{"affected":[{"ecosystem_specific":{"binaries":[{"kgraft-patch-3_12_43-52_6-default":"2-6.1","kgraft-patch-3_12_43-52_6-xen":"2-6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Live Patching 12","name":"kgraft-patch-SLE12_Update_5","purl":"pkg:rpm/suse/kgraft-patch-SLE12_Update_5&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2-6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update contains a kernel live patch for the 3.12.43-52.6 SUSE Linux Enterprise\nServer 12 Kernel, fixing following security issues.\n\n- CVE-2015-5364/CVE-2015-5366: Two denial of service attacks via a flood\n  of UDP packets with invalid checksums were fixed that could be used\n  by remote attackers to delay execution. (bsc#939276)\n\n- CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in\n  fs/pipe.c in the Linux kernel did not properly consider the side effects\n  of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls,\n  which allowed local users to cause a denial of service (system crash)\n  or possibly gain privileges via a crafted application, aka an 'I/O vector\n  array overrun.' (bsc#939270)\n\n- CVE-2015-4700: A BPF Jit optimization flaw could allow local users\n  to panic the kernel. (bsc#939273)\n","id":"SUSE-SU-2015:1490-1","modified":"2015-08-14T12:59:33Z","published":"2015-08-14T12:59:33Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2015/suse-su-20151490-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/939044"},{"type":"REPORT","url":"https://bugzilla.suse.com/939270"},{"type":"REPORT","url":"https://bugzilla.suse.com/939273"},{"type":"REPORT","url":"https://bugzilla.suse.com/939276"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-1805"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4700"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5364"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5366"}],"related":["CVE-2015-1805","CVE-2015-4700","CVE-2015-5364","CVE-2015-5366"],"summary":"Live patch for the Linux Kernel","upstream":["CVE-2015-1805","CVE-2015-4700","CVE-2015-5364","CVE-2015-5366"]}