[security-announce] openSUSE-SU-2016:2290-1: important: Security update for the Linux Kernel

news · September 12, 2016

openSUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID: openSUSE-SU-2016:2290-1

Rating: important

References: #963931 #970948 #971126 #971360 #974266 #978821

#978822 #979018 #979213 #979879 #980371 #981058

#981267 #986362 #986365 #986570 #987886 #989084

#989152 #989176 #990058 #991110 #991608 #991665

#994296 #994520

Cross-References: CVE-2015-8787 CVE-2016-1237 CVE-2016-2847

CVE-2016-3134 CVE-2016-3156 CVE-2016-4485

CVE-2016-4486 CVE-2016-4557 CVE-2016-4569

CVE-2016-4578 CVE-2016-4580 CVE-2016-4805

CVE-2016-4951 CVE-2016-4998 CVE-2016-5696

CVE-2016-6480 CVE-2016-6828

Affected Products:

openSUSE Leap 42.1

______________________________________________________________________________

An update that solves 17 vulnerabilities and has 9 fixes is

now available.

Description:

The openSUSE Leap 42.1 kernel was updated to 4.1.31 to receive various

security and bugfixes.

The following security bugs were fixed:

- CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of

unread data in pipes, which allowed local users to cause a denial of

service (memory consumption) by creating many pipes with non-default

sizes (bnc#970948).

- CVE-2016-3134: The netfilter subsystem in the Linux kernel did not

validate certain offset fields, which allowed local users to gain

privileges or cause a denial of service (heap memory corruption) via an

IPT_SO_SET_REPLACE setsockopt call (bnc#971126).

- CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandled

destruction of device objects, which allowed guest OS users to cause a

denial of service (host OS networking outage) by arranging for a large

number of IP addresses (bnc#971360).

- CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the

Linux kernel did not initialize a certain data structure, which allowed

attackers to obtain sensitive information from kernel stack memory by

reading a message (bnc#978821).

- CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c

in the Linux kernel did not initialize a certain data structure, which

allowed local users to obtain sensitive information from kernel stack

memory by reading a Netlink message (bnc#978822).

- CVE-2016-4557: The replace_map_fd_with_map_ptr function in

kernel/bpf/verifier.c in the Linux kernel did not properly maintain an

fd data structure, which allowed local users to gain privileges or cause

a denial of service (use-after-free) via crafted BPF instructions that

reference an incorrect file descriptor (bnc#979018).

- CVE-2016-4580: The x25_negotiate_facilities function in

net/x25/x25_facilities.c in the Linux kernel did not properly initialize

a certain data structure, which allowed attackers to obtain sensitive

information from kernel stack memory via an X.25 Call Request

(bnc#981267).

- CVE-2016-4805: Use-after-free vulnerability in

drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to

cause a denial of service (memory corruption and system crash, or

spinlock) or possibly have unspecified other impact by removing a

network namespace, related to the ppp_register_net_channel and

ppp_unregister_channel functions (bnc#980371).

- CVE-2016-4951: The tipc_nl_publ_dump function in net/tipc/socket.c in

the Linux kernel did not verify socket existence, which allowed local

users to cause a denial of service (NULL pointer dereference and system

crash) or possibly have unspecified other impact via a dumpit operation

(bnc#981058).

- CVE-2015-8787: The nf_nat_redirect_ipv4 function in

net/netfilter/nf_nat_redirect.c in the Linux kernel allowed remote

attackers to cause a denial of service (NULL pointer dereference and

system crash) or possibly have unspecified other impact by sending

certain IPv4 packets to an incompletely configured interface, a related

issue to CVE-2003-1604 (bnc#963931).

- CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c

in the Linux kernel did not initialize a certain data structure, which

allowed local users to obtain sensitive information from kernel stack

memory via crafted use of the ALSA timer interface (bnc#979213).

- CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize

certain r1 data structures, which allowed local users to obtain

sensitive information from kernel stack memory via crafted use of the

ALSA timer interface, related to the (1) snd_timer_user_ccallback and

(2) snd_timer_user_tinterrupt functions (bnc#979879).

