Security update for the Linux Kernel
Announcement ID: | SUSE-SU-2015:2194-1 |
Rating: | important |
References: | #814440 #867595 #904348 #921949 #924493 #930145 #933514 #935961 #936076 #936773 #939826 #939926 #940853 #941202 #941867 #942938 #944749 #945626 #946078 #947241 #947321 #947478 #948521 #948685 #948831 #949100 #949463 #949504 #949706 #949744 #950013 #950750 #950862 #950998 #951110 #951165 #951199 #951440 #951546 #952666 #952758 #953796 #953980 #954635 #955148 #955224 #955422 #955533 #955644 #956047 #956053 #956703 #956711 |
Affected Products: |
An update that solves 8 vulnerabilities and has 45 fixes is now available.
Description:
The SUSE Linux Enterprise 12 kernel was updated to 3.12.51 to receive
various security and bugfixes.
Following security bugs were fixed:
- CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the
Linux kernel did not ensure that certain slot numbers were valid, which
allowed local users to cause a denial of service (NULL pointer
dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call
(bnc#949936).
- CVE-2015-5283: The sctp_init function in net/sctp/protocol.c in the
Linux kernel had an incorrect sequence of protocol-initialization steps,
which allowed local users to cause a denial of service (panic or memory
corruption) by creating SCTP sockets before all of the steps have
finished (bnc#947155).
- CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux
kernel did not properly handle rename actions inside a bind mount, which
allowed local users to bypass an intended container protection mechanism
by renaming a directory, related to a "double-chroot attack (bnc#926238).
- CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS
users to cause a denial of service (host OS panic or hang) by triggering
many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).
- CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS
users to cause a denial of service (host OS panic or hang) by triggering
many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c
(bnc#953527).
- CVE-2015-7990: RDS: There was no verification that an underlying
transport exists when creating a connection, causing usage of a NULL
pointer (bsc#952384).
- CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in
the Linux kernel allowed local users to cause a denial of service (OOPS)
via crafted keyctl commands (bnc#951440).
- CVE-2015-0272: Missing checks allowed remote attackers to cause a denial
of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6
Router Advertisement (RA) message, a different vulnerability than
CVE-2015-8215 (bnc#944296).
The following non-security bugs were fixed:
- ALSA: hda - Disable 64bit address for Creative HDA controllers
(bnc#814440).
- Add PCI IDs of Intel Sunrise Point-H SATA Controller S232/236
(bsc#953796).
- Btrfs: fix file corruption and data loss after cloning inline extents
(bnc#956053).
- Btrfs: fix truncation of compressed and inlined extents (bnc#956053).
- Disable some ppc64le netfilter modules to restore the kabi (bsc#951546)
- Fix regression in NFSRDMA server (bsc#951110).
- KEYS: Fix race between key destruction and finding a keyring by name
(bsc#951440).
- KVM: x86: call irq notifiers with directed EOI (bsc#950862).
- NVMe: Add shutdown timeout as module parameter (bnc#936076).
- NVMe: Mismatched host/device page size support (bsc#935961).
- PCI: Drop "setting latency timer" messages (bsc#956047).
- SCSI: Fix hard lockup in scsi_remove_target() (bsc#944749).
- SCSI: hosts: update to use ida_simple for host_no (bsc#939926)
- SUNRPC: Fix oops when trace sunrpc_task events in nfs client
(bnc#956703).
- Sync ppc64le netfilter config options with other archs (bnc#951546)
- Update kabi files with sbc_parse_cdb symbol change (bsc#954635).
- apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another
task (bsc#921949).
- apparmor: temporary work around for bug while unloading policy
(boo#941867).
- audit: correctly record file names with different path name types
(bsc#950013).
- audit: create private file name copies when auditing inodes (bsc#950013).
- cpu: Defer smpboot kthread unparking until CPU known to scheduler
(bsc#936773).
- dlm: make posix locks interruptible, (bsc#947241).
