[security-announce] openSUSE-SU-2015:1842-1: important: Security update for the Linux Kernel

news · October 29, 2015

openSUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID: openSUSE-SU-2015:1842-1

Rating: important

References: #919154 #926238 #937969 #938645 #939834 #940338

#941104 #941305 #941867 #942178 #944296 #947155

#951195 #951440

Cross-References: CVE-2015-0272 CVE-2015-1333 CVE-2015-2925

CVE-2015-3290 CVE-2015-5283 CVE-2015-5707

CVE-2015-7872

Affected Products:

openSUSE 13.2

______________________________________________________________________________

An update that solves 7 vulnerabilities and has 7 fixes is

now available.

Description:

The openSUSE 13.2 kernel was updated to receive various security and

bugfixes.

Following security bugs were fixed:

* CVE-2015-3290: arch/x86/entry/entry_64.S in the Linux kernel on the

x86_64 platform improperly relied on espfix64 during nested NMI

processing, which allowed local users to gain privileges by triggering

an NMI within a certain instruction window (bnc#937969)

* CVE-2015-0272: It was reported that it's possible to craft a Router

Advertisement message which will bring the receiver in a state where new

IPv6 connections will not be accepted until correct Router Advertisement

message received. (bsc#944296).

* CVE-2015-5283: The sctp_init function in net/sctp/protocol.c in the

Linux kernel had an incorrect sequence of protocol-initialization steps,

which allowed local users to cause a denial of service (panic or memory

corruption) by creating SCTP sockets before all of the steps have

finished (bnc#947155).

* CVE-2015-1333: Memory leak in the __key_link_end function in

security/keys/keyring.c in the Linux kernel allowed local users to cause

a denial of service (memory consumption) via many add_key system calls

that refer to existing keys. (bsc#938645)

* CVE-2015-5707: Integer overflow in the sg_start_req function in

drivers/scsi/sg.c in the Linux kernel allowed local users to cause a

denial of service or possibly have unspecified other impact via a large

iov_count value in a write request. (bsc#940338)

* CVE-2015-2925: An attacker could potentially break out of a namespace

or container, depending on if he had specific rights in these

containers. (bsc#926238).

* CVE-2015-7872: A vulnerability in keyrings garbage collector allowed a

local user to trigger an oops was found, caused by using request_key()

or keyctl request2. (bsc#951440)

The following non-security bugs were fixed:

- input: evdev - do not report errors form flush() (bsc#939834).

- NFSv4: Recovery of recalled read delegations is broken (bsc#942178).

- apparmor: temporary work around for bug while unloading policy

(boo#941867).

- config/x86_64/ec2: Align CONFIG_STRICT_DEVMEM CONFIG_STRICT_DEVMEM is

enabled in every other kernel flavor, so enable it for x86_64/ec2 as

well.

- kernel-obs-build: add btrfs to initrd This is needed for kiwi builds.

- mmc: card: Do not access RPMB partitions for normal read/write

(bnc#941104).

- netback: coalesce (guest) RX SKBs as needed (bsc#919154).

- rpm/kernel-obs-build.spec.in: Add virtio_rng to the initrd. This allows

to feed some randomness to the OBS workers.

- xfs: Fix file type directory corruption for btree directories

(bsc#941305).

- xfs: ensure buffer types are set correctly (bsc#941305).

- xfs: inode unlink does not set AGI buffer type (bsc#941305).

- xfs: set buf types when converting extent formats (bsc#941305).

- xfs: set superblock buffer type correctly (bsc#941305).

- xhci: Add spurious wakeup quirk for LynxPoint-LP controllers

(bnc#951195).

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2015-686=1

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 13.2 (i586 x86_64):