- CVE-2016-6828: A use after free in tcp_xmit_retransmit_queue() was fixed

that could be used by local attackers to crash the kernel (bsc#994296).

- CVE-2016-6480: Race condition in the ioctl_send_fib function in

drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users

to cause a denial of service (out-of-bounds access or system crash) by

changing a certain size value, aka a "double fetch" vulnerability

(bnc#991608).

- CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the

netfilter subsystem in the Linux kernel allowed local users to cause a

denial of service (out-of-bounds read) or possibly obtain sensitive

information from kernel heap memory by leveraging in-container root

access to provide a crafted offset value that leads to crossing a

ruleset blob boundary (bnc#986362 986365 990058).

- CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly

determine the rate of challenge ACK segments, which made it easier for

man-in-the-middle attackers to hijack TCP sessions via a blind in-window

attack (bnc#989152).

- CVE-2016-1237: nfsd in the Linux kernel allowed local users to bypass

intended file-permission restrictions by setting a POSIX ACL, related to

nfs2acl.c, nfs3acl.c, and nfs4acl.c (bnc#986570).

The following non-security bugs were fixed:

- AF_VSOCK: Shrink the area influenced by prepare_to_wait (bsc#994520).

- KVM: arm/arm64: Handle forward time correction gracefully (bnc#974266).

- Linux 4.1.29. Refreshed patch: patches.xen/xen3-fixup-xen Deleted

patches:

patches.fixes/0001-Revert-ecryptfs-forbid-opening-files-without-mmap-ha.pat

ch

patches.fixes/0001-ecryptfs-don-t-allow-mmap-when-the-lower-file-system.pat

ch patches.rpmify/Revert-mm-swap.c-flush-lru-pvecs-on-compound-page-ar

patches.rpmify/Revert-powerpc-Update-TM-user-feature-bits-in-scan_f

- Revert "mm/swap.c: flush lru pvecs on compound page arrival"

(boo#989084).

- Revert "powerpc: Update TM user feature bits in scan_features()". Fix

the build error of 4.1.28 on ppc.

- Revive i8042_check_power_owner() for 4.1.31 kabi fix.

- USB: OHCI: Do not mark EDs as ED_OPER if scheduling fails (bnc#987886).

- USB: validate wMaxPacketValue entries in endpoint descriptors

(bnc#991665).

- Update patches.fixes/0002-nfsd-check-permissions-when-setting-ACLs.patch

(bsc#986570 CVE-2016-1237).

- Update patches.fixes/0001-posix_acl-Add-set_posix_acl.patch (bsc#986570

CVE-2016-1237).

- netfilter: x_tables: fix 4.1 stable backport (bsc#989176).

- nfsd: check permissions when setting ACLs (bsc#986570).

- posix_acl: Add set_posix_acl (bsc#986570).

- ppp: defer netns reference release for ppp channel (bsc#980371).

- series.conf: Move a kABI patch to its own section

- supported.conf: enable i2c-designware driver (bsc#991110)

- tcp: enable per-socket rate limiting of all "challenge acks"

(bsc#989152).

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2016-1076=1

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE Leap 42.1 (i586 x86_64):

