[security-announce] SUSE-SU-2016:0168-1: important: Security update for the Linux Kernel

news · January 19, 2016

SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID: SUSE-SU-2016:0168-1

Rating: important

References: #758040 #902606 #924919 #935087 #937261 #943959

#945649 #949440 #951155 #951199 #951392 #951615

#951638 #952579 #952976 #956708 #956801 #956876

#957395 #957546 #957988 #957990 #958463 #958504

#958510 #958647 #958886 #958951 #959190 #959364

#959399 #959436 #959705 #960300

Cross-References: CVE-2015-7550 CVE-2015-8539 CVE-2015-8543

CVE-2015-8550 CVE-2015-8551 CVE-2015-8552

CVE-2015-8569 CVE-2015-8575

Affected Products:

SUSE Linux Enterprise Workstation Extension 12

SUSE Linux Enterprise Software Development Kit 12

SUSE Linux Enterprise Server 12

SUSE Linux Enterprise Module for Public Cloud 12

SUSE Linux Enterprise Live Patching 12

SUSE Linux Enterprise Desktop 12

______________________________________________________________________________

An update that solves 8 vulnerabilities and has 26 fixes is

now available.

Description:

The SUSE Linux Enterprise 12 kernel was updated to receive various

security and bugfixes.

Following security bugs were fixed:

- CVE-2015-7550: A local user could have triggered a race between read and

revoke in keyctl (bnc#958951).

- CVE-2015-8539: A negatively instantiated user key could have been used

by a local user to leverage privileges (bnc#958463).

- CVE-2015-8543: The networking implementation in the Linux kernel did not

validate protocol identifiers for certain protocol families, which

allowed local users to cause a denial of service (NULL function pointer

dereference and system crash) or possibly gain privileges by leveraging

CLONE_NEWUSER support to execute a crafted SOCK_RAW application

(bnc#958886).

- CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers

could have lead to double fetch vulnerabilities, causing denial of

service or arbitrary code execution (depending on the configuration)

(bsc#957988).

- CVE-2015-8551, CVE-2015-8552: xen/pciback: For

XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled

(bsc#957990).

- CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in

drivers/net/ppp/pptp.c in the Linux kernel did not verify an address

length, which allowed local users to obtain sensitive information from

kernel memory and bypass the KASLR protection mechanism via a crafted

application (bnc#959190).

- CVE-2015-8575: Validate socket address length in sco_sock_bind() to

prevent information leak (bsc#959399).

The following non-security bugs were fixed:

- ACPICA: Correctly cleanup after a ACPI table load failure (bnc#937261).

- ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504).

- Input: aiptek - fix crash on detecting device without endpoints

(bnc#956708).

- Re-add copy_page_vector_to_user()

- Refresh patches.xen/xen3-patch-3.12.46-47 (bsc#959705).

- Refresh patches.xen/xen3-patch-3.9 (bsc#951155).

- Update

patches.suse/btrfs-8361-Btrfs-keep-dropped-roots-in-cache-until-transaction

-.patch (bnc#935087, bnc#945649, bnc#951615).

- bcache: Add btree_insert_node() (bnc#951638).

- bcache: Add explicit keylist arg to btree_insert() (bnc#951638).

- bcache: Clean up keylist code (bnc#951638).

- bcache: Convert btree_insert_check_key() to btree_insert_node()

(bnc#951638).

- bcache: Convert bucket_wait to wait_queue_head_t (bnc#951638).

- bcache: Convert try_wait to wait_queue_head_t (bnc#951638).

- bcache: Explicitly track btree node's parent (bnc#951638).

- bcache: Fix a bug when detaching (bsc#951638).

- bcache: Fix a lockdep splat in an error path (bnc#951638).

- bcache: Fix a shutdown bug (bsc#951638).

- bcache: Fix more early shutdown bugs (bsc#951638).

- bcache: Fix sysfs splat on shutdown with flash only devs (bsc#951638).

- bcache: Insert multiple keys at a time (bnc#951638).

- bcache: Refactor journalling flow control (bnc#951638).

- bcache: Refactor request_write() (bnc#951638).

