[security-announce] openSUSE-SU-2016:0318-1: important: Security update for the Linux Kernel

[news 28]

openSUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

 

Announcement ID: openSUSE-SU-2016:0318-1

Rating: important

References: #814440 #906545 #912202 #921949 #937969 #937970

#938706 #944296 #945825 #949936 #950998 #951627

#951638 #952384 #952579 #952976 #953527 #954138

#954404 #955224 #955354 #955422 #956708 #956934

#957988 #957990 #958504 #958510 #958886 #958951

#959190 #959399 #959568 #960839 #961509 #961739

#962075

Cross-References: CVE-2014-8989 CVE-2014-9529 CVE-2015-5157

CVE-2015-5307 CVE-2015-6937 CVE-2015-7550

CVE-2015-7799 CVE-2015-7885 CVE-2015-7990

CVE-2015-8104 CVE-2015-8215 CVE-2015-8543

CVE-2015-8550 CVE-2015-8551 CVE-2015-8552

CVE-2015-8569 CVE-2015-8575 CVE-2015-8767

CVE-2016-0728

Affected Products:

openSUSE 13.2

______________________________________________________________________________

 

An update that solves 19 vulnerabilities and has 18 fixes

is now available.

 

Description:

 

 

The openSUSE 13.2 kernel was updated to receive various security and

bugfixes.

 

Following security bugs were fixed:

- CVE-2016-0728: A reference leak in keyring handling with

join_session_keyring() could lead to local attackers gain root

privileges. (bsc#962075).

- CVE-2015-7550: A local user could have triggered a race between read and

revoke in keyctl (bnc#958951).

- CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in

drivers/net/ppp/pptp.c in the Linux kernel did not verify an address

length, which allowed local users to obtain sensitive information from

kernel memory and bypass the KASLR protection mechanism via a crafted

application (bnc#959190).

- CVE-2015-8543: The networking implementation in the Linux kernel did not

validate protocol identifiers for certain protocol families, which

allowed local users to cause a denial of service (NULL function pointer

dereference and system crash) or possibly gain privileges by leveraging

CLONE_NEWUSER support to execute a crafted SOCK_RAW application

(bnc#958886).

- CVE-2014-8989: The Linux kernel did not properly restrict dropping

of supplemental group memberships in certain namespace scenarios, which

allowed local users to bypass intended file permissions by leveraging a

POSIX ACL containing an entry for the group category that is more

restrictive than the entry for the other category, aka a "negative

groups" issue, related to kernel/groups.c, kernel/uid16.c, and

kernel/user_namespace.c (bnc#906545).

- CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the

x86_64 platform mishandles IRET faults in processing NMIs that

occurred during userspace execution, which might allow local users to

gain privileges by triggering an NMI (bnc#937969).

- CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the

Linux kernel through 4.2.3 did not ensure that certain slot numbers are

valid, which allowed local users to cause a denial of service (NULL

pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl

call (bnc#949936).

- CVE-2015-8104: The KVM subsystem in the Linux kernel through 4.2.6, and

Xen 4.3.x through 4.6.x, allowed guest OS users to cause a denial

of service (host OS panic or hang) by triggering many #DB (aka Debug)

exceptions, related to svm.c (bnc#954404).

- CVE-2015-5307: The KVM subsystem in the Linux kernel through 4.2.6, and

Xen 4.3.x through 4.6.x, allowed guest OS users to cause a denial

of service (host OS panic or hang) by triggering many #AC (aka Alignment

Check) exceptions, related to svm.c and vmx.c (bnc#953527).

- CVE-2014-9529: Race condition in the key_gc_unused_keys function in

security/keys/gc.c in the Linux kernel allowed local users to cause a

denial of service (memory corruption or panic) or possibly have

unspecified other impact via keyctl commands that trigger access to a

key structure member during garbage collection of a key (bnc#912202).

- CVE-2015-7990: Race condition in the rds_sendmsg function in

net/rds/sendmsg.c in the Linux kernel allowed local users to cause a

denial of service (NULL pointer dereference and system crash) or

possibly have unspecified other impact by using a socket that was not

properly bound. NOTE: this vulnerability exists because of an

incomplete fix for CVE-2015-6937 (bnc#952384 953052).

- CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in

the Linux kernel allowed local users to cause a denial of service (NULL

pointer dereference and system crash) or possibly have unspecified

other impact by using a socket that was not properly bound (bnc#945825).