hdjmod-debugsource-1.28-24.1

hdjmod-kmp-default-1.28_k4.1.31_30-24.1

hdjmod-kmp-default-debuginfo-1.28_k4.1.31_30-24.1

hdjmod-kmp-pv-1.28_k4.1.31_30-24.1

hdjmod-kmp-pv-debuginfo-1.28_k4.1.31_30-24.1

hdjmod-kmp-xen-1.28_k4.1.31_30-24.1

hdjmod-kmp-xen-debuginfo-1.28_k4.1.31_30-24.1

ipset-6.25.1-5.1

ipset-debuginfo-6.25.1-5.1

ipset-debugsource-6.25.1-5.1

ipset-devel-6.25.1-5.1

ipset-kmp-default-6.25.1_k4.1.31_30-5.1

ipset-kmp-default-debuginfo-6.25.1_k4.1.31_30-5.1

ipset-kmp-pv-6.25.1_k4.1.31_30-5.1

ipset-kmp-pv-debuginfo-6.25.1_k4.1.31_30-5.1

ipset-kmp-xen-6.25.1_k4.1.31_30-5.1

ipset-kmp-xen-debuginfo-6.25.1_k4.1.31_30-5.1

kernel-default-4.1.31-30.2

kernel-default-base-4.1.31-30.2

kernel-default-base-debuginfo-4.1.31-30.2

kernel-default-debuginfo-4.1.31-30.2

kernel-default-debugsource-4.1.31-30.2

kernel-default-devel-4.1.31-30.2

kernel-obs-build-4.1.31-30.3

kernel-obs-build-debugsource-4.1.31-30.3

kernel-obs-qa-4.1.31-30.1

kernel-obs-qa-xen-4.1.31-30.1

kernel-syms-4.1.31-30.1

libipset3-6.25.1-5.1

libipset3-debuginfo-6.25.1-5.1

pcfclock-0.44-266.1

pcfclock-debuginfo-0.44-266.1

pcfclock-debugsource-0.44-266.1

pcfclock-kmp-default-0.44_k4.1.31_30-266.1

pcfclock-kmp-default-debuginfo-0.44_k4.1.31_30-266.1

pcfclock-kmp-pv-0.44_k4.1.31_30-266.1

pcfclock-kmp-pv-debuginfo-0.44_k4.1.31_30-266.1

vhba-kmp-debugsource-20140928-5.1

vhba-kmp-default-20140928_k4.1.31_30-5.1

vhba-kmp-default-debuginfo-20140928_k4.1.31_30-5.1

vhba-kmp-pv-20140928_k4.1.31_30-5.1

vhba-kmp-pv-debuginfo-20140928_k4.1.31_30-5.1

vhba-kmp-xen-20140928_k4.1.31_30-5.1

vhba-kmp-xen-debuginfo-20140928_k4.1.31_30-5.1

- openSUSE Leap 42.1 (i686 x86_64):

kernel-debug-4.1.31-30.2

kernel-debug-base-4.1.31-30.2

kernel-debug-base-debuginfo-4.1.31-30.2

kernel-debug-debuginfo-4.1.31-30.2

kernel-debug-debugsource-4.1.31-30.2

kernel-debug-devel-4.1.31-30.2

kernel-debug-devel-debuginfo-4.1.31-30.2

kernel-ec2-4.1.31-30.2

kernel-ec2-base-4.1.31-30.2

kernel-ec2-base-debuginfo-4.1.31-30.2

kernel-ec2-debuginfo-4.1.31-30.2

kernel-ec2-debugsource-4.1.31-30.2

kernel-ec2-devel-4.1.31-30.2

kernel-pv-4.1.31-30.2

kernel-pv-base-4.1.31-30.2

kernel-pv-base-debuginfo-4.1.31-30.2

kernel-pv-debuginfo-4.1.31-30.2

kernel-pv-debugsource-4.1.31-30.2

kernel-pv-devel-4.1.31-30.2

kernel-vanilla-4.1.31-30.2

kernel-vanilla-debuginfo-4.1.31-30.2

kernel-vanilla-debugsource-4.1.31-30.2

kernel-vanilla-devel-4.1.31-30.2

kernel-xen-4.1.31-30.2

kernel-xen-base-4.1.31-30.2

kernel-xen-base-debuginfo-4.1.31-30.2

kernel-xen-debuginfo-4.1.31-30.2

kernel-xen-debugsource-4.1.31-30.2

kernel-xen-devel-4.1.31-30.2

- openSUSE Leap 42.1 (x86_64):

drbd-8.4.6-8.1

drbd-debugsource-8.4.6-8.1

drbd-kmp-default-8.4.6_k4.1.31_30-8.1

drbd-kmp-default-debuginfo-8.4.6_k4.1.31_30-8.1

drbd-kmp-pv-8.4.6_k4.1.31_30-8.1

drbd-kmp-pv-debuginfo-8.4.6_k4.1.31_30-8.1

drbd-kmp-xen-8.4.6_k4.1.31_30-8.1

drbd-kmp-xen-debuginfo-8.4.6_k4.1.31_30-8.1

lttng-modules-2.7.0-2.1

lttng-modules-debugsource-2.7.0-2.1

lttng-modules-kmp-default-2.7.0_k4.1.31_30-2.1

lttng-modules-kmp-default-debuginfo-2.7.0_k4.1.31_30-2.1

lttng-modules-kmp-pv-2.7.0_k4.1.31_30-2.1

lttng-modules-kmp-pv-debuginfo-2.7.0_k4.1.31_30-2.1

- openSUSE Leap 42.1 (noarch):