bbswitch-0.8-3.13.2

bbswitch-debugsource-0.8-3.13.2

bbswitch-kmp-default-0.8_k3.16.7_29-3.13.2

bbswitch-kmp-default-debuginfo-0.8_k3.16.7_29-3.13.2

bbswitch-kmp-desktop-0.8_k3.16.7_29-3.13.2

bbswitch-kmp-desktop-debuginfo-0.8_k3.16.7_29-3.13.2

bbswitch-kmp-xen-0.8_k3.16.7_29-3.13.2

bbswitch-kmp-xen-debuginfo-0.8_k3.16.7_29-3.13.2

cloop-2.639-14.13.2

cloop-debuginfo-2.639-14.13.2

cloop-debugsource-2.639-14.13.2

cloop-kmp-default-2.639_k3.16.7_29-14.13.2

cloop-kmp-default-debuginfo-2.639_k3.16.7_29-14.13.2

cloop-kmp-desktop-2.639_k3.16.7_29-14.13.2

cloop-kmp-desktop-debuginfo-2.639_k3.16.7_29-14.13.2

cloop-kmp-xen-2.639_k3.16.7_29-14.13.2

cloop-kmp-xen-debuginfo-2.639_k3.16.7_29-14.13.2

crash-7.0.8-13.2

crash-debuginfo-7.0.8-13.2

crash-debugsource-7.0.8-13.2

crash-devel-7.0.8-13.2

crash-doc-7.0.8-13.2

crash-eppic-7.0.8-13.2

crash-eppic-debuginfo-7.0.8-13.2

crash-gcore-7.0.8-13.2

crash-gcore-debuginfo-7.0.8-13.2

crash-kmp-default-7.0.8_k3.16.7_29-13.2

crash-kmp-default-debuginfo-7.0.8_k3.16.7_29-13.2

crash-kmp-desktop-7.0.8_k3.16.7_29-13.2

crash-kmp-desktop-debuginfo-7.0.8_k3.16.7_29-13.2

crash-kmp-xen-7.0.8_k3.16.7_29-13.2

crash-kmp-xen-debuginfo-7.0.8_k3.16.7_29-13.2

hdjmod-debugsource-1.28-18.14.2

hdjmod-kmp-default-1.28_k3.16.7_29-18.14.2

hdjmod-kmp-default-debuginfo-1.28_k3.16.7_29-18.14.2

hdjmod-kmp-desktop-1.28_k3.16.7_29-18.14.2

hdjmod-kmp-desktop-debuginfo-1.28_k3.16.7_29-18.14.2

hdjmod-kmp-xen-1.28_k3.16.7_29-18.14.2

hdjmod-kmp-xen-debuginfo-1.28_k3.16.7_29-18.14.2

ipset-6.23-13.2

ipset-debuginfo-6.23-13.2

ipset-debugsource-6.23-13.2

ipset-devel-6.23-13.2

ipset-kmp-default-6.23_k3.16.7_29-13.2

ipset-kmp-default-debuginfo-6.23_k3.16.7_29-13.2

ipset-kmp-desktop-6.23_k3.16.7_29-13.2

ipset-kmp-desktop-debuginfo-6.23_k3.16.7_29-13.2

ipset-kmp-xen-6.23_k3.16.7_29-13.2

ipset-kmp-xen-debuginfo-6.23_k3.16.7_29-13.2

kernel-default-3.16.7-29.1

kernel-default-base-3.16.7-29.1

kernel-default-base-debuginfo-3.16.7-29.1

kernel-default-debuginfo-3.16.7-29.1

kernel-default-debugsource-3.16.7-29.1

kernel-default-devel-3.16.7-29.1

kernel-ec2-3.16.7-29.1

kernel-ec2-base-3.16.7-29.1

kernel-ec2-devel-3.16.7-29.1

kernel-obs-build-3.16.7-29.2

kernel-obs-build-debugsource-3.16.7-29.2

kernel-obs-qa-3.16.7-29.1

kernel-obs-qa-xen-3.16.7-29.1

kernel-syms-3.16.7-29.1

libipset3-6.23-13.2

libipset3-debuginfo-6.23-13.2

pcfclock-0.44-260.13.2

pcfclock-debuginfo-0.44-260.13.2

pcfclock-debugsource-0.44-260.13.2

pcfclock-kmp-default-0.44_k3.16.7_29-260.13.2

pcfclock-kmp-default-debuginfo-0.44_k3.16.7_29-260.13.2

pcfclock-kmp-desktop-0.44_k3.16.7_29-260.13.2

pcfclock-kmp-desktop-debuginfo-0.44_k3.16.7_29-260.13.2

vhba-kmp-debugsource-20140629-2.13.2

vhba-kmp-default-20140629_k3.16.7_29-2.13.2

vhba-kmp-default-debuginfo-20140629_k3.16.7_29-2.13.2

vhba-kmp-desktop-20140629_k3.16.7_29-2.13.2

vhba-kmp-desktop-debuginfo-20140629_k3.16.7_29-2.13.2

vhba-kmp-xen-20140629_k3.16.7_29-2.13.2

vhba-kmp-xen-debuginfo-20140629_k3.16.7_29-2.13.2

xen-debugsource-4.4.2_06-27.2

xen-devel-4.4.2_06-27.2

xen-libs-4.4.2_06-27.2

xen-libs-debuginfo-4.4.2_06-27.2

xen-tools-domU-4.4.2_06-27.2

xen-tools-domU-debuginfo-4.4.2_06-27.2

xtables-addons-2.6-13.2

xtables-addons-debuginfo-2.6-13.2

xtables-addons-debugsource-2.6-13.2

xtables-addons-kmp-default-2.6_k3.16.7_29-13.2

xtables-addons-kmp-default-debuginfo-2.6_k3.16.7_29-13.2

xtables-addons-kmp-desktop-2.6_k3.16.7_29-13.2

xtables-addons-kmp-desktop-debuginfo-2.6_k3.16.7_29-13.2

xtables-addons-kmp-xen-2.6_k3.16.7_29-13.2

xtables-addons-kmp-xen-debuginfo-2.6_k3.16.7_29-13.2

- openSUSE 13.2 (i686 x86_64):