- CVE-2015-7885: The dgnc_mgmt_ioctl function in

drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 did

not initialize a certain structure member, which allowed local users to

obtain sensitive information from kernel memory via a crafted

application (bnc#951627).

- CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel

did not validate attempted changes to the MTU value, which allowed

context-dependent attackers to cause a denial of service (packet loss)

via a value that is (1) smaller than the minimum compliant value or (2)

larger than the MTU of an interface, as demonstrated by a Router

Advertisement (RA) message that is not validated by a daemon, a

different vulnerability than CVE-2015-0272. NOTE: the scope of

CVE-2015-0272 is limited to the NetworkManager product (bnc#955354).

- CVE-2015-8767: A case can occur when sctp_accept() is called by the user

during a heartbeat timeout event after the 4-way handshake. Since

sctp_assoc_migrate() changes both assoc->base.sk and assoc->ep, the

bh_sock_lock in sctp_generate_heartbeat_event() will be taken with the

listening socket but released with the new association socket. The

result is a deadlock on any future attempts to take the listening socket

lock. (bsc#961509)

- CVE-2015-8575: Validate socket address length in sco_sock_bind() to

prevent information leak (bsc#959399).

- CVE-2015-8551, CVE-2015-8552: xen/pciback: For

XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled

(bsc#957990).

- CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers

could have lead to double fetch vulnerabilities, causing denial of

service or arbitrary code execution (depending on the configuration)

(bsc#957988).

 

The following non-security bugs were fixed:

- ALSA: hda - Disable 64bit address for Creative HDA controllers

(bnc#814440).

- ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504).

- Input: aiptek - fix crash on detecting device without endpoints

(bnc#956708).

- KEYS: Make /proc/keys unconditional if CONFIG_KEYS=y (boo#956934).

- KVM: x86: update masterclock values on TSC writes (bsc#961739).

- NFS: Fix a NULL pointer dereference of migration recovery ops for v4.2

client (bsc#960839).

- apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another

task (bsc#921949).

- blktap: also call blkif_disconnect() when frontend switched to closed

(bsc#952976).

- blktap: refine mm tracking (bsc#952976).

- cdrom: Random writing support for BD-RE media (bnc#959568).

- genksyms: Handle string literals with spaces in reference files

(bsc#958510).

- ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224).

- ipv6: distinguish frag queues by device for multicast and link-local

packets (bsc#955422).

- ipv6: fix tunnel error handling (bsc#952579).

- route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224).

- uas: Add response iu handling (bnc#954138).

- usbvision fix overflow of interfaces array (bnc#950998).

- x86/evtchn: make use of PHYSDEVOP_map_pirq.

- xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set

(bsc#957990 XSA-157).

 

 

Patch Instructions:

 

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- openSUSE 13.2:

 

zypper in -t patch openSUSE-2016-136=1

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- openSUSE 13.2 (i686 x86_64):

 

kernel-debug-3.16.7-32.1

kernel-debug-base-3.16.7-32.1

kernel-debug-base-debuginfo-3.16.7-32.1

kernel-debug-debuginfo-3.16.7-32.1

kernel-debug-debugsource-3.16.7-32.1

kernel-debug-devel-3.16.7-32.1

kernel-debug-devel-debuginfo-3.16.7-32.1

kernel-desktop-3.16.7-32.1

kernel-desktop-base-3.16.7-32.1

kernel-desktop-base-debuginfo-3.16.7-32.1

kernel-desktop-debuginfo-3.16.7-32.1

kernel-desktop-debugsource-3.16.7-32.1

kernel-desktop-devel-3.16.7-32.1

kernel-ec2-base-debuginfo-3.16.7-32.1

kernel-ec2-debuginfo-3.16.7-32.1

kernel-ec2-debugsource-3.16.7-32.1

kernel-vanilla-3.16.7-32.1

kernel-vanilla-debuginfo-3.16.7-32.1

kernel-vanilla-debugsource-3.16.7-32.1

kernel-vanilla-devel-3.16.7-32.1

kernel-xen-3.16.7-32.1

kernel-xen-base-3.16.7-32.1

kernel-xen-base-debuginfo-3.16.7-32.1

kernel-xen-debuginfo-3.16.7-32.1

kernel-xen-debugsource-3.16.7-32.1

kernel-xen-devel-3.16.7-32.1

 

- openSUSE 13.2 (i586 x86_64):