kernel-devel-4.1.31-30.1

kernel-docs-4.1.31-30.3

kernel-docs-html-4.1.31-30.3

kernel-docs-pdf-4.1.31-30.3

kernel-macros-4.1.31-30.1

kernel-source-4.1.31-30.1

kernel-source-vanilla-4.1.31-30.1

- openSUSE Leap 42.1 (i686):

kernel-pae-4.1.31-30.2

kernel-pae-base-4.1.31-30.2

kernel-pae-base-debuginfo-4.1.31-30.2

kernel-pae-debuginfo-4.1.31-30.2

kernel-pae-debugsource-4.1.31-30.2

kernel-pae-devel-4.1.31-30.2

- openSUSE Leap 42.1 (i586):

hdjmod-kmp-pae-1.28_k4.1.31_30-24.1

hdjmod-kmp-pae-debuginfo-1.28_k4.1.31_30-24.1

ipset-kmp-pae-6.25.1_k4.1.31_30-5.1

ipset-kmp-pae-debuginfo-6.25.1_k4.1.31_30-5.1

pcfclock-kmp-pae-0.44_k4.1.31_30-266.1

pcfclock-kmp-pae-debuginfo-0.44_k4.1.31_30-266.1

vhba-kmp-pae-20140928_k4.1.31_30-5.1

vhba-kmp-pae-debuginfo-20140928_k4.1.31_30-5.1

References:

https://www.suse.com/security/cve/CVE-2015-8787.html

https://www.suse.com/security/cve/CVE-2016-1237.html

https://www.suse.com/security/cve/CVE-2016-2847.html

https://www.suse.com/security/cve/CVE-2016-3134.html

https://www.suse.com/security/cve/CVE-2016-3156.html

https://www.suse.com/security/cve/CVE-2016-4485.html

https://www.suse.com/security/cve/CVE-2016-4486.html

https://www.suse.com/security/cve/CVE-2016-4557.html

https://www.suse.com/security/cve/CVE-2016-4569.html

https://www.suse.com/security/cve/CVE-2016-4578.html

https://www.suse.com/security/cve/CVE-2016-4580.html

https://www.suse.com/security/cve/CVE-2016-4805.html

https://www.suse.com/security/cve/CVE-2016-4951.html

https://www.suse.com/security/cve/CVE-2016-4998.html

https://www.suse.com/security/cve/CVE-2016-5696.html

https://www.suse.com/security/cve/CVE-2016-6480.html

https://www.suse.com/security/cve/CVE-2016-6828.html

https://bugzilla.suse.com/963931

https://bugzilla.suse.com/970948

https://bugzilla.suse.com/971126

https://bugzilla.suse.com/971360

https://bugzilla.suse.com/974266

https://bugzilla.suse.com/978821

https://bugzilla.suse.com/978822

https://bugzilla.suse.com/979018

https://bugzilla.suse.com/979213

https://bugzilla.suse.com/979879

https://bugzilla.suse.com/980371

https://bugzilla.suse.com/981058

https://bugzilla.suse.com/981267

https://bugzilla.suse.com/986362

https://bugzilla.suse.com/986365

https://bugzilla.suse.com/986570

https://bugzilla.suse.com/987886

https://bugzilla.suse.com/989084

https://bugzilla.suse.com/989152

https://bugzilla.suse.com/989176

https://bugzilla.suse.com/990058

https://bugzilla.suse.com/991110

https://bugzilla.suse.com/991608

https://bugzilla.suse.com/991665

https://bugzilla.suse.com/994296

https://bugzilla.suse.com/994520

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

Sign In

[security-announce] openSUSE-SU-2016:2290-1: important: Security update for the Linux Kernel

Recommended Posts

news 28

Share this post

Link to post

Please sign in to comment

Browse

Activity