SuSE: 2017:0764-1: important: Linux Kernel Live Patch 10 for SLE 12 SP1
Summary
This update for the Linux Kernel 3.12.67-60_64_21 fixes several issues. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). The following non-security bug was fixed: - Fix for a "Data miscompare on a read" which was observed during the rebuilding of degraded MDRAID VDs. (bsc#1025254) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-431=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_67-60_64_21-default-4-2.1 kgraft-patch-3_12_67-60_64_21-xen-4-2.1
References
#1025013 #1025254
Cross- CVE-2017-5970
Affected Products:
SUSE Linux Enterprise Live Patching 12
https://www.suse.com/security/cve/CVE-2017-5970.html
https://bugzilla.suse.com/1025013
https://bugzilla.suse.com/1025254