Security update for the Linux Kernel

SUSE Security Update: Security update for the Linux Kernel

---

Announcement ID:	SUSE-SU-2015:2194-1
Rating:	important
References:	#814440 #867595 #904348 #921949 #924493 #930145 #933514 #935961 #936076 #936773 #939826 #939926 #940853 #941202 #941867 #942938 #944749 #945626 #946078 #947241 #947321 #947478 #948521 #948685 #948831 #949100 #949463 #949504 #949706 #949744 #950013 #950750 #950862 #950998 #951110 #951165 #951199 #951440 #951546 #952666 #952758 #953796 #953980 #954635 #955148 #955224 #955422 #955533 #955644 #956047 #956053 #956703 #956711
Affected Products:	SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12

---

An update that solves 8 vulnerabilities and has 45 fixes is now available.

Description:

The SUSE Linux Enterprise 12 kernel was updated to 3.12.51 to receive
various security and bugfixes.

Following security bugs were fixed:
- CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the
Linux kernel did not ensure that certain slot numbers were valid, which
allowed local users to cause a denial of service (NULL pointer
dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call
(bnc#949936).
- CVE-2015-5283: The sctp_init function in net/sctp/protocol.c in the
Linux kernel had an incorrect sequence of protocol-initialization steps,
which allowed local users to cause a denial of service (panic or memory
corruption) by creating SCTP sockets before all of the steps have
finished (bnc#947155).
- CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux
kernel did not properly handle rename actions inside a bind mount, which
allowed local users to bypass an intended container protection mechanism
by renaming a directory, related to a "double-chroot attack (bnc#926238).
- CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS
users to cause a denial of service (host OS panic or hang) by triggering
many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).
- CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS
users to cause a denial of service (host OS panic or hang) by triggering
many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c
(bnc#953527).
- CVE-2015-7990: RDS: There was no verification that an underlying
transport exists when creating a connection, causing usage of a NULL
pointer (bsc#952384).
- CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in
the Linux kernel allowed local users to cause a denial of service (OOPS)
via crafted keyctl commands (bnc#951440).
- CVE-2015-0272: Missing checks allowed remote attackers to cause a denial
of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6
Router Advertisement (RA) message, a different vulnerability than
CVE-2015-8215 (bnc#944296).

