Jump to content
Compatible Support Forums
Sign in to follow this  
news

[security-announce] SUSE-SU-2016:0354-1: important: Security update for the Linux Kernel

Recommended Posts

SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

 

Announcement ID: SUSE-SU-2016:0354-1

Rating: important

References: #777565 #814440 #900610 #904348 #904965 #920016

#923002 #926007 #926709 #926774 #930145 #930788

#932350 #932805 #933721 #935053 #935757 #936118

#937969 #937970 #938706 #939207 #939826 #939926

#939955 #940017 #940925 #941202 #942204 #942305

#942367 #942605 #942688 #942938 #943786 #944296

#944831 #944837 #944989 #944993 #945691 #945825

#945827 #946078 #946309 #947957 #948330 #948347

#948521 #949100 #949298 #949502 #949706 #949744

#949981 #951440 #952084 #952384 #952579 #953527

#953980 #954404 #955354

Cross-References: CVE-2015-0272 CVE-2015-5157 CVE-2015-5307

CVE-2015-6252 CVE-2015-6937 CVE-2015-7872

CVE-2015-7990 CVE-2015-8104 CVE-2015-8215

 

Affected Products:

SUSE Linux Enterprise Real Time Extension 11-SP3

SUSE Linux Enterprise Debuginfo 11-SP3

______________________________________________________________________________

 

An update that solves 9 vulnerabilities and has 54 fixes is

now available.

 

Description:

 

 

The SUSE Linux Enterprise 11 SP3 Realtime kernel was updated to receive

various security and bugfixes.

 

Following security bugs were fixed:

- CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS

users to cause a denial of service (host OS panic or hang) by triggering

many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).

- CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS

users to cause a denial of service (host OS panic or hang) by triggering

many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c

(bnc#953527).

- CVE-2015-7990: RDS: Verify the underlying transport exists before

creating a connection, preventing possible DoS (bsc#952384,

CVE-2015-7990).

- CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the

x86_64 platform mishandled IRET faults in processing NMIs that

occurred during userspace execution, which might allow local users to

gain privileges by triggering an NMI (bnc#937969 bnc#937970 bnc#938706

bnc#939207).

- CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in

the Linux kernel allowed local users to cause a denial of service (OOPS)

via crafted keyctl commands (bnc#951440).

- CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel

did not validate attempted changes to the MTU value, which allowed

context-dependent attackers to cause a denial of service (packet loss)

via a value that is (1) smaller than the minimum compliant value or (2)

larger than the MTU of an interface, as demonstrated by a Router

Advertisement (RA) message that is not validated by a daemon, a

different vulnerability than CVE-2015-0272. NOTE: the scope of

CVE-2015-0272 is limited to the NetworkManager product. (bnc#955354).

- CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in

the Linux kernel allowed local users to cause a denial of service (NULL

pointer dereference and system crash) or possibly have unspecified

other impact by using a socket that was not properly bound (bnc#945825).

- CVE-2015-6252: The vhost_dev_ioctl function in drivers/vhost/vhost.c in

the Linux kernel allowed local users to cause a denial of service

(memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers

permanent file-descriptor allocation (bnc#942367).

 

The following non-security bugs were fixed:

- alsa: hda - Disable 64bit address for Creative HDA controllers

(bnc#814440).

- btrfs: fix hang when failing to submit bio of directIO (bnc#942688).

- btrfs: fix memory corruption on failure to submit bio for direct IO

(bnc#942688).

- btrfs: fix put dio bio twice when we submit dio bio fail (bnc#942688).

- dm: do not start current request if it would've merged with the previous

(bsc#904348).

- dm: impose configurable deadline for dm_request_fn's merge heuristic

(bsc#904348).

- dm-snap: avoid deadock on s->lock when a read is split (bsc#939826).

- dm sysfs: introduce ability to add writable attributes (bsc#904348).

