Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[security-announce] openSUSE-SU-2016:1641-1: important: Security update for the Linux Kernel

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

openSUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

 

Announcement ID: openSUSE-SU-2016:1641-1

Rating: important

References: #945345 #955654 #963762 #966245 #966849 #970506

#971126 #971799 #973570 #974308 #975945 #977198

#978073 #978401 #978821 #978822 #979018 #979213

#979278 #979548 #979728 #979867 #979879 #979913

#980348 #980371 #980657 #981058 #981267 #981344

#982238 #982239 #982712 #983143 #983213 #984460

 

Cross-References: CVE-2013-7446 CVE-2016-0758 CVE-2016-1583

CVE-2016-2053 CVE-2016-3134 CVE-2016-3672

CVE-2016-3955 CVE-2016-4482 CVE-2016-4485

CVE-2016-4486 CVE-2016-4557 CVE-2016-4565

CVE-2016-4569 CVE-2016-4578 CVE-2016-4580

CVE-2016-4581 CVE-2016-4805 CVE-2016-4951

CVE-2016-5244

Affected Products:

openSUSE Leap 42.1

______________________________________________________________________________

 

An update that solves 19 vulnerabilities and has 17 fixes

is now available.

 

Description:

 

 

The openSUSE Leap 42.1 kernel was updated to 4.1.26 to receive various

security and bugfixes.

 

The following security bugs were fixed:

- CVE-2016-1583: Prevent the usage of mmap when the lower file system does

not allow it. This could have lead to local privilege escalation when

ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid

(bsc#983143).

- CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel

incorrectly relies on the write system call, which allows local users to

cause a denial of service (kernel memory write operation) or possibly

have unspecified other impact via a uAPI interface. (bsc#979548)

- CVE-2016-4805: Use-after-free vulnerability in

drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to

cause a denial of service (memory corruption and system crash,

or spinlock) or possibly have unspecified other impact by removing a

network namespace, related to the ppp_register_net_channel and

ppp_unregister_channel functions. (bsc#980371).

- CVE-2016-4951: The tipc_nl_publ_dump function in net/tipc/socket.c in

the Linux kernel did not verify socket existence, which allowed local

users to cause a denial of service (NULL pointer dereference and system

crash) or possibly have unspecified other impact via a dumpit

operation. (bsc#981058).

- CVE-2016-5244: An information leak vulnerability in function

rds_inc_info_copy of file net/rds/recv.c was fixed that might have

leaked kernel stack data. (bsc#983213).

- CVE-2016-4580: The x25_negotiate_facilities function in

net/x25/x25_facilities.c in the Linux kernel did not properly initialize

a certain data structure, which allowed attackers to

obtain sensitive information from kernel stack memory via an X.25 Call

Request. (bsc#981267).

- CVE-2016-0758: Tags with indefinite length could have corrupted pointers

in asn1_find_indefinite_length (bsc#979867).

- CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in

the Linux kernel allowed attackers to cause a denial of service (panic)

via an ASN.1 BER file that lacks a public key, leading to mishandling by

the public_key_verify_signature function in

crypto/asymmetric_keys/public_key.c (bnc#963762).

- CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the

Linux kernel allowed local users to bypass intended AF_UNIX socket

permissions or cause a denial of service (panic) via crafted epoll_ctl

calls (bnc#955654).

- CVE-2016-3134: The netfilter subsystem in the Linux kernel did not

validate certain offset fields, which allowed local users to gain

privileges or cause a denial of service (heap memory corruption) via an

IPT_SO_SET_REPLACE setsockopt call (bnc#971126).

- CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c

in the Linux kernel did not properly randomize the legacy base address,

which made it easier for local users to defeat the intended restrictions

on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism

for a setuid or setgid program, by disabling stack-consumption resource

limits (bnc#974308).

- CVE-2016-4482: A kernel information leak in the usbfs devio connectinfo

was fixed, which could expose kernel stack memory to userspace.

(bnc#978401).

- CVE-2016-4485: A kernel information leak in llc was fixed (bsc#978821).

- CVE-2016-4486: A kernel information leak in rtnetlink was fixed, where 4

uninitialized bytes could leak to userspace (bsc#978822).

- CVE-2016-4557: A use-after-free via double-fdput in

replace_map_fd_with_map_ptr() was fixed, which could allow privilege

escalation (bsc#979018).

- CVE-2016-4565: When the "rdma_ucm" infiniband module is loaded, local

attackers could escalate their privileges (bsc#979548).

- CVE-2016-4569: A kernel information leak in the ALSA timer via events

via snd_timer_user_tinterrupt that could leak information to userspace

was fixed (bsc#979213).

- CVE-2016-4578: A kernel information leak in the ALSA timer via events

that could leak information to userspace was fixed (bsc#979879).