- bcache: Use blkdev_issue_discard() (bnc#951638).

- bcache: backing device set to clean after finishing detach (bsc#951638).

- bcache: kill closure locking usage (bnc#951638).

- blktap: also call blkif_disconnect() when frontend switched to closed

(bsc#952976).

- blktap: refine mm tracking (bsc#952976).

- block: Always check queue limits for cloned requests (bsc#902606).

- btrfs: Add qgroup tracing (bnc#935087, bnc#945649).

- btrfs: Adjust commit-transaction condition to avoid NO_SPACE more

(bsc#958647).

- btrfs: Fix out-of-space bug (bsc#958647).

- btrfs: Fix tail space processing in find_free_dev_extent() (bsc#958647).

- btrfs: Set relative data on clear btrfs_block_group_cache->pinned

(bsc#958647).

- btrfs: Update btrfs qgroup status item when rescan is done (bnc#960300).

- btrfs: backref: Add special time_seq == (u64)-1 case for

btrfs_find_all_roots() (bnc#935087, bnc#945649).

- btrfs: backref: Do not merge refs which are not for same block

(bnc#935087, bnc#945649).

- btrfs: cleanup: remove no-used alloc_chunk in

btrfs_check_data_free_space() (bsc#958647).

- btrfs: delayed-ref: Cleanup the unneeded functions (bnc#935087,

bnc#945649).

- btrfs: delayed-ref: Use list to replace the ref_root in ref_head

(bnc#935087, bnc#945649).

- btrfs: extent-tree: Use ref_node to replace unneeded parameters in

__inc_extent_ref() and __free_extent() (bnc#935087, bnc#945649).

- btrfs: fix comp_oper to get right order (bnc#935087, bnc#945649).

- btrfs: fix condition of commit transaction (bsc#958647).

- btrfs: fix leak in qgroup_subtree_accounting() error path (bnc#935087,

bnc#945649).

- btrfs: fix order by which delayed references are run (bnc#949440).

- btrfs: fix qgroup sanity tests (bnc#951615).

- btrfs: fix race waiting for qgroup rescan worker (bnc#960300).

- btrfs: fix regression running delayed references when using qgroups

(bnc#951615).

- btrfs: fix regression when running delayed references (bnc#951615).

- btrfs: fix sleeping inside atomic context in qgroup rescan worker

(bnc#960300).

- btrfs: fix the number of transaction units needed to remove a block

group (bsc#958647).

- btrfs: keep dropped roots in cache until transaction commit (bnc#935087,

bnc#945649).

- btrfs: qgroup: Add function qgroup_update_counters() (bnc#935087,

bnc#945649).

- btrfs: qgroup: Add function qgroup_update_refcnt() (bnc#935087,

bnc#945649).

- btrfs: qgroup: Add new function to record old_roots (bnc#935087,

bnc#945649).

- btrfs: qgroup: Add new qgroup calculation function

btrfs_qgroup_account_extents() (bnc#935087, bnc#945649).

- btrfs: qgroup: Add the ability to skip given qgroup for old/new_roots

(bnc#935087, bnc#945649).

- btrfs: qgroup: Cleanup open-coded old/new_refcnt update and read

(bnc#935087, bnc#945649).

- btrfs: qgroup: Cleanup the old ref_node-oriented mechanism (bnc#935087,

bnc#945649).

- btrfs: qgroup: Do not copy extent buffer to do qgroup rescan

(bnc#960300).

- btrfs: qgroup: Fix a regression in qgroup reserved space (bnc#935087,

bnc#945649).

- btrfs: qgroup: Make snapshot accounting work with new extent-oriented

qgroup (bnc#935087, bnc#945649).

- btrfs: qgroup: Record possible quota-related extent for qgroup

(bnc#935087, bnc#945649).

- btrfs: qgroup: Switch rescan to new mechanism (bnc#935087, bnc#945649).

- btrfs: qgroup: Switch self test to extent-oriented qgroup mechanism

(bnc#935087, bnc#945649).

- btrfs: qgroup: Switch to new extent-oriented qgroup mechanism

(bnc#935087, bnc#945649).