- drm/i915: Add bit field to record which pins have received HPD events

(v3) (bsc#942938).

- drm/I915: Add enum hpd_pin to intel_encoder (bsc#942938).

- drm/i915: add hotplug activation period to hotplug update mask

(bsc#953980).

- drm/i915: Add HPD IRQ storm detection (v5) (bsc#942938).

- drm/i915: Add messages useful for HPD storm detection debugging (v2)

(bsc#942938).

- drm/i915: Add Reenable Timer to turn Hotplug Detection back on (v4)

(bsc#942938).

- drm/i915: assert_spin_locked for pipestat interrupt enable/disable

(bsc#942938).

- drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt

(bsc#942938).

- drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt,

v2 (bsc#942938).

- drm/i915: clear crt hotplug compare voltage field before setting

(bsc#942938).

- drm/i915: close tiny race in the ilk pcu even interrupt setup

(bsc#942938).

- drm/i915: Convert HPD interrupts to make use of HPD pin assignment in

encoders (v2) (bsc#942938).

- drm/i915: Disable HPD interrupt on pin when irq storm is detected (v3)

(bsc#942938).

- drm/i915: Do not WARN nor handle unexpected hpd interrupts on gmch

platforms (bsc#942938).

- drm/i915: Enable hotplug interrupts after querying hw capabilities

(bsc#942938).

- drm/i915: Fix DDC probe for passive adapters (bsc#900610, fdo#85924).

- drm/i915: fix hotplug event bit tracking (bsc#942938).

- drm/i915: Fix hotplug interrupt enabling for SDVOC (bsc#942938).

- drm/i915: fix hpd interrupt register locking (bsc#942938).

- drm/i915: fix hpd work vs. flush_work in the pageflip code deadlock

(bsc#942938).

- drm/i915: fix locking around ironlake_enable|disable_display_irq

(bsc#942938).

- drm/i915: Fix up sdvo hpd pins for i965g/gm (bsc#942938).

- drm/i915: fold the hpd_irq_setup call into intel_hpd_irq_handler

(bsc#942938).

- drm/i915: fold the no-irq check into intel_hpd_irq_handler (bsc#942938).

- drm/i915: fold the queue_work into intel_hpd_irq_handler (bsc#942938).

- drm/i915: Get rid if the "hotplug_supported_mask" in struct

drm_i915_private (bsc#942938).

- drm/i915: implement ibx_hpd_irq_setup (bsc#942938).

- drm/i915: Make hpd arrays big enough to avoid out of bounds access

(bsc#942938).

- drm/i915: Mask out the HPD irq bits before setting them individually

(bsc#942938).

- drm/i915: Only print hotplug event message when hotplug bit is set

(bsc#942938).

- drm/i915: Only reprobe display on encoder which has received an HPD

event (v2) (bsc#942938).

- drm/i915: Queue reenable timer also when enable_hotplug_processing is

false (bsc#942938).

- drm/i915: (re)init HPD interrupt storm statistics (bsc#942938).

- drm/i915: Remove i965_hpd_irq_setup (bsc#942938).

- drm/i915: Remove pch_rq_mask from struct drm_i915_private (bsc#942938).

- drm/i915: Remove valleyview_hpd_irq_setup (bsc#942938).

- drm/i915: s/hotplug_irq_storm_detect/intel_hpd_irq_handler/ (bsc#942938).

- drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler()

(bsc#942938).

- drm/i915: WARN_ONCE() about unexpected interrupts for all chipsets

(bsc#942938).

- ehci-pci: enable interrupt on BayTrail (bnc926007).

- Fixing wording in patch comment (bsc#923002)

- fix lpfc_send_rscn_event allocation size claims bnc#935757

- hugetlb: simplify migrate_huge_page() (bnc#947957, VM Functionality).

- hwpoison, hugetlb: lock_page/unlock_page does not match for handling a

free hugepage (bnc#947957, VM Functionality).

