 CVE References: CVE-2015-8709,CVE-2015-8812,CVE-2015-8816,CVE-2016-2143,CVE-2016-2184,CVE-2016-2384,CVE-2016-2782,CVE-2016-3139,CVE-2016-3156 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP1 (src): kernel-default-3.12.57-60.35.1 SUSE Linux Enterprise Software Development Kit 12-SP1 (src): kernel-docs-3.12.57-60.35.3, kernel-obs-build-3.12.57-60.35.1 SUSE Linux Enterprise Server 12-SP1 (src): kernel-default-3.12.57-60.35.1, kernel-source-3.12.57-60.35.1, kernel-syms-3.12.57-60.35.1, kernel-xen-3.12.57-60.35.1 SUSE Linux Enterprise Module for Public Cloud 12 (src): kernel-ec2-3.12.57-60.35.1 SUSE Linux Enterprise Live Patching 12 (src): kgraft-patch-SLE12-SP1_Update_4-1-2.3 SUSE Linux Enterprise Desktop 12-SP1 (src): kernel-default-3.12.57-60.35.1, kernel-source-3.12.57-60.35.1, kernel-syms-3.12.57-60.35.1, kernel-xen-3.12.57-60.35.1
released