The following non-security bugs were fixed:
- ALSA: hda - Disable 64bit address for Creative HDA controllers
(bnc#814440).
- Add PCI IDs of Intel Sunrise Point-H SATA Controller S232/236
(bsc#953796).
- Btrfs: fix file corruption and data loss after cloning inline extents
(bnc#956053).
- Btrfs: fix truncation of compressed and inlined extents (bnc#956053).
- Disable some ppc64le netfilter modules to restore the kabi (bsc#951546)
- Fix regression in NFSRDMA server (bsc#951110).
- KEYS: Fix race between key destruction and finding a keyring by name
(bsc#951440).
- KVM: x86: call irq notifiers with directed EOI (bsc#950862).
- NVMe: Add shutdown timeout as module parameter (bnc#936076).
- NVMe: Mismatched host/device page size support (bsc#935961).
- PCI: Drop "setting latency timer" messages (bsc#956047).
- SCSI: Fix hard lockup in scsi_remove_target() (bsc#944749).
- SCSI: hosts: update to use ida_simple for host_no (bsc#939926)
- SUNRPC: Fix oops when trace sunrpc_task events in nfs client
(bnc#956703).
- Sync ppc64le netfilter config options with other archs (bnc#951546)
- Update kabi files with sbc_parse_cdb symbol change (bsc#954635).
- apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another
task (bsc#921949).
- apparmor: temporary work around for bug while unloading policy
(boo#941867).
- audit: correctly record file names with different path name types
(bsc#950013).
- audit: create private file name copies when auditing inodes (bsc#950013).
- cpu: Defer smpboot kthread unparking until CPU known to scheduler
(bsc#936773).
- dlm: make posix locks interruptible, (bsc#947241).
- dm sysfs: introduce ability to add writable attributes (bsc#904348).
- dm-snap: avoid deadock on s->lock when a read is split (bsc#939826).
- dm: do not start current request if it would've merged with the previous
(bsc#904348).
- dm: impose configurable deadline for dm_request_fn's merge heuristic
(bsc#904348).
- dmapi: Fix xfs dmapi to not unlock and lock XFS_ILOCK_EXCL (bsc#949744).
- drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt,
v2 (bsc#942938).
- drm/i915: add hotplug activation period to hotplug update mask
(bsc#953980).
- fanotify: fix notification of groups with inode and mount marks
(bsc#955533).
- genirq: Make sure irq descriptors really exist when __irq_alloc_descs
returns (bsc#945626).
- hv: vss: run only on supported host versions (bnc#949504).
- ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224).
- ipv6: Check RTF_LOCAL on rt->rt6i_flags instead of rt->dst.flags
(bsc#947321).
- ipv6: Consider RTF_CACHE when searching the fib6 tree (bsc#947321).
- ipv6: Extend the route lookups to low priority metrics (bsc#947321).
- ipv6: Stop /128 route from disappearing after pmtu update (bsc#947321).
- ipv6: Stop rt6_info from using inet_peer's metrics (bsc#947321).
- ipv6: distinguish frag queues by device for multicast and link-local
packets (bsc#955422).
- ipvs: drop first packet to dead server (bsc#946078).
- kABI: protect struct ahci_host_priv.
- kABI: protect struct rt6_info changes from bsc#947321 changes
(bsc#947321).
- kabi: Hide rt6_* types from genksyms on ppc64le (bsc#951546).
- kabi: Restore kabi in struct iscsi_tpg_attrib (bsc#954635).
- kabi: Restore kabi in struct se_cmd (bsc#954635).
- kabi: Restore kabi in struct se_subsystem_api (bsc#954635).
- kabi: protect skb_copy_and_csum_datagram_iovec() signature (bsc#951199).
- kgr: fix migration of kthreads to the new universe.
- kgr: wake up kthreads periodically.
- ktime: add ktime_after and ktime_before helper (bsc#904348).
- macvlan: Support bonding events (bsc#948521).
- net: add length argument to skb_copy_and_csum_datagram_iovec
(bsc#951199).
- net: handle null iovec pointer in skb_copy_and_csum_datagram_iovec()
(bsc#951199).
- pci: Update VPD size with correct length (bsc#924493).
- rcu: Eliminate deadlock between CPU hotplug and expedited grace periods
(bsc#949706).
- ring-buffer: Always run per-cpu ring buffer resize with
schedule_work_on() (bnc#956711).
- route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224).
- rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds
(bsc#930145).
- rtc: cmos: Revert "rtc-cmos: Add an alarm disable quirk" (bsc#930145).
- sched/core: Fix task and run queue sched_info::run_delay inconsistencies
(bnc#949100).
- sunrpc/cache: make cache flushing more reliable (bsc#947478).
- supported.conf: Add missing dependencies of supported modules hwmon_vid
needed by nct6775 hwmon_vid needed by w83627ehf reed_solomon needed by
ramoops
- supported.conf: Fix dependencies on ppc64le of_mdio needed by mdio-gpio
- target/pr: fix core_scsi3_pr_seq_non_holder() caller (bnc#952666).
- target/rbd: fix COMPARE AND WRITE page vector leak (bnc#948831).
- target/rbd: fix PR info memory leaks (bnc#948831).
- target: Send UA upon LUN RESET tmr completion (bsc#933514).
- target: use "^A" when allocating UAs (bsc#933514).
- usbvision fix overflow of interfaces array (bnc#950998).
- vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750).
- vmxnet3: adjust ring sizes when interface is down (bsc#950750).
- x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at
runtime, instead of top-down (bsc#940853).
- x86/evtchn: make use of PHYSDEVOP_map_pirq.
- x86/mm/hotplug: Modify PGD entry when removing memory (VM Functionality,
bnc#955148).
- x86/mm/hotplug: Pass sync_global_pgds() a correct argument in
remove_pagetable() (VM Functionality, bnc#955148).
- xfs: DIO needs an ioend for writes (bsc#949744).
- xfs: DIO write completion size updates race (bsc#949744).
- xfs: DIO writes within EOF do not need an ioend (bsc#949744).
- xfs: always drain dio before extending aio write submission (bsc#949744).
- xfs: direct IO EOF zeroing needs to drain AIO (bsc#949744).
- xfs: do not allocate an ioend for direct I/O completions (bsc#949744).
- xfs: factor DIO write mapping from get_blocks (bsc#949744).
- xfs: handle DIO overwrite EOF update completion correctly (bsc#949744).
- xfs: move DIO mapping size calculation (bsc#949744).
- xfs: using generic_file_direct_write() is unnecessary (bsc#949744).
- xhci: Add spurious wakeup quirk for LynxPoint-LP controllers
(bnc#951165).
- xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949463).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Workstation Extension 12:
  zypper in -t patch SUSE-SLE-WE-12-2015-945=1
• SUSE Linux Enterprise Software Development Kit 12:
  zypper in -t patch SUSE-SLE-SDK-12-2015-945=1
• SUSE Linux Enterprise Server 12:
  zypper in -t patch SUSE-SLE-SERVER-12-2015-945=1
• SUSE Linux Enterprise Module for Public Cloud 12:
  zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-945=1
• SUSE Linux Enterprise Live Patching 12:
  zypper in -t patch SUSE-SLE-Live-Patching-12-2015-945=1
• SUSE Linux Enterprise Desktop 12:
  zypper in -t patch SUSE-SLE-DESKTOP-12-2015-945=1