- dm sysfs: introduce ability to add writable attributes (bsc#904348).
- dm-snap: avoid deadock on s->lock when a read is split (bsc#939826).
- dm: do not start current request if it would've merged with the previous
(bsc#904348).
- dm: impose configurable deadline for dm_request_fn's merge heuristic
(bsc#904348).
- dmapi: Fix xfs dmapi to not unlock and lock XFS_ILOCK_EXCL (bsc#949744).
- drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt,
v2 (bsc#942938).
- drm/i915: add hotplug activation period to hotplug update mask
(bsc#953980).
- fanotify: fix notification of groups with inode and mount marks
(bsc#955533).
- genirq: Make sure irq descriptors really exist when __irq_alloc_descs
returns (bsc#945626).
- hv: vss: run only on supported host versions (bnc#949504).
- ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224).
- ipv6: Check RTF_LOCAL on rt->rt6i_flags instead of rt->dst.flags
(bsc#947321).
- ipv6: Consider RTF_CACHE when searching the fib6 tree (bsc#947321).
- ipv6: Extend the route lookups to low priority metrics (bsc#947321).
- ipv6: Stop /128 route from disappearing after pmtu update (bsc#947321).
- ipv6: Stop rt6_info from using inet_peer's metrics (bsc#947321).
- ipv6: distinguish frag queues by device for multicast and link-local
packets (bsc#955422).
- ipvs: drop first packet to dead server (bsc#946078).
- kABI: protect struct ahci_host_priv.
- kABI: protect struct rt6_info changes from bsc#947321 changes
(bsc#947321).
- kabi: Hide rt6_* types from genksyms on ppc64le (bsc#951546).
- kabi: Restore kabi in struct iscsi_tpg_attrib (bsc#954635).
- kabi: Restore kabi in struct se_cmd (bsc#954635).
- kabi: Restore kabi in struct se_subsystem_api (bsc#954635).
- kabi: protect skb_copy_and_csum_datagram_iovec() signature (bsc#951199).
- kgr: fix migration of kthreads to the new universe.
- kgr: wake up kthreads periodically.
- ktime: add ktime_after and ktime_before helper (bsc#904348).
- macvlan: Support bonding events (bsc#948521).
- net: add length argument to skb_copy_and_csum_datagram_iovec
(bsc#951199).
- net: handle null iovec pointer in skb_copy_and_csum_datagram_iovec()
(bsc#951199).
- pci: Update VPD size with correct length (bsc#924493).
- rcu: Eliminate deadlock between CPU hotplug and expedited grace periods
(bsc#949706).
- ring-buffer: Always run per-cpu ring buffer resize with
schedule_work_on() (bnc#956711).
- route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224).
- rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds
(bsc#930145).
- rtc: cmos: Revert "rtc-cmos: Add an alarm disable quirk" (bsc#930145).
- sched/core: Fix task and run queue sched_info::run_delay inconsistencies
(bnc#949100).
- sunrpc/cache: make cache flushing more reliable (bsc#947478).
- supported.conf: Add missing dependencies of supported modules hwmon_vid
needed by nct6775 hwmon_vid needed by w83627ehf reed_solomon needed by
ramoops
- supported.conf: Fix dependencies on ppc64le of_mdio needed by mdio-gpio
- target/pr: fix core_scsi3_pr_seq_non_holder() caller (bnc#952666).
- target/rbd: fix COMPARE AND WRITE page vector leak (bnc#948831).
- target/rbd: fix PR info memory leaks (bnc#948831).
- target: Send UA upon LUN RESET tmr completion (bsc#933514).
- target: use "^A" when allocating UAs (bsc#933514).
- usbvision fix overflow of interfaces array (bnc#950998).
- vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750).
- vmxnet3: adjust ring sizes when interface is down (bsc#950750).
- x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at
runtime, instead of top-down (bsc#940853).
- x86/evtchn: make use of PHYSDEVOP_map_pirq.