- CVE-2016-4581: If the first propogated mount copy was being a slave it

could oops the kernel (bsc#979913)

 

The following non-security bugs were fixed:

- ALSA: hda - Add dock support for ThinkPad X260 (boo#979278).

- ALSA: hda - Apply fix for white noise on Asus N550JV, too (boo#979278).

- ALSA: hda - Asus N750JV external subwoofer fixup (boo#979278).

- ALSA: hda - Fix broken reconfig (boo#979278).

- ALSA: hda - Fix headphone mic input on a few Dell ALC293 machines

(boo#979278).

- ALSA: hda - Fix subwoofer pin on ASUS N751 and N551 (boo#979278).

- ALSA: hda - Fix white noise on Asus N750JV headphone (boo#979278).

- ALSA: hda - Fix white noise on Asus UX501VW headset (boo#979278).

- ALSA: hda/realtek - Add ALC3234 headset mode for Optiplex 9020m

(boo#979278).

- ALSA: hda/realtek - New codecs support for ALC234/ALC274/ALC294

(boo#979278).

- ALSA: hda/realtek - New codec support of ALC225 (boo#979278).

- ALSA: hda/realtek - Support headset mode for ALC225 (boo#979278).

- ALSA: pcxhr: Fix missing mutex unlock (boo#979278).

- ALSA: usb-audio: Quirk for yet another Phoenix Audio devices (v2)

(boo#979278).

- bluetooth: fix power_on vs close race (bsc#966849).

- bluetooth: vhci: fix open_timeout vs. hdev race (bsc#971799,bsc#966849).

- bluetooth: vhci: Fix race at creating hci device (bsc#971799,bsc#966849).

- bluetooth: vhci: purge unhandled skbs (bsc#971799,bsc#966849).

- btrfs: do not use src fd for printk (bsc#980348).

- btrfs: fix crash/invalid memory access on fsync when using overlayfs

(bsc#977198)

- drm: qxl: Workaround for buggy user-space (bsc#981344).

- enic: set netdev->vlan_features (bsc#966245).

- fs: add file_dentry() (bsc#977198).

- IB/IPoIB: Do not set skb truesize since using one linearskb (bsc#980657).

- input: i8042 - lower log level for "no controller" message (bsc#945345).

- kabi: Add kabi/severities entries to ignore sound/hda/*, x509_*,

efivar_validate, file_open_root and dax_fault

- kabi: Add some fixups (module, pci_dev, drm, fuse and thermal)

- kabi: file_dentry changes (bsc#977198).

- kABI fixes for 4.1.22

- mm/page_alloc.c: calculate 'available' memory in a separate function

(bsc#982239).

- net: disable fragment reassembly if high_thresh is zero (bsc#970506).

- of: iommu: Silence misleading warning.

- pstore_register() error handling was wrong -- it tried to release lock

before it's acquired, causing spinlock / preemption imbalance. - usb:

quirk to stop runtime PM for Intel 7260 (bnc#984460).

- Revert "usb: hub: do not clear BOS field during reset device"

(boo#979728).

- usb: core: hub: hub_port_init lock controller instead of bus

(bnc#978073).

- usb: preserve kABI in address0 locking (bnc#978073).

- usb: usbip: fix potential out-of-bounds write (bnc#975945).

- USB: xhci: Add broken streams quirk for Frescologic device id 1009

(bnc#982712).

- virtio_balloon: do not change memory amount visible via /proc/meminfo

(bsc#982238).

- virtio_balloon: export 'available' memory to balloon statistics

(bsc#982239).

 

 

Patch Instructions:

 

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- openSUSE Leap 42.1:

 

zypper in -t patch openSUSE-2016-753=1

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- openSUSE Leap 42.1 (i686 x86_64):

 

kernel-debug-4.1.26-21.1

kernel-debug-base-4.1.26-21.1

kernel-debug-base-debuginfo-4.1.26-21.1

kernel-debug-debuginfo-4.1.26-21.1

kernel-debug-debugsource-4.1.26-21.1

kernel-debug-devel-4.1.26-21.1

kernel-debug-devel-debuginfo-4.1.26-21.1

kernel-ec2-4.1.26-21.1

kernel-ec2-base-4.1.26-21.1

kernel-ec2-base-debuginfo-4.1.26-21.1

kernel-ec2-debuginfo-4.1.26-21.1

kernel-ec2-debugsource-4.1.26-21.1

kernel-ec2-devel-4.1.26-21.1

kernel-pv-4.1.26-21.1

kernel-pv-base-4.1.26-21.1

kernel-pv-base-debuginfo-4.1.26-21.1

kernel-pv-debuginfo-4.1.26-21.1

kernel-pv-debugsource-4.1.26-21.1

kernel-pv-devel-4.1.26-21.1

kernel-vanilla-4.1.26-21.1

kernel-vanilla-debuginfo-4.1.26-21.1

kernel-vanilla-debugsource-4.1.26-21.1

kernel-vanilla-devel-4.1.26-21.1

kernel-xen-4.1.26-21.1

kernel-xen-base-4.1.26-21.1

kernel-xen-base-debuginfo-4.1.26-21.1

kernel-xen-debuginfo-4.1.26-21.1

kernel-xen-debugsource-4.1.26-21.1

kernel-xen-devel-4.1.26-21.1

 