kernel-debug-3.16.7-29.1

kernel-debug-base-3.16.7-29.1

kernel-debug-base-debuginfo-3.16.7-29.1

kernel-debug-debuginfo-3.16.7-29.1

kernel-debug-debugsource-3.16.7-29.1

kernel-debug-devel-3.16.7-29.1

kernel-debug-devel-debuginfo-3.16.7-29.1

kernel-desktop-3.16.7-29.1

kernel-desktop-base-3.16.7-29.1

kernel-desktop-base-debuginfo-3.16.7-29.1

kernel-desktop-debuginfo-3.16.7-29.1

kernel-desktop-debugsource-3.16.7-29.1

kernel-desktop-devel-3.16.7-29.1

kernel-ec2-base-debuginfo-3.16.7-29.1

kernel-ec2-debuginfo-3.16.7-29.1

kernel-ec2-debugsource-3.16.7-29.1

kernel-vanilla-3.16.7-29.1

kernel-vanilla-debuginfo-3.16.7-29.1

kernel-vanilla-debugsource-3.16.7-29.1

kernel-vanilla-devel-3.16.7-29.1

kernel-xen-3.16.7-29.1

kernel-xen-base-3.16.7-29.1

kernel-xen-base-debuginfo-3.16.7-29.1

kernel-xen-debuginfo-3.16.7-29.1

kernel-xen-debugsource-3.16.7-29.1

kernel-xen-devel-3.16.7-29.1

- openSUSE 13.2 (x86_64):

xen-4.4.2_06-27.2

xen-doc-html-4.4.2_06-27.2

xen-kmp-default-4.4.2_06_k3.16.7_29-27.2

xen-kmp-default-debuginfo-4.4.2_06_k3.16.7_29-27.2

xen-kmp-desktop-4.4.2_06_k3.16.7_29-27.2

xen-kmp-desktop-debuginfo-4.4.2_06_k3.16.7_29-27.2

xen-libs-32bit-4.4.2_06-27.2

xen-libs-debuginfo-32bit-4.4.2_06-27.2

xen-tools-4.4.2_06-27.2

xen-tools-debuginfo-4.4.2_06-27.2

- openSUSE 13.2 (noarch):

kernel-devel-3.16.7-29.1

kernel-docs-3.16.7-29.3

kernel-macros-3.16.7-29.1

kernel-source-3.16.7-29.1

kernel-source-vanilla-3.16.7-29.1

- openSUSE 13.2 (i686):

kernel-pae-3.16.7-29.1

kernel-pae-base-3.16.7-29.1

kernel-pae-base-debuginfo-3.16.7-29.1

kernel-pae-debuginfo-3.16.7-29.1

kernel-pae-debugsource-3.16.7-29.1

kernel-pae-devel-3.16.7-29.1

- openSUSE 13.2 (i586):

bbswitch-kmp-pae-0.8_k3.16.7_29-3.13.2

bbswitch-kmp-pae-debuginfo-0.8_k3.16.7_29-3.13.2

cloop-kmp-pae-2.639_k3.16.7_29-14.13.2

cloop-kmp-pae-debuginfo-2.639_k3.16.7_29-14.13.2

crash-kmp-pae-7.0.8_k3.16.7_29-13.2

crash-kmp-pae-debuginfo-7.0.8_k3.16.7_29-13.2

hdjmod-kmp-pae-1.28_k3.16.7_29-18.14.2

hdjmod-kmp-pae-debuginfo-1.28_k3.16.7_29-18.14.2

ipset-kmp-pae-6.23_k3.16.7_29-13.2

ipset-kmp-pae-debuginfo-6.23_k3.16.7_29-13.2

pcfclock-kmp-pae-0.44_k3.16.7_29-260.13.2

pcfclock-kmp-pae-debuginfo-0.44_k3.16.7_29-260.13.2

vhba-kmp-pae-20140629_k3.16.7_29-2.13.2

vhba-kmp-pae-debuginfo-20140629_k3.16.7_29-2.13.2

xtables-addons-kmp-pae-2.6_k3.16.7_29-13.2

xtables-addons-kmp-pae-debuginfo-2.6_k3.16.7_29-13.2

References:

https://www.suse.com/security/cve/CVE-2015-0272.html

https://www.suse.com/security/cve/CVE-2015-1333.html

https://www.suse.com/security/cve/CVE-2015-2925.html

https://www.suse.com/security/cve/CVE-2015-3290.html

https://www.suse.com/security/cve/CVE-2015-5283.html

https://www.suse.com/security/cve/CVE-2015-5707.html

https://www.suse.com/security/cve/CVE-2015-7872.html

https://bugzilla.suse.com/919154

https://bugzilla.suse.com/926238

https://bugzilla.suse.com/937969

https://bugzilla.suse.com/938645

https://bugzilla.suse.com/939834

https://bugzilla.suse.com/940338

https://bugzilla.suse.com/941104

https://bugzilla.suse.com/941305

https://bugzilla.suse.com/941867

https://bugzilla.suse.com/942178

https://bugzilla.suse.com/944296

https://bugzilla.suse.com/947155

https://bugzilla.suse.com/951195

https://bugzilla.suse.com/951440

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

Sign In

[security-announce] openSUSE-SU-2015:1842-1: important: Security update for the Linux Kernel

Recommended Posts

news 28

Share this post

Link to post

Please sign in to comment

Browse

Activity