- IB/iser: Add Discovery support (bsc#923002).

- IB/iser: Move informational messages from error to info level

(bsc#923002).

- IB/srp: Avoid skipping srp_reset_host() after a transport error

(bsc#904965).

- IB/srp: Fix a sporadic crash triggered by cable pulling (bsc#904965).

- inotify: Fix nested sleeps in inotify_read() (bsc#940925).

- ipv6: fix tunnel error handling (bsc#952579).

- ipv6: probe routes asynchronous in rt6_probe (bsc#936118).

- ipvs: drop first packet to dead server (bsc#946078).

- ipvs: Fix reuse connection if real server is dead (bnc#945827).

- kabi: patches.fixes/mm-make-page-pfmemalloc-check-more-robust.patch

(bnc#920016).

- KEYS: Fix race between key destruction and finding a keyring by name

(bsc#951440).

- ktime: add ktime_after and ktime_before helpe (bsc#904348).

- libiscsi: Exporting new attrs for iscsi session and connection in sysfs

(bsc#923002).

- lib/string.c: introduce memchr_inv() (bnc#930788).

- macvlan: Support bonding events bsc#948521

- Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309).

- memory-failure: do code refactor of soft_offline_page() (bnc#947957, VM

Functionality).

- memory-failure: fix an error of mce_bad_pages statistics (bnc#947957, VM

Functionality).

- memory-failure: use num_poisoned_pages instead of mce_bad_pages

(bnc#947957, VM Functionality).

- memory-hotplug: update mce_bad_pages when removing the memory

(bnc#947957, VM Functionality).

- mm: exclude reserved pages from dirtyable memory 32b fix (bnc#940017,

bnc#949298).

- mm: make page pfmemalloc check more robust (bnc#920016).

- mm/memory-failure.c: fix wrong num_poisoned_pages in handling memory

error on thp (bnc#947957, VM Functionality).

- mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate

successfully (bnc#947957, VM Functionality).

- mm/migrate.c: pair unlock_page() and lock_page() when migrating huge

pages (bnc#947957, VM Functionality).

- Modified -rt patches: 344 of 435, useless noise elided.

- Moved iscsi kabi patch to patches.kabi (bsc#923002)

- netfilter: nf_conntrack_proto_sctp: minimal multihoming support

(bsc#932350).

- PCI: Add dev_flags bit to access VPD through function 0 (bnc#943786).

- pci: Add flag indicating device has been assigned by KVM (bnc#777565

FATE#313819).

- PCI: Add VPD function 0 quirk for Intel Ethernet devices (bnc#943786).

- PCI: Clear NumVFs when disabling SR-IOV in sriov_init() (bnc#952084).

- PCI: delay configuration of SRIOV capability (bnc#952084).

- PCI: Refresh First VF Offset and VF Stride when up[censored] NumVFs

(bnc#952084).

- PCI: set pci sriov page size before reading SRIOV BAR (bnc#952084).

- PCI: Update NumVFs register when disabling SR-IOV (bnc#952084).

- pktgen: clean up ktime_t helpers (bsc#904348).

- qla2xxx: do not clear slot in outstanding cmd array (bsc#944993).

- qla2xxx: Do not reset adapter if SRB handle is in range (bsc#944993).

- qla2xxx: Remove decrement of sp reference count in abort handler

(bsc#944993).

- r8169: remember WOL preferences on driver load (bsc#942305).

- rcu: Eliminate deadlock between CPU hotplug and expedited grace periods

(bsc#949706).

- Refresh patches.xen/1282-usbback-limit-copying.patch (bsc#941202).

- Rename kabi patch appropriately (bsc#923002)

- rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds

(bsc#930145).

- sched/core: Fix task and run queue sched_info::run_delay inconsistencies

(bnc#949100).

- scsi: fix scsi_error_handler vs. scsi_host_dev_release race (bnc#942204).