 

bbswitch-0.8-3.15.1

bbswitch-debugsource-0.8-3.15.1

bbswitch-kmp-default-0.8_k3.16.7_32-3.15.1

bbswitch-kmp-default-debuginfo-0.8_k3.16.7_32-3.15.1

bbswitch-kmp-desktop-0.8_k3.16.7_32-3.15.1

bbswitch-kmp-desktop-debuginfo-0.8_k3.16.7_32-3.15.1

bbswitch-kmp-xen-0.8_k3.16.7_32-3.15.1

bbswitch-kmp-xen-debuginfo-0.8_k3.16.7_32-3.15.1

cloop-2.639-14.15.1

cloop-debuginfo-2.639-14.15.1

cloop-debugsource-2.639-14.15.1

cloop-kmp-default-2.639_k3.16.7_32-14.15.1

cloop-kmp-default-debuginfo-2.639_k3.16.7_32-14.15.1

cloop-kmp-desktop-2.639_k3.16.7_32-14.15.1

cloop-kmp-desktop-debuginfo-2.639_k3.16.7_32-14.15.1

cloop-kmp-xen-2.639_k3.16.7_32-14.15.1

cloop-kmp-xen-debuginfo-2.639_k3.16.7_32-14.15.1

crash-7.0.8-15.1

crash-debuginfo-7.0.8-15.1

crash-debugsource-7.0.8-15.1

crash-devel-7.0.8-15.1

crash-doc-7.0.8-15.1

crash-eppic-7.0.8-15.1

crash-eppic-debuginfo-7.0.8-15.1

crash-gcore-7.0.8-15.1

crash-gcore-debuginfo-7.0.8-15.1

crash-kmp-default-7.0.8_k3.16.7_32-15.1

crash-kmp-default-debuginfo-7.0.8_k3.16.7_32-15.1

crash-kmp-desktop-7.0.8_k3.16.7_32-15.1

crash-kmp-desktop-debuginfo-7.0.8_k3.16.7_32-15.1

crash-kmp-xen-7.0.8_k3.16.7_32-15.1

crash-kmp-xen-debuginfo-7.0.8_k3.16.7_32-15.1

hdjmod-debugsource-1.28-18.16.1

hdjmod-kmp-default-1.28_k3.16.7_32-18.16.1

hdjmod-kmp-default-debuginfo-1.28_k3.16.7_32-18.16.1

hdjmod-kmp-desktop-1.28_k3.16.7_32-18.16.1

hdjmod-kmp-desktop-debuginfo-1.28_k3.16.7_32-18.16.1

hdjmod-kmp-xen-1.28_k3.16.7_32-18.16.1

hdjmod-kmp-xen-debuginfo-1.28_k3.16.7_32-18.16.1

ipset-6.23-15.1

ipset-debuginfo-6.23-15.1

ipset-debugsource-6.23-15.1

ipset-devel-6.23-15.1

ipset-kmp-default-6.23_k3.16.7_32-15.1

ipset-kmp-default-debuginfo-6.23_k3.16.7_32-15.1

ipset-kmp-desktop-6.23_k3.16.7_32-15.1

ipset-kmp-desktop-debuginfo-6.23_k3.16.7_32-15.1

ipset-kmp-xen-6.23_k3.16.7_32-15.1

ipset-kmp-xen-debuginfo-6.23_k3.16.7_32-15.1

kernel-default-3.16.7-32.1

kernel-default-base-3.16.7-32.1

kernel-default-base-debuginfo-3.16.7-32.1

kernel-default-debuginfo-3.16.7-32.1

kernel-default-debugsource-3.16.7-32.1

kernel-default-devel-3.16.7-32.1

kernel-ec2-3.16.7-32.1

kernel-ec2-base-3.16.7-32.1

kernel-ec2-devel-3.16.7-32.1

kernel-obs-build-3.16.7-32.2

kernel-obs-build-debugsource-3.16.7-32.2

kernel-obs-qa-3.16.7-32.1

kernel-obs-qa-xen-3.16.7-32.1

kernel-syms-3.16.7-32.1

libipset3-6.23-15.1

libipset3-debuginfo-6.23-15.1

pcfclock-0.44-260.15.1

pcfclock-debuginfo-0.44-260.15.1

pcfclock-debugsource-0.44-260.15.1

pcfclock-kmp-default-0.44_k3.16.7_32-260.15.1

pcfclock-kmp-default-debuginfo-0.44_k3.16.7_32-260.15.1

pcfclock-kmp-desktop-0.44_k3.16.7_32-260.15.1

pcfclock-kmp-desktop-debuginfo-0.44_k3.16.7_32-260.15.1

python-virtualbox-4.3.34-37.1