- x86/mm/hotplug: Modify PGD entry when removing memory (VM Functionality,
bnc#955148).
- x86/mm/hotplug: Pass sync_global_pgds() a correct argument in
remove_pagetable() (VM Functionality, bnc#955148).
- xfs: DIO needs an ioend for writes (bsc#949744).
- xfs: DIO write completion size updates race (bsc#949744).
- xfs: DIO writes within EOF do not need an ioend (bsc#949744).
- xfs: always drain dio before extending aio write submission (bsc#949744).
- xfs: direct IO EOF zeroing needs to drain AIO (bsc#949744).
- xfs: do not allocate an ioend for direct I/O completions (bsc#949744).
- xfs: factor DIO write mapping from get_blocks (bsc#949744).
- xfs: handle DIO overwrite EOF update completion correctly (bsc#949744).
- xfs: move DIO mapping size calculation (bsc#949744).
- xfs: using generic_file_direct_write() is unnecessary (bsc#949744).
- xhci: Add spurious wakeup quirk for LynxPoint-LP controllers
(bnc#951165).
- xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949463).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12:
zypper in -t patch SUSE-SLE-WE-12-2015-945=1
- SUSE Linux Enterprise Software Development Kit 12:
zypper in -t patch SUSE-SLE-SDK-12-2015-945=1
- SUSE Linux Enterprise Server 12:
zypper in -t patch SUSE-SLE-SERVER-12-2015-945=1
- SUSE Linux Enterprise Module for Public Cloud 12:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-945=1
- SUSE Linux Enterprise Live Patching 12:
zypper in -t patch SUSE-SLE-Live-Patching-12-2015-945=1
- SUSE Linux Enterprise Desktop 12:
zypper in -t patch SUSE-SLE-DESKTOP-12-2015-945=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Workstation Extension 12 (x86_64):
- kernel-default-debuginfo-3.12.51-52.31.1
- kernel-default-debugsource-3.12.51-52.31.1
- kernel-default-extra-3.12.51-52.31.1
- kernel-default-extra-debuginfo-3.12.51-52.31.1
- SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):
- kernel-obs-build-3.12.51-52.31.1
- kernel-obs-build-debugsource-3.12.51-52.31.1
- SUSE Linux Enterprise Software Development Kit 12 (noarch):
- kernel-docs-3.12.51-52.31.5
- SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):
- kernel-default-3.12.51-52.31.1
- kernel-default-base-3.12.51-52.31.1
- kernel-default-base-debuginfo-3.12.51-52.31.1
- kernel-default-debuginfo-3.12.51-52.31.1
- kernel-default-debugsource-3.12.51-52.31.1
- kernel-default-devel-3.12.51-52.31.1
- kernel-syms-3.12.51-52.31.1
- SUSE Linux Enterprise Server 12 (x86_64):
- kernel-xen-3.12.51-52.31.1
- kernel-xen-base-3.12.51-52.31.1
- kernel-xen-base-debuginfo-3.12.51-52.31.1
- kernel-xen-debuginfo-3.12.51-52.31.1
- kernel-xen-debugsource-3.12.51-52.31.1
- kernel-xen-devel-3.12.51-52.31.1
- SUSE Linux Enterprise Server 12 (noarch):
- kernel-devel-3.12.51-52.31.1
- kernel-macros-3.12.51-52.31.1
- kernel-source-3.12.51-52.31.1
- SUSE Linux Enterprise Server 12 (s390x):
- kernel-default-man-3.12.51-52.31.1
- SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):
- kernel-ec2-3.12.51-52.31.1
- kernel-ec2-debuginfo-3.12.51-52.31.1
- kernel-ec2-debugsource-3.12.51-52.31.1
- kernel-ec2-devel-3.12.51-52.31.1
- kernel-ec2-extra-3.12.51-52.31.1