- SCSI: hosts: update to use ida_simple for host_no (bsc#939926)

- SCSI: kabi: allow iscsi disocvery session support (bsc#923002).

- scsi_transport_iscsi: Exporting new attrs for iscsi session and

connection in sysfs (bsc#923002).

- sg: fix read() error reporting (bsc#926774).

- Update patches.fixes/fanotify-fix-deadlock-during-thread-exit.patch

(bsc#935053, bsc#926709). Add bug reference.

- usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers

(bnc#944989).

- USB: xhci: do not start a halted endpoint before its new dequeue is set

(bnc#933721).

- usb: xhci: handle Config Error Change (CEC) in xhci driver (bnc#933721).

- usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb

(bnc#933721).

- USB: xhci: Reset a halted endpoint immediately when we encounter a stall

(bnc#933721).

- x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330).

- x86: mm: only do a local tlb flush in ptep_set_access_flags()

(bsc#948330).

- x86/tsc: Change Fast TSC calibration failed from error to info

(bnc#942605).

- xfs: add background scanning to clear eofblocks inodes (bnc#930788).

- xfs: add EOFBLOCKS inode tagging/untagging (bnc#930788).

- xfs: add inode id filtering to eofblocks scan (bnc#930788).

- xfs: add minimum file size filtering to eofblocks scan (bnc#930788).

- xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bnc#930788).

- xfs: create function to scan and clear EOFBLOCKS inodes (bnc#930788).

- xfs: create helper to check whether to free eofblocks on inode

(bnc#930788).

- xfs: Fix lost direct IO write in the last block (bsc#949744).

- xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347).

- xfs: introduce a common helper xfs_icluster_size_fsb (bsc#932805).

- xfs: make xfs_free_eofblocks() non-static, return EAGAIN on trylock

failure (bnc#930788).

- xfs: support a tag-based inode_ag_iterator (bnc#930788).

- xfs: support multiple inode id filtering in eofblocks scan (bnc#930788).

- xfs: use xfs_icluster_size_fsb in xfs_bulkstat (bsc#932805).

- xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init (bsc#932805).

- xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster (bsc#932805).

- xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805).

- xhci: Add spurious wakeup quirk for LynxPoint-LP controllers

(bnc#949981).

- xhci: Allocate correct amount of scratchpad buffers (bnc#933721).

- xhci: Calculate old endpoints correctly on device reset (bnc#944831).

- xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949502).

- xhci: Do not enable/disable RWE on bus suspend/resume (bnc#933721).

- xhci: do not report PLC when link is in internal resume state

(bnc#933721).

- xhci: fix isoc endpoint dequeue from advancing too far on transaction

error (bnc#944837).

- xhci: fix reporting of 0-sized URBs in control endpoint (bnc#933721).

- xhci: For streams the css flag most be read from the stream-ctx on ep

stop (bnc#945691).

- xhci: report U3 when link is in resume state (bnc#933721).

- xhci: rework cycle bit checking for new dequeue pointers (bnc#933721).

- xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256

(bnc#933721).

- xhci: Treat not finding the event_seg on COMP_STOP the same as

COMP_STOP_INVAL (bnc#933721).

- XHCI: use uninterruptible sleep for waiting for internal operations

(bnc#939955).

- xhci: Workaround for PME stuck issues in Intel xhci (bnc#933721).

