Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[security-announce] SUSE-SU-2015:2194-1: important: Security update for the Linux Kernel

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

 

Announcement ID: SUSE-SU-2015:2194-1

Rating: important

References: #814440 #867595 #904348 #921949 #924493 #930145

#933514 #935961 #936076 #936773 #939826 #939926

#940853 #941202 #941867 #942938 #944749 #945626

#946078 #947241 #947321 #947478 #948521 #948685

#948831 #949100 #949463 #949504 #949706 #949744

#950013 #950750 #950862 #950998 #951110 #951165

#951199 #951440 #951546 #952666 #952758 #953796

#953980 #954635 #955148 #955224 #955422 #955533

#955644 #956047 #956053 #956703 #956711

Cross-References: CVE-2015-0272 CVE-2015-2925 CVE-2015-5283

CVE-2015-5307 CVE-2015-7799 CVE-2015-7872

CVE-2015-7990 CVE-2015-8104

Affected Products:

SUSE Linux Enterprise Workstation Extension 12

SUSE Linux Enterprise Software Development Kit 12

SUSE Linux Enterprise Server 12

SUSE Linux Enterprise Module for Public Cloud 12

SUSE Linux Enterprise Live Patching 12

SUSE Linux Enterprise Desktop 12

______________________________________________________________________________

 

An update that solves 8 vulnerabilities and has 45 fixes is

now available.

 

Description:

 

The SUSE Linux Enterprise 12 kernel was updated to 3.12.51 to receive

various security and bugfixes.

 

Following security bugs were fixed:

- CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the

Linux kernel did not ensure that certain slot numbers were valid, which

allowed local users to cause a denial of service (NULL pointer

dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call

(bnc#949936).

- CVE-2015-5283: The sctp_init function in net/sctp/protocol.c in the

Linux kernel had an incorrect sequence of protocol-initialization steps,

which allowed local users to cause a denial of service (panic or memory

corruption) by creating SCTP sockets before all of the steps have

finished (bnc#947155).

- CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux

kernel did not properly handle rename actions inside a bind mount, which

allowed local users to bypass an intended container protection mechanism

by renaming a directory, related to a "double-chroot attack (bnc#926238).

- CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS

users to cause a denial of service (host OS panic or hang) by triggering

many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).

- CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS

users to cause a denial of service (host OS panic or hang) by triggering

many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c

(bnc#953527).

- CVE-2015-7990: RDS: There was no verification that an underlying

transport exists when creating a connection, causing usage of a NULL

pointer (bsc#952384).

- CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in

the Linux kernel allowed local users to cause a denial of service (OOPS)

via crafted keyctl commands (bnc#951440).

- CVE-2015-0272: Missing checks allowed remote attackers to cause a denial

of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6

Router Advertisement (RA) message, a different vulnerability than

CVE-2015-8215 (bnc#944296).

 

The following non-security bugs were fixed:

- ALSA: hda - Disable 64bit address for Creative HDA controllers

(bnc#814440).

- Add PCI IDs of Intel Sunrise Point-H SATA Controller S232/236

(bsc#953796).

- Btrfs: fix file corruption and data loss after cloning inline extents

(bnc#956053).

- Btrfs: fix truncation of compressed and inlined extents (bnc#956053).

- Disable some ppc64le netfilter modules to restore the kabi (bsc#951546)

- Fix regression in NFSRDMA server (bsc#951110).

- KEYS: Fix race between key destruction and finding a keyring by name

(bsc#951440).

- KVM: x86: call irq notifiers with directed EOI (bsc#950862).

- NVMe: Add shutdown timeout as module parameter (bnc#936076).

- NVMe: Mismatched host/device page size support (bsc#935961).

- PCI: Drop "setting latency timer" messages (bsc#956047).

- SCSI: Fix hard lockup in scsi_remove_target() (bsc#944749).

- SCSI: hosts: update to use ida_simple for host_no (bsc#939926)

- SUNRPC: Fix oops when trace sunrpc_task events in nfs client

(bnc#956703).

- Sync ppc64le netfilter config options with other archs (bnc#951546)

- Update kabi files with sbc_parse_cdb symbol change (bsc#954635).

- apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another

task (bsc#921949).

- apparmor: temporary work around for bug while unloading policy

(boo#941867).

- audit: correctly record file names with different path name types

(bsc#950013).

- audit: create private file name copies when auditing inodes (bsc#950013).

- cpu: Defer smpboot kthread unparking until CPU known to scheduler

(bsc#936773).

- dlm: make posix locks interruptible, (bsc#947241).

- dm sysfs: introduce ability to add writable attributes (bsc#904348).

- dm-snap: avoid deadock on s->lock when a read is split (bsc#939826).

- dm: do not start current request if it would've merged with the previous

(bsc#904348).

- dm: impose configurable deadline for dm_request_fn's merge heuristic

(bsc#904348).

- dmapi: Fix xfs dmapi to not unlock and lock XFS_ILOCK_EXCL (bsc#949744).

- drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt,

v2 (bsc#942938).

- drm/i915: add hotplug activation period to hotplug update mask

(bsc#953980).

- fanotify: fix notification of groups with inode and mount marks

(bsc#955533).

- genirq: Make sure irq descriptors really exist when __irq_alloc_descs

returns (bsc#945626).

- hv: vss: run only on supported host versions (bnc#949504).

- ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224).

- ipv6: Check RTF_LOCAL on rt->rt6i_flags instead of rt->dst.flags

(bsc#947321).

- ipv6: Consider RTF_CACHE when searching the fib6 tree (bsc#947321).

- ipv6: Extend the route lookups to low priority metrics (bsc#947321).

- ipv6: Stop /128 route from disappearing after pmtu update (bsc#947321).

- ipv6: Stop rt6_info from using inet_peer's metrics (bsc#947321).

- ipv6: distinguish frag queues by device for multicast and link-local

packets (bsc#955422).

- ipvs: drop first packet to dead server (bsc#946078).

- kABI: protect struct ahci_host_priv.

- kABI: protect struct rt6_info changes from bsc#947321 changes

(bsc#947321).

- kabi: Hide rt6_* types from genksyms on ppc64le (bsc#951546).

- kabi: Restore kabi in struct iscsi_tpg_attrib (bsc#954635).

- kabi: Restore kabi in struct se_cmd (bsc#954635).

- kabi: Restore kabi in struct se_subsystem_api (bsc#954635).

- kabi: protect skb_copy_and_csum_datagram_iovec() signature (bsc#951199).

- kgr: fix migration of kthreads to the new universe.

- kgr: wake up kthreads periodically.

- ktime: add ktime_after and ktime_before helper (bsc#904348).

- macvlan: Support bonding events (bsc#948521).

- net: add length argument to skb_copy_and_csum_datagram_iovec

(bsc#951199).

- net: handle null iovec pointer in skb_copy_and_csum_datagram_iovec()

(bsc#951199).

- pci: Update VPD size with correct length (bsc#924493).

- rcu: Eliminate deadlock between CPU hotplug and expedited grace periods

(bsc#949706).

- ring-buffer: Always run per-cpu ring buffer resize with

schedule_work_on() (bnc#956711).

- route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224).

- rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds

(bsc#930145).

- rtc: cmos: Revert "rtc-cmos: Add an alarm disable quirk" (bsc#930145).

- sched/core: Fix task and run queue sched_info::run_delay inconsistencies

(bnc#949100).

- sunrpc/cache: make cache flushing more reliable (bsc#947478).

- supported.conf: Add missing dependencies of supported modules hwmon_vid

needed by nct6775 hwmon_vid needed by w83627ehf reed_solomon needed by

ramoops

- supported.conf: Fix dependencies on ppc64le of_mdio needed by mdio-gpio

- target/pr: fix core_scsi3_pr_seq_non_holder() caller (bnc#952666).

- target/rbd: fix COMPARE AND WRITE page vector leak (bnc#948831).

- target/rbd: fix PR info memory leaks (bnc#948831).

- target: Send UA upon LUN RESET tmr completion (bsc#933514).

- target: use "^A" when allocating UAs (bsc#933514).