python-virtualbox-debuginfo-4.3.34-37.1

vhba-kmp-debugsource-20140629-2.15.1

vhba-kmp-default-20140629_k3.16.7_32-2.15.1

vhba-kmp-default-debuginfo-20140629_k3.16.7_32-2.15.1

vhba-kmp-desktop-20140629_k3.16.7_32-2.15.1

vhba-kmp-desktop-debuginfo-20140629_k3.16.7_32-2.15.1

vhba-kmp-xen-20140629_k3.16.7_32-2.15.1

vhba-kmp-xen-debuginfo-20140629_k3.16.7_32-2.15.1

virtualbox-4.3.34-37.1

virtualbox-debuginfo-4.3.34-37.1

virtualbox-debugsource-4.3.34-37.1

virtualbox-devel-4.3.34-37.1

virtualbox-guest-kmp-default-4.3.34_k3.16.7_32-37.1

virtualbox-guest-kmp-default-debuginfo-4.3.34_k3.16.7_32-37.1

virtualbox-guest-kmp-desktop-4.3.34_k3.16.7_32-37.1

virtualbox-guest-kmp-desktop-debuginfo-4.3.34_k3.16.7_32-37.1

virtualbox-guest-tools-4.3.34-37.1

virtualbox-guest-tools-debuginfo-4.3.34-37.1

virtualbox-guest-x11-4.3.34-37.1

virtualbox-guest-x11-debuginfo-4.3.34-37.1

virtualbox-host-kmp-default-4.3.34_k3.16.7_32-37.1

virtualbox-host-kmp-default-debuginfo-4.3.34_k3.16.7_32-37.1

virtualbox-host-kmp-desktop-4.3.34_k3.16.7_32-37.1

virtualbox-host-kmp-desktop-debuginfo-4.3.34_k3.16.7_32-37.1

virtualbox-qt-4.3.34-37.1

virtualbox-qt-debuginfo-4.3.34-37.1

virtualbox-websrv-4.3.34-37.1

virtualbox-websrv-debuginfo-4.3.34-37.1

xen-debugsource-4.4.3_08-38.1

xen-devel-4.4.3_08-38.1

xen-libs-4.4.3_08-38.1

xen-libs-debuginfo-4.4.3_08-38.1

xen-tools-domU-4.4.3_08-38.1

xen-tools-domU-debuginfo-4.4.3_08-38.1

xtables-addons-2.6-15.1

xtables-addons-debuginfo-2.6-15.1

xtables-addons-debugsource-2.6-15.1

xtables-addons-kmp-default-2.6_k3.16.7_32-15.1

xtables-addons-kmp-default-debuginfo-2.6_k3.16.7_32-15.1

xtables-addons-kmp-desktop-2.6_k3.16.7_32-15.1

xtables-addons-kmp-desktop-debuginfo-2.6_k3.16.7_32-15.1

xtables-addons-kmp-xen-2.6_k3.16.7_32-15.1

xtables-addons-kmp-xen-debuginfo-2.6_k3.16.7_32-15.1

 

- openSUSE 13.2 (noarch):

 

kernel-devel-3.16.7-32.1

kernel-docs-3.16.7-32.2

kernel-macros-3.16.7-32.1

kernel-source-3.16.7-32.1

kernel-source-vanilla-3.16.7-32.1

virtualbox-guest-desktop-icons-4.3.34-37.1

virtualbox-host-source-4.3.34-37.1

 

- openSUSE 13.2 (x86_64):

 

xen-4.4.3_08-38.1

xen-doc-html-4.4.3_08-38.1

xen-kmp-default-4.4.3_08_k3.16.7_32-38.1

xen-kmp-default-debuginfo-4.4.3_08_k3.16.7_32-38.1

xen-kmp-desktop-4.4.3_08_k3.16.7_32-38.1

xen-kmp-desktop-debuginfo-4.4.3_08_k3.16.7_32-38.1

xen-libs-32bit-4.4.3_08-38.1

xen-libs-debuginfo-32bit-4.4.3_08-38.1

xen-tools-4.4.3_08-38.1

xen-tools-debuginfo-4.4.3_08-38.1

 

- openSUSE 13.2 (i686):

 

kernel-pae-3.16.7-32.1

kernel-pae-base-3.16.7-32.1

kernel-pae-base-debuginfo-3.16.7-32.1

kernel-pae-debuginfo-3.16.7-32.1

kernel-pae-debugsource-3.16.7-32.1

kernel-pae-devel-3.16.7-32.1

 

- openSUSE 13.2 (i586):