 

 

Patch Instructions:

 

To install this SUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- SUSE Linux Enterprise Real Time Extension 11-SP3:

 

zypper in -t patch slertesp3-kernel-rt-20151204-12390=1

 

- SUSE Linux Enterprise Debuginfo 11-SP3:

 

zypper in -t patch dbgsp3-kernel-rt-20151204-12390=1

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- SUSE Linux Enterprise Real Time Extension 11-SP3 (x86_64):

 

kernel-rt-3.0.101.rt130-0.33.44.2

kernel-rt-base-3.0.101.rt130-0.33.44.2

kernel-rt-devel-3.0.101.rt130-0.33.44.2

kernel-rt_trace-3.0.101.rt130-0.33.44.2

kernel-rt_trace-base-3.0.101.rt130-0.33.44.2

kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2

kernel-source-rt-3.0.101.rt130-0.33.44.2

kernel-syms-rt-3.0.101.rt130-0.33.44.1

 

- SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64):

 

kernel-rt-debuginfo-3.0.101.rt130-0.33.44.2

kernel-rt-debugsource-3.0.101.rt130-0.33.44.2

kernel-rt_trace-debuginfo-3.0.101.rt130-0.33.44.2

kernel-rt_trace-debugsource-3.0.101.rt130-0.33.44.2

 

 

References:

 

https://www.suse.com/security/cve/CVE-2015-0272.html

https://www.suse.com/security/cve/CVE-2015-5157.html

https://www.suse.com/security/cve/CVE-2015-5307.html

https://www.suse.com/security/cve/CVE-2015-6252.html

https://www.suse.com/security/cve/CVE-2015-6937.html

https://www.suse.com/security/cve/CVE-2015-7872.html

https://www.suse.com/security/cve/CVE-2015-7990.html

https://www.suse.com/security/cve/CVE-2015-8104.html

https://www.suse.com/security/cve/CVE-2015-8215.html

https://bugzilla.suse.com/777565

https://bugzilla.suse.com/814440

https://bugzilla.suse.com/900610

https://bugzilla.suse.com/904348

https://bugzilla.suse.com/904965

https://bugzilla.suse.com/920016

https://bugzilla.suse.com/923002

https://bugzilla.suse.com/926007

https://bugzilla.suse.com/926709

https://bugzilla.suse.com/926774

https://bugzilla.suse.com/930145

https://bugzilla.suse.com/930788

https://bugzilla.suse.com/932350

https://bugzilla.suse.com/932805

https://bugzilla.suse.com/933721

https://bugzilla.suse.com/935053

https://bugzilla.suse.com/935757

https://bugzilla.suse.com/936118

https://bugzilla.suse.com/937969

https://bugzilla.suse.com/937970

https://bugzilla.suse.com/938706

https://bugzilla.suse.com/939207

https://bugzilla.suse.com/939826

https://bugzilla.suse.com/939926

https://bugzilla.suse.com/939955

https://bugzilla.suse.com/940017

https://bugzilla.suse.com/940925

https://bugzilla.suse.com/941202

https://bugzilla.suse.com/942204

https://bugzilla.suse.com/942305

https://bugzilla.suse.com/942367

https://bugzilla.suse.com/942605

https://bugzilla.suse.com/942688

https://bugzilla.suse.com/942938

https://bugzilla.suse.com/943786

https://bugzilla.suse.com/944296

https://bugzilla.suse.com/944831

https://bugzilla.suse.com/944837

https://bugzilla.suse.com/944989

https://bugzilla.suse.com/944993

https://bugzilla.suse.com/945691

https://bugzilla.suse.com/945825

https://bugzilla.suse.com/945827

https://bugzilla.suse.com/946078

https://bugzilla.suse.com/946309

https://bugzilla.suse.com/947957

https://bugzilla.suse.com/948330

https://bugzilla.suse.com/948347

https://bugzilla.suse.com/948521

https://bugzilla.suse.com/949100

https://bugzilla.suse.com/949298

https://bugzilla.suse.com/949502

https://bugzilla.suse.com/949706

https://bugzilla.suse.com/949744

https://bugzilla.suse.com/949981

https://bugzilla.suse.com/951440

https://bugzilla.suse.com/952084

https://bugzilla.suse.com/952384

https://bugzilla.suse.com/952579

https://bugzilla.suse.com/953527

https://bugzilla.suse.com/953980

https://bugzilla.suse.com/954404

https://bugzilla.suse.com/955354

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×