- btrfs: qgroup: account shared subtree during snapshot delete

(bnc#935087, bnc#945649).

- btrfs: qgroup: clear STATUS_FLAG_ON in disabling quota (bnc#960300).

- btrfs: qgroup: exit the rescan worker during umount (bnc#960300).

- btrfs: qgroup: fix quota disable during rescan (bnc#960300).

- btrfs: qgroup: move WARN_ON() to the correct location (bnc#935087,

bnc#945649).

- btrfs: remove transaction from send (bnc#935087, bnc#945649).

- btrfs: ulist: Add ulist_del() function (bnc#935087, bnc#945649).

- btrfs: use btrfs_get_fs_root in resolve_indirect_ref (bnc#935087,

bnc#945649).

- btrfs: use global reserve when deleting unused block group after ENOSPC

(bsc#958647).

- cache: Fix sysfs splat on shutdown with flash only devs (bsc#951638).

- cpusets, isolcpus: exclude isolcpus from load balancing in cpusets

(bsc#957395).

- drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040).

- drm: Allocate new master object when client becomes master (bsc#956876,

bsc#956801).

- drm: Fix KABI of "struct drm_file" (bsc#956876, bsc#956801).

- e1000e: Do not read ICR in Other interrupt (bsc#924919).

- e1000e: Do not write lsc to ics in msi-x mode (bsc#924919).

- e1000e: Fix msi-x interrupt automask (bsc#924919).

- e1000e: Remove unreachable code (bsc#924919).

- genksyms: Handle string literals with spaces in reference files

(bsc#958510).

- ipv6: fix tunnel error handling (bsc#952579).

- lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392).

- mm/mempolicy.c: convert the shared_policy lock to a rwlock (bnc#959436).

- mm: remove PG_waiters from PAGE_FLAGS_CHECK_AT_FREE (bnc#943959).

- pm, hinernate: use put_page in release_swap_writer (bnc#943959).

- sched, isolcpu: make cpu_isolated_map visible outside scheduler

(bsc#957395).

- udp: properly support MSG_PEEK with truncated buffers (bsc#951199

bsc#959364).

- xhci: Workaround to get Intel xHCI reset working more reliably

(bnc#957546).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Workstation Extension 12:

zypper in -t patch SUSE-SLE-WE-12-2016-107=1

- SUSE Linux Enterprise Software Development Kit 12:

zypper in -t patch SUSE-SLE-SDK-12-2016-107=1

- SUSE Linux Enterprise Server 12:

zypper in -t patch SUSE-SLE-SERVER-12-2016-107=1

- SUSE Linux Enterprise Module for Public Cloud 12:

zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-107=1

- SUSE Linux Enterprise Live Patching 12:

zypper in -t patch SUSE-SLE-Live-Patching-12-2016-107=1

- SUSE Linux Enterprise Desktop 12:

zypper in -t patch SUSE-SLE-DESKTOP-12-2016-107=1

To bring your system up-to-date, use "zypper patch".

Package List:

- SUSE Linux Enterprise Workstation Extension 12 (x86_64):

kernel-default-debuginfo-3.12.51-52.34.1

kernel-default-debugsource-3.12.51-52.34.1

kernel-default-extra-3.12.51-52.34.1

kernel-default-extra-debuginfo-3.12.51-52.34.1

- SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):

kernel-obs-build-3.12.51-52.34.1

kernel-obs-build-debugsource-3.12.51-52.34.1

- SUSE Linux Enterprise Software Development Kit 12 (noarch):

kernel-docs-3.12.51-52.34.3

- SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):

kernel-default-3.12.51-52.34.1

kernel-default-base-3.12.51-52.34.1

kernel-default-base-debuginfo-3.12.51-52.34.1

kernel-default-debuginfo-3.12.51-52.34.1

kernel-default-debugsource-3.12.51-52.34.1

kernel-default-devel-3.12.51-52.34.1

kernel-syms-3.12.51-52.34.1

- SUSE Linux Enterprise Server 12 (x86_64):

