VYPR

rpm package

suse/lttng-modules&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP1

pkg:rpm/suse/lttng-modules&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1

Vulnerabilities (56)

  • CVE-2015-8550HigApr 14, 2016
    affected < 2.7.0-3.1fixed 2.7.0-3.1

    Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.

  • CVE-2015-8551MedApr 13, 2016
    affected < 2.7.0-3.1fixed 2.7.0-3.1

    The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with ac

  • CVE-2016-0723MedFeb 8, 2016
    affected < 2.7.0-3.1fixed 2.7.0-3.1

    Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processin

  • CVE-2015-8785MedFeb 8, 2016
    affected < 2.7.0-3.1fixed 2.7.0-3.1

    The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.

  • CVE-2015-8767MedFeb 8, 2016
    affected < 2.7.0-3.1fixed 2.7.0-3.1

    net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.

  • CVE-2015-8575MedFeb 8, 2016
    affected < 2.7.0-3.1fixed 2.7.0-3.1

    The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.

  • CVE-2015-8539HigFeb 8, 2016
    affected < 2.7.0-3.1fixed 2.7.0-3.1

    The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/key

  • CVE-2015-7550MedFeb 8, 2016
    affected < 2.7.0-3.1fixed 2.7.0-3.1

    The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted app

  • CVE-2015-8660MedDec 28, 2015
    affected < 2.7.0-3.1fixed 2.7.0-3.1

    The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

  • CVE-2015-8569LowDec 28, 2015
    affected < 2.7.0-3.1fixed 2.7.0-3.1

    The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted applic

  • CVE-2015-8543HigDec 28, 2015
    affected < 2.7.0-3.1fixed 2.7.0-3.1

    The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash)

  • CVE-2013-7446MedDec 28, 2015
    affected < 2.7.0-3.1fixed 2.7.0-3.1

    Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.

  • CVE-2015-0272Nov 17, 2015
    affected < 2.7.0-3.1fixed 2.7.0-3.1

    GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.

  • CVE-2015-8215Nov 16, 2015
    affected < 2.7.0-3.1fixed 2.7.0-3.1

    net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) l

  • CVE-2015-7799Oct 19, 2015
    affected < 2.7.0-3.1fixed 2.7.0-3.1

    The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call.

  • CVE-2015-5707Oct 19, 2015
    affected < 2.7.0-3.1fixed 2.7.0-3.1

    Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request.

Page 3 of 3