- kernel-ec2-extra-debuginfo-3.12.51-52.31.1
- SUSE Linux Enterprise Live Patching 12 (x86_64):
- kgraft-patch-3_12_51-52_31-default-1-2.2
- kgraft-patch-3_12_51-52_31-xen-1-2.2
- SUSE Linux Enterprise Desktop 12 (x86_64):
- kernel-default-3.12.51-52.31.1
- kernel-default-debuginfo-3.12.51-52.31.1
- kernel-default-debugsource-3.12.51-52.31.1
- kernel-default-devel-3.12.51-52.31.1
- kernel-default-extra-3.12.51-52.31.1
- kernel-default-extra-debuginfo-3.12.51-52.31.1
- kernel-syms-3.12.51-52.31.1
- kernel-xen-3.12.51-52.31.1
- kernel-xen-debuginfo-3.12.51-52.31.1
- kernel-xen-debugsource-3.12.51-52.31.1
- kernel-xen-devel-3.12.51-52.31.1
- SUSE Linux Enterprise Desktop 12 (noarch):
- kernel-devel-3.12.51-52.31.1
- kernel-macros-3.12.51-52.31.1
- kernel-source-3.12.51-52.31.1
References:
- https://www.suse.com/security/cve/CVE-2015-0272.html
- https://www.suse.com/security/cve/CVE-2015-2925.html
- https://www.suse.com/security/cve/CVE-2015-5283.html
- https://www.suse.com/security/cve/CVE-2015-5307.html
- https://www.suse.com/security/cve/CVE-2015-7799.html
- https://www.suse.com/security/cve/CVE-2015-7872.html
- https://www.suse.com/security/cve/CVE-2015-7990.html
- https://www.suse.com/security/cve/CVE-2015-8104.html
- https://bugzilla.suse.com/814440
- https://bugzilla.suse.com/867595
- https://bugzilla.suse.com/904348
- https://bugzilla.suse.com/921949
- https://bugzilla.suse.com/924493
- https://bugzilla.suse.com/930145
- https://bugzilla.suse.com/933514
- https://bugzilla.suse.com/935961
- https://bugzilla.suse.com/936076
- https://bugzilla.suse.com/936773
- https://bugzilla.suse.com/939826
- https://bugzilla.suse.com/939926
- https://bugzilla.suse.com/940853
- https://bugzilla.suse.com/941202
- https://bugzilla.suse.com/941867
- https://bugzilla.suse.com/942938
- https://bugzilla.suse.com/944749
- https://bugzilla.suse.com/945626
- https://bugzilla.suse.com/946078
- https://bugzilla.suse.com/947241
- https://bugzilla.suse.com/947321
- https://bugzilla.suse.com/947478
- https://bugzilla.suse.com/948521
- https://bugzilla.suse.com/948685
- https://bugzilla.suse.com/948831
- https://bugzilla.suse.com/949100
- https://bugzilla.suse.com/949463
- https://bugzilla.suse.com/949504
- https://bugzilla.suse.com/949706
- https://bugzilla.suse.com/949744
- https://bugzilla.suse.com/950013
- https://bugzilla.suse.com/950750
- https://bugzilla.suse.com/950862
- https://bugzilla.suse.com/950998
- https://bugzilla.suse.com/951110
- https://bugzilla.suse.com/951165
- https://bugzilla.suse.com/951199
- https://bugzilla.suse.com/951440
- https://bugzilla.suse.com/951546
- https://bugzilla.suse.com/952666
- https://bugzilla.suse.com/952758
- https://bugzilla.suse.com/953796
- https://bugzilla.suse.com/953980
- https://bugzilla.suse.com/954635
- https://bugzilla.suse.com/955148
- https://bugzilla.suse.com/955224
- https://bugzilla.suse.com/955422
- https://bugzilla.suse.com/955533
- https://bugzilla.suse.com/955644
- https://bugzilla.suse.com/956047
- https://bugzilla.suse.com/956053
- https://bugzilla.suse.com/956703
- https://bugzilla.suse.com/956711