To bring your system up-to-date, use "zypper patch".

Package List:

• SUSE Linux Enterprise Workstation Extension 12 (x86_64):
  • kernel-default-debuginfo-3.12.51-52.31.1
  • kernel-default-debugsource-3.12.51-52.31.1
  • kernel-default-extra-3.12.51-52.31.1
  • kernel-default-extra-debuginfo-3.12.51-52.31.1
• SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):
  • kernel-obs-build-3.12.51-52.31.1
  • kernel-obs-build-debugsource-3.12.51-52.31.1
• SUSE Linux Enterprise Software Development Kit 12 (noarch):
  • kernel-docs-3.12.51-52.31.5
• SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):
  • kernel-default-3.12.51-52.31.1
  • kernel-default-base-3.12.51-52.31.1
  • kernel-default-base-debuginfo-3.12.51-52.31.1
  • kernel-default-debuginfo-3.12.51-52.31.1
  • kernel-default-debugsource-3.12.51-52.31.1
  • kernel-default-devel-3.12.51-52.31.1
  • kernel-syms-3.12.51-52.31.1
• SUSE Linux Enterprise Server 12 (x86_64):
  • kernel-xen-3.12.51-52.31.1
  • kernel-xen-base-3.12.51-52.31.1
  • kernel-xen-base-debuginfo-3.12.51-52.31.1
  • kernel-xen-debuginfo-3.12.51-52.31.1
  • kernel-xen-debugsource-3.12.51-52.31.1
  • kernel-xen-devel-3.12.51-52.31.1
• SUSE Linux Enterprise Server 12 (noarch):
  • kernel-devel-3.12.51-52.31.1
  • kernel-macros-3.12.51-52.31.1
  • kernel-source-3.12.51-52.31.1
• SUSE Linux Enterprise Server 12 (s390x):
  • kernel-default-man-3.12.51-52.31.1
• SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):
  • kernel-ec2-3.12.51-52.31.1
  • kernel-ec2-debuginfo-3.12.51-52.31.1
  • kernel-ec2-debugsource-3.12.51-52.31.1
  • kernel-ec2-devel-3.12.51-52.31.1
  • kernel-ec2-extra-3.12.51-52.31.1
  • kernel-ec2-extra-debuginfo-3.12.51-52.31.1
• SUSE Linux Enterprise Live Patching 12 (x86_64):
  • kgraft-patch-3_12_51-52_31-default-1-2.2
  • kgraft-patch-3_12_51-52_31-xen-1-2.2
• SUSE Linux Enterprise Desktop 12 (x86_64):
  • kernel-default-3.12.51-52.31.1
  • kernel-default-debuginfo-3.12.51-52.31.1
  • kernel-default-debugsource-3.12.51-52.31.1
  • kernel-default-devel-3.12.51-52.31.1
  • kernel-default-extra-3.12.51-52.31.1
  • kernel-default-extra-debuginfo-3.12.51-52.31.1
  • kernel-syms-3.12.51-52.31.1
  • kernel-xen-3.12.51-52.31.1
  • kernel-xen-debuginfo-3.12.51-52.31.1
  • kernel-xen-debugsource-3.12.51-52.31.1
  • kernel-xen-devel-3.12.51-52.31.1
• SUSE Linux Enterprise Desktop 12 (noarch):
  • kernel-devel-3.12.51-52.31.1
  • kernel-macros-3.12.51-52.31.1
  • kernel-source-3.12.51-52.31.1