- usbvision fix overflow of interfaces array (bnc#950998).

- vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750).

- vmxnet3: adjust ring sizes when interface is down (bsc#950750).

- x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at

runtime, instead of top-down (bsc#940853).

- x86/evtchn: make use of PHYSDEVOP_map_pirq.

- x86/mm/hotplug: Modify PGD entry when removing memory (VM Functionality,

bnc#955148).

- x86/mm/hotplug: Pass sync_global_pgds() a correct argument in

remove_pagetable() (VM Functionality, bnc#955148).

- xfs: DIO needs an ioend for writes (bsc#949744).

- xfs: DIO write completion size updates race (bsc#949744).

- xfs: DIO writes within EOF do not need an ioend (bsc#949744).

- xfs: always drain dio before extending aio write submission (bsc#949744).

- xfs: direct IO EOF zeroing needs to drain AIO (bsc#949744).

- xfs: do not allocate an ioend for direct I/O completions (bsc#949744).

- xfs: factor DIO write mapping from get_blocks (bsc#949744).

- xfs: handle DIO overwrite EOF update completion correctly (bsc#949744).

- xfs: move DIO mapping size calculation (bsc#949744).

- xfs: using generic_file_direct_write() is unnecessary (bsc#949744).

- xhci: Add spurious wakeup quirk for LynxPoint-LP controllers

(bnc#951165).

- xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949463).

 

 

Patch Instructions:

 

To install this SUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- SUSE Linux Enterprise Workstation Extension 12:

 

zypper in -t patch SUSE-SLE-WE-12-2015-945=1

 

- SUSE Linux Enterprise Software Development Kit 12:

 

zypper in -t patch SUSE-SLE-SDK-12-2015-945=1

 

- SUSE Linux Enterprise Server 12:

 

zypper in -t patch SUSE-SLE-SERVER-12-2015-945=1

 

- SUSE Linux Enterprise Module for Public Cloud 12:

 

zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-945=1

 

- SUSE Linux Enterprise Live Patching 12:

 

zypper in -t patch SUSE-SLE-Live-Patching-12-2015-945=1

 

- SUSE Linux Enterprise Desktop 12:

 

zypper in -t patch SUSE-SLE-DESKTOP-12-2015-945=1

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- SUSE Linux Enterprise Workstation Extension 12 (x86_64):

 

kernel-default-debuginfo-3.12.51-52.31.1

kernel-default-debugsource-3.12.51-52.31.1

kernel-default-extra-3.12.51-52.31.1

kernel-default-extra-debuginfo-3.12.51-52.31.1

 

- SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):

 

kernel-obs-build-3.12.51-52.31.1

kernel-obs-build-debugsource-3.12.51-52.31.1

 

- SUSE Linux Enterprise Software Development Kit 12 (noarch):

 

kernel-docs-3.12.51-52.31.5

 

- SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):

 

kernel-default-3.12.51-52.31.1

kernel-default-base-3.12.51-52.31.1

kernel-default-base-debuginfo-3.12.51-52.31.1

kernel-default-debuginfo-3.12.51-52.31.1

kernel-default-debugsource-3.12.51-52.31.1

kernel-default-devel-3.12.51-52.31.1

kernel-syms-3.12.51-52.31.1

 

- SUSE Linux Enterprise Server 12 (x86_64):

 

kernel-xen-3.12.51-52.31.1

kernel-xen-base-3.12.51-52.31.1

kernel-xen-base-debuginfo-3.12.51-52.31.1

kernel-xen-debuginfo-3.12.51-52.31.1

kernel-xen-debugsource-3.12.51-52.31.1

kernel-xen-devel-3.12.51-52.31.1

 

- SUSE Linux Enterprise Server 12 (noarch):

 

kernel-devel-3.12.51-52.31.1

kernel-macros-3.12.51-52.31.1

kernel-source-3.12.51-52.31.1

 

- SUSE Linux Enterprise Server 12 (s390x):

 

kernel-default-man-3.12.51-52.31.1

 

- SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):

