SUSE: 2015:0832-1 Important: kgraft Patch For Denial Of Service
suse
May 7, 2015
An update that solves one vulnerability and has one errata An update that solves one vulnerability and has one errata An update that solves one vulnerability and has one errata is ...
Summary
This update supplies kgraft patches to fix one security vulnerability. CVE-2015-1421: A use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel allowed remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data. This patch supplies kgraft patches for the first kernel update and the second kernel update published for SUSE Linux Enterprise Server 12. The third kernel update contains the patch already. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12:
Topics Covered
References
#920633 #922004
Cross- CVE-2015-1421
Affected Products:
SUSE Linux Enterprise Live Patching 12
https://www.suse.com/security/cve/CVE-2015-1421.html
https://bugzilla.suse.com/show_bug.cgi?id=920633
https://bugzilla.suse.com/show_bug.cgi?id=922004
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2015:0832-1
Rating: important
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!