References:

• https://www.suse.com/security/cve/CVE-2015-0272.html
• https://www.suse.com/security/cve/CVE-2015-2925.html
• https://www.suse.com/security/cve/CVE-2015-5283.html
• https://www.suse.com/security/cve/CVE-2015-5307.html
• https://www.suse.com/security/cve/CVE-2015-7799.html
• https://www.suse.com/security/cve/CVE-2015-7872.html
• https://www.suse.com/security/cve/CVE-2015-7990.html
• https://www.suse.com/security/cve/CVE-2015-8104.html
• https://bugzilla.suse.com/814440
• https://bugzilla.suse.com/867595
• https://bugzilla.suse.com/904348
• https://bugzilla.suse.com/921949
• https://bugzilla.suse.com/924493
• https://bugzilla.suse.com/930145
• https://bugzilla.suse.com/933514
• https://bugzilla.suse.com/935961
• https://bugzilla.suse.com/936076
• https://bugzilla.suse.com/936773
• https://bugzilla.suse.com/939826
• https://bugzilla.suse.com/939926
• https://bugzilla.suse.com/940853
• https://bugzilla.suse.com/941202
• https://bugzilla.suse.com/941867
• https://bugzilla.suse.com/942938
• https://bugzilla.suse.com/944749
• https://bugzilla.suse.com/945626
• https://bugzilla.suse.com/946078
• https://bugzilla.suse.com/947241
• https://bugzilla.suse.com/947321
• https://bugzilla.suse.com/947478
• https://bugzilla.suse.com/948521
• https://bugzilla.suse.com/948685
• https://bugzilla.suse.com/948831
• https://bugzilla.suse.com/949100
• https://bugzilla.suse.com/949463
• https://bugzilla.suse.com/949504
• https://bugzilla.suse.com/949706
• https://bugzilla.suse.com/949744
• https://bugzilla.suse.com/950013
• https://bugzilla.suse.com/950750
• https://bugzilla.suse.com/950862
• https://bugzilla.suse.com/950998
• https://bugzilla.suse.com/951110
• https://bugzilla.suse.com/951165
• https://bugzilla.suse.com/951199
• https://bugzilla.suse.com/951440
• https://bugzilla.suse.com/951546
• https://bugzilla.suse.com/952666
• https://bugzilla.suse.com/952758
• https://bugzilla.suse.com/953796
• https://bugzilla.suse.com/953980
• https://bugzilla.suse.com/954635
• https://bugzilla.suse.com/955148
• https://bugzilla.suse.com/955224
• https://bugzilla.suse.com/955422
• https://bugzilla.suse.com/955533
• https://bugzilla.suse.com/955644
• https://bugzilla.suse.com/956047
• https://bugzilla.suse.com/956053
• https://bugzilla.suse.com/956703
• https://bugzilla.suse.com/956711