kernel-xen-3.12.51-52.34.1

kernel-xen-base-3.12.51-52.34.1

kernel-xen-base-debuginfo-3.12.51-52.34.1

kernel-xen-debuginfo-3.12.51-52.34.1

kernel-xen-debugsource-3.12.51-52.34.1

kernel-xen-devel-3.12.51-52.34.1

- SUSE Linux Enterprise Server 12 (noarch):

kernel-devel-3.12.51-52.34.1

kernel-macros-3.12.51-52.34.1

kernel-source-3.12.51-52.34.1

- SUSE Linux Enterprise Server 12 (s390x):

kernel-default-man-3.12.51-52.34.1

- SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):

kernel-ec2-3.12.51-52.34.1

kernel-ec2-debuginfo-3.12.51-52.34.1

kernel-ec2-debugsource-3.12.51-52.34.1

kernel-ec2-devel-3.12.51-52.34.1

kernel-ec2-extra-3.12.51-52.34.1

kernel-ec2-extra-debuginfo-3.12.51-52.34.1

- SUSE Linux Enterprise Live Patching 12 (x86_64):

kgraft-patch-3_12_51-52_34-default-1-2.1

kgraft-patch-3_12_51-52_34-xen-1-2.1

- SUSE Linux Enterprise Desktop 12 (x86_64):

kernel-default-3.12.51-52.34.1

kernel-default-debuginfo-3.12.51-52.34.1

kernel-default-debugsource-3.12.51-52.34.1

kernel-default-devel-3.12.51-52.34.1

kernel-default-extra-3.12.51-52.34.1

kernel-default-extra-debuginfo-3.12.51-52.34.1

kernel-syms-3.12.51-52.34.1

kernel-xen-3.12.51-52.34.1

kernel-xen-debuginfo-3.12.51-52.34.1

kernel-xen-debugsource-3.12.51-52.34.1

kernel-xen-devel-3.12.51-52.34.1

- SUSE Linux Enterprise Desktop 12 (noarch):

kernel-devel-3.12.51-52.34.1

kernel-macros-3.12.51-52.34.1

kernel-source-3.12.51-52.34.1

References:

https://www.suse.com/security/cve/CVE-2015-7550.html

https://www.suse.com/security/cve/CVE-2015-8539.html

https://www.suse.com/security/cve/CVE-2015-8543.html

https://www.suse.com/security/cve/CVE-2015-8550.html

https://www.suse.com/security/cve/CVE-2015-8551.html

https://www.suse.com/security/cve/CVE-2015-8552.html

https://www.suse.com/security/cve/CVE-2015-8569.html

https://www.suse.com/security/cve/CVE-2015-8575.html

https://bugzilla.suse.com/758040

https://bugzilla.suse.com/902606

https://bugzilla.suse.com/924919

https://bugzilla.suse.com/935087

https://bugzilla.suse.com/937261

https://bugzilla.suse.com/943959

https://bugzilla.suse.com/945649

https://bugzilla.suse.com/949440

https://bugzilla.suse.com/951155

https://bugzilla.suse.com/951199

https://bugzilla.suse.com/951392

https://bugzilla.suse.com/951615

https://bugzilla.suse.com/951638

https://bugzilla.suse.com/952579

https://bugzilla.suse.com/952976

https://bugzilla.suse.com/956708

https://bugzilla.suse.com/956801

https://bugzilla.suse.com/956876

https://bugzilla.suse.com/957395

https://bugzilla.suse.com/957546

https://bugzilla.suse.com/957988

https://bugzilla.suse.com/957990

https://bugzilla.suse.com/958463

https://bugzilla.suse.com/958504

https://bugzilla.suse.com/958510

https://bugzilla.suse.com/958647

https://bugzilla.suse.com/958886

https://bugzilla.suse.com/958951

https://bugzilla.suse.com/959190

https://bugzilla.suse.com/959364

https://bugzilla.suse.com/959399

https://bugzilla.suse.com/959436

https://bugzilla.suse.com/959705

https://bugzilla.suse.com/960300

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

Sign In

[security-announce] SUSE-SU-2016:0168-1: important: Security update for the Linux Kernel

Recommended Posts

news 28

Share this post

Link to post

Please sign in to comment

Browse

Activity