 

bbswitch-kmp-pae-0.8_k3.16.7_32-3.15.1

bbswitch-kmp-pae-debuginfo-0.8_k3.16.7_32-3.15.1

cloop-kmp-pae-2.639_k3.16.7_32-14.15.1

cloop-kmp-pae-debuginfo-2.639_k3.16.7_32-14.15.1

crash-kmp-pae-7.0.8_k3.16.7_32-15.1

crash-kmp-pae-debuginfo-7.0.8_k3.16.7_32-15.1

hdjmod-kmp-pae-1.28_k3.16.7_32-18.16.1

hdjmod-kmp-pae-debuginfo-1.28_k3.16.7_32-18.16.1

ipset-kmp-pae-6.23_k3.16.7_32-15.1

ipset-kmp-pae-debuginfo-6.23_k3.16.7_32-15.1

pcfclock-kmp-pae-0.44_k3.16.7_32-260.15.1

pcfclock-kmp-pae-debuginfo-0.44_k3.16.7_32-260.15.1

vhba-kmp-pae-20140629_k3.16.7_32-2.15.1

vhba-kmp-pae-debuginfo-20140629_k3.16.7_32-2.15.1

virtualbox-guest-kmp-pae-4.3.34_k3.16.7_32-37.1

virtualbox-guest-kmp-pae-debuginfo-4.3.34_k3.16.7_32-37.1

virtualbox-host-kmp-pae-4.3.34_k3.16.7_32-37.1

virtualbox-host-kmp-pae-debuginfo-4.3.34_k3.16.7_32-37.1

xtables-addons-kmp-pae-2.6_k3.16.7_32-15.1

xtables-addons-kmp-pae-debuginfo-2.6_k3.16.7_32-15.1

 

 

References:

 

https://www.suse.com/security/cve/CVE-2014-8989.html

https://www.suse.com/security/cve/CVE-2014-9529.html

https://www.suse.com/security/cve/CVE-2015-5157.html

https://www.suse.com/security/cve/CVE-2015-5307.html

https://www.suse.com/security/cve/CVE-2015-6937.html

https://www.suse.com/security/cve/CVE-2015-7550.html

https://www.suse.com/security/cve/CVE-2015-7799.html

https://www.suse.com/security/cve/CVE-2015-7885.html

https://www.suse.com/security/cve/CVE-2015-7990.html

https://www.suse.com/security/cve/CVE-2015-8104.html

https://www.suse.com/security/cve/CVE-2015-8215.html

https://www.suse.com/security/cve/CVE-2015-8543.html

https://www.suse.com/security/cve/CVE-2015-8550.html

https://www.suse.com/security/cve/CVE-2015-8551.html

https://www.suse.com/security/cve/CVE-2015-8552.html

https://www.suse.com/security/cve/CVE-2015-8569.html

https://www.suse.com/security/cve/CVE-2015-8575.html

https://www.suse.com/security/cve/CVE-2015-8767.html

https://www.suse.com/security/cve/CVE-2016-0728.html

https://bugzilla.suse.com/814440

https://bugzilla.suse.com/906545

https://bugzilla.suse.com/912202

https://bugzilla.suse.com/921949

https://bugzilla.suse.com/937969

https://bugzilla.suse.com/937970

https://bugzilla.suse.com/938706

https://bugzilla.suse.com/944296

https://bugzilla.suse.com/945825

https://bugzilla.suse.com/949936

https://bugzilla.suse.com/950998

https://bugzilla.suse.com/951627

https://bugzilla.suse.com/951638

https://bugzilla.suse.com/952384

https://bugzilla.suse.com/952579

https://bugzilla.suse.com/952976

https://bugzilla.suse.com/953527

https://bugzilla.suse.com/954138

https://bugzilla.suse.com/954404

https://bugzilla.suse.com/955224

https://bugzilla.suse.com/955354

https://bugzilla.suse.com/955422

https://bugzilla.suse.com/956708

https://bugzilla.suse.com/956934

https://bugzilla.suse.com/957988

https://bugzilla.suse.com/957990

https://bugzilla.suse.com/958504

https://bugzilla.suse.com/958510

https://bugzilla.suse.com/958886

https://bugzilla.suse.com/958951

https://bugzilla.suse.com/959190

https://bugzilla.suse.com/959399

https://bugzilla.suse.com/959568

https://bugzilla.suse.com/960839

https://bugzilla.suse.com/961509

https://bugzilla.suse.com/961739

https://bugzilla.suse.com/962075

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org