- openSUSE Leap 42.1 (i586 x86_64):

 

kernel-default-4.1.26-21.1

kernel-default-base-4.1.26-21.1

kernel-default-base-debuginfo-4.1.26-21.1

kernel-default-debuginfo-4.1.26-21.1

kernel-default-debugsource-4.1.26-21.1

kernel-default-devel-4.1.26-21.1

kernel-obs-build-4.1.26-21.1

kernel-obs-build-debugsource-4.1.26-21.1

kernel-obs-qa-4.1.26-21.1

kernel-obs-qa-xen-4.1.26-21.1

kernel-syms-4.1.26-21.1

 

- openSUSE Leap 42.1 (noarch):

 

kernel-devel-4.1.26-21.1

kernel-docs-4.1.26-21.2

kernel-docs-html-4.1.26-21.2

kernel-docs-pdf-4.1.26-21.2

kernel-macros-4.1.26-21.1

kernel-source-4.1.26-21.1

kernel-source-vanilla-4.1.26-21.1

 

- openSUSE Leap 42.1 (i686):

 

kernel-pae-4.1.26-21.1

kernel-pae-base-4.1.26-21.1

kernel-pae-base-debuginfo-4.1.26-21.1

kernel-pae-debuginfo-4.1.26-21.1

kernel-pae-debugsource-4.1.26-21.1

kernel-pae-devel-4.1.26-21.1

 

 

References:

 

https://www.suse.com/security/cve/CVE-2013-7446.html

https://www.suse.com/security/cve/CVE-2016-0758.html

https://www.suse.com/security/cve/CVE-2016-1583.html

https://www.suse.com/security/cve/CVE-2016-2053.html

https://www.suse.com/security/cve/CVE-2016-3134.html

https://www.suse.com/security/cve/CVE-2016-3672.html

https://www.suse.com/security/cve/CVE-2016-3955.html

https://www.suse.com/security/cve/CVE-2016-4482.html

https://www.suse.com/security/cve/CVE-2016-4485.html

https://www.suse.com/security/cve/CVE-2016-4486.html

https://www.suse.com/security/cve/CVE-2016-4557.html

https://www.suse.com/security/cve/CVE-2016-4565.html

https://www.suse.com/security/cve/CVE-2016-4569.html

https://www.suse.com/security/cve/CVE-2016-4578.html

https://www.suse.com/security/cve/CVE-2016-4580.html

https://www.suse.com/security/cve/CVE-2016-4581.html

https://www.suse.com/security/cve/CVE-2016-4805.html

https://www.suse.com/security/cve/CVE-2016-4951.html

https://www.suse.com/security/cve/CVE-2016-5244.html

https://bugzilla.suse.com/945345

https://bugzilla.suse.com/955654

https://bugzilla.suse.com/963762

https://bugzilla.suse.com/966245

https://bugzilla.suse.com/966849

https://bugzilla.suse.com/970506

https://bugzilla.suse.com/971126

https://bugzilla.suse.com/971799

https://bugzilla.suse.com/973570

https://bugzilla.suse.com/974308

https://bugzilla.suse.com/975945

https://bugzilla.suse.com/977198

https://bugzilla.suse.com/978073

https://bugzilla.suse.com/978401

https://bugzilla.suse.com/978821

https://bugzilla.suse.com/978822

https://bugzilla.suse.com/979018

https://bugzilla.suse.com/979213

https://bugzilla.suse.com/979278

https://bugzilla.suse.com/979548

https://bugzilla.suse.com/979728

https://bugzilla.suse.com/979867

https://bugzilla.suse.com/979879

https://bugzilla.suse.com/979913

https://bugzilla.suse.com/980348

https://bugzilla.suse.com/980371

https://bugzilla.suse.com/980657

https://bugzilla.suse.com/981058

https://bugzilla.suse.com/981267

https://bugzilla.suse.com/981344

https://bugzilla.suse.com/982238

https://bugzilla.suse.com/982239

https://bugzilla.suse.com/982712

https://bugzilla.suse.com/983143

https://bugzilla.suse.com/983213

https://bugzilla.suse.com/984460

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×