 

kernel-ec2-3.12.51-52.31.1

kernel-ec2-debuginfo-3.12.51-52.31.1

kernel-ec2-debugsource-3.12.51-52.31.1

kernel-ec2-devel-3.12.51-52.31.1

kernel-ec2-extra-3.12.51-52.31.1

kernel-ec2-extra-debuginfo-3.12.51-52.31.1

 

- SUSE Linux Enterprise Live Patching 12 (x86_64):

 

kgraft-patch-3_12_51-52_31-default-1-2.2

kgraft-patch-3_12_51-52_31-xen-1-2.2

 

- SUSE Linux Enterprise Desktop 12 (x86_64):

 

kernel-default-3.12.51-52.31.1

kernel-default-debuginfo-3.12.51-52.31.1

kernel-default-debugsource-3.12.51-52.31.1

kernel-default-devel-3.12.51-52.31.1

kernel-default-extra-3.12.51-52.31.1

kernel-default-extra-debuginfo-3.12.51-52.31.1

kernel-syms-3.12.51-52.31.1

kernel-xen-3.12.51-52.31.1

kernel-xen-debuginfo-3.12.51-52.31.1

kernel-xen-debugsource-3.12.51-52.31.1

kernel-xen-devel-3.12.51-52.31.1

 

- SUSE Linux Enterprise Desktop 12 (noarch):

 

kernel-devel-3.12.51-52.31.1

kernel-macros-3.12.51-52.31.1

kernel-source-3.12.51-52.31.1

 

 

References:

 

https://www.suse.com/security/cve/CVE-2015-0272.html

https://www.suse.com/security/cve/CVE-2015-2925.html

https://www.suse.com/security/cve/CVE-2015-5283.html

https://www.suse.com/security/cve/CVE-2015-5307.html

https://www.suse.com/security/cve/CVE-2015-7799.html

https://www.suse.com/security/cve/CVE-2015-7872.html

https://www.suse.com/security/cve/CVE-2015-7990.html

https://www.suse.com/security/cve/CVE-2015-8104.html

https://bugzilla.suse.com/814440

https://bugzilla.suse.com/867595

https://bugzilla.suse.com/904348

https://bugzilla.suse.com/921949

https://bugzilla.suse.com/924493

https://bugzilla.suse.com/930145

https://bugzilla.suse.com/933514

https://bugzilla.suse.com/935961

https://bugzilla.suse.com/936076

https://bugzilla.suse.com/936773

https://bugzilla.suse.com/939826

https://bugzilla.suse.com/939926

https://bugzilla.suse.com/940853

https://bugzilla.suse.com/941202

https://bugzilla.suse.com/941867

https://bugzilla.suse.com/942938

https://bugzilla.suse.com/944749

https://bugzilla.suse.com/945626

https://bugzilla.suse.com/946078

https://bugzilla.suse.com/947241

https://bugzilla.suse.com/947321

https://bugzilla.suse.com/947478

https://bugzilla.suse.com/948521

https://bugzilla.suse.com/948685

https://bugzilla.suse.com/948831

https://bugzilla.suse.com/949100

https://bugzilla.suse.com/949463

https://bugzilla.suse.com/949504

https://bugzilla.suse.com/949706

https://bugzilla.suse.com/949744

https://bugzilla.suse.com/950013

https://bugzilla.suse.com/950750

https://bugzilla.suse.com/950862

https://bugzilla.suse.com/950998

https://bugzilla.suse.com/951110

https://bugzilla.suse.com/951165

https://bugzilla.suse.com/951199

https://bugzilla.suse.com/951440

https://bugzilla.suse.com/951546

https://bugzilla.suse.com/952666

https://bugzilla.suse.com/952758

https://bugzilla.suse.com/953796

https://bugzilla.suse.com/953980

https://bugzilla.suse.com/954635

https://bugzilla.suse.com/955148

https://bugzilla.suse.com/955224

https://bugzilla.suse.com/955422

https://bugzilla.suse.com/955533

https://bugzilla.suse.com/955644

https://bugzilla.suse.com/956047

https://bugzilla.suse.com/956053

https://bugzilla.suse.com/956703

https://bugzilla.suse.com/956711

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×