Security update for the Linux Kernel
Announcement ID: | SUSE-SU-2015:1071-1 |
Rating: | important |
References: | #899192 #900881 #909312 #913232 #914742 #915540 #916225 #917125 #919007 #919018 #920262 #921769 #922583 #922734 #922944 #924664 #924803 #924809 #925567 #926156 #926240 #926314 #927084 #927115 #927116 #927257 #927285 #927308 #927455 #928122 #928130 #928135 #928141 #928708 #929092 #929145 #929525 #929883 #930224 #930226 #930669 #930786 #931014 #931130 |
Affected Products: |
An update that solves 13 vulnerabilities and has 31 fixes is now available.
Description:
The SUSE Linux Enterprise 12 kernel was updated to version 3.12.43 to
receive various security and bugfixes.
Following security bugs were fixed:
- CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the Linux
kernel through 3.17.2 did not properly perform RIP changes, which
allowed guest OS users to cause a denial of service (guest OS crash) via
a crafted application (bsc#899192).
- CVE-2014-8086: Race condition in the ext4_file_write_iter function in
fs/ext4/file.c in the Linux kernel through 3.17 allowed local users to
cause a denial of service (file unavailability) via a combination of a
write action and an F_SETFL fcntl operation for the O_DIRECT flag
(bsc#900881).
- CVE-2014-8159: The InfiniBand (IB) implementation did not properly
restrict use of User Verbs for registration of memory regions, which
allowed local users to access arbitrary physical memory locations, and
consequently cause a denial of service (system crash) or gain
privileges, by leveraging permissions on a uverbs device under
/dev/infiniband/ (bsc#914742).
- CVE-2015-1465: The IPv4 implementation in the Linux kernel before 3.18.8
did not properly consider the length of the Read-Copy Update (RCU) grace
period for redirecting lookups in the absence of caching, which allowed
remote attackers to cause a denial of service (memory consumption or
system crash) via a flood of packets (bsc#916225).
- CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux kernel before 3.19
used an incorrect data type in a sysctl table, which allowed local users
to obtain potentially sensitive information from kernel memory or
possibly have unspecified other impact by accessing a sysctl entry
(bsc#919007).
- CVE-2015-2042: net/rds/sysctl.c in the Linux kernel before 3.19 used an
incorrect data type in a sysctl table, which allowed local users to
obtain potentially sensitive information from kernel memory or possibly
have unspecified other impact by accessing a sysctl entry (bsc#919018).
- CVE-2015-2666: Fixed a flaw that allowed crafted microcode to overflow
the kernel stack (bsc#922944).
- CVE-2015-2830: Fixed int80 fork from 64-bit tasks mishandling
(bsc#926240).
- CVE-2015-2922: Fixed possible denial of service (DoS) attack against
IPv6 network stacks due to improper handling of Router Advertisements
(bsc#922583).
- CVE-2015-3331: Fixed buffer overruns in RFC4106 implementation using
AESNI (bsc#927257).
- CVE-2015-3332: Fixed TCP Fast Open local DoS (bsc#928135).
- CVE-2015-3339: Fixed race condition flaw between the chown() and
execve() system calls which could have lead to local privilege
escalation (bsc#928130).
- CVE-2015-3636: Fixed use-after-free in ping sockets which could have
lead to local privilege escalation (bsc#929525).
The following non-security bugs were fixed:
- /proc/stat: convert to single_open_size() (bsc#928122).
- ACPI / sysfs: Treat the count field of counter_show() as unsigned
(bsc#909312).
- Automatically Provide/Obsolete all subpackages of old flavors
(bsc#925567)
- Btrfs: btrfs_release_extent_buffer_page did not free pages of dummy
extent (bsc#930226).
- Btrfs: fix inode eviction infinite loop after cloning into it
(bsc#930224).
- Btrfs: fix inode eviction infinite loop after extent_same ioctl
(bsc#930224).
- Btrfs: fix log tree corruption when fs mounted with -o discard
(bsc#927116).
- Btrfs: fix up bounds checking in lseek (bsc#927115).
- Fix rtworkqueues crash. Calling __sched_setscheduler() in interrupt
context is forbidden, and destroy_worker() did so in the timer interrupt
with a nohz_full config. Preclude that possibility for both boot options.
- Input: psmouse - add psmouse_matches_pnp_id helper function (bsc#929092).
- Input: synaptics - fix middle button on Lenovo 2015 products
(bsc#929092).
- Input: synaptics - handle spurious release of trackstick buttons
(bsc#929092).
- Input: synaptics - re-route tracksticks buttons on the Lenovo 2015
series (bsc#929092).
- Input: synaptics - remove TOPBUTTONPAD property for Lenovos 2015
(bsc#929092).
- Input: synaptics - retrieve the extended capabilities in query $10
(bsc#929092).
- NFS: Add attribute update barriers to nfs_setattr_update_inode()
(bsc#920262).
- NFS: restore kabi after change to nfs_setattr_update_inode (bsc#920262).
- af_iucv: fix AF_IUCV sendmsg() errno (bsc#927308, LTC#123304).
- audit: do not reject all AUDIT_INODE filter types (bsc#927455).
- bnx2x: Fix kdump when iommu=on (bsc#921769).
- cpufreq: fix a NULL pointer dereference in __cpufreq_governor()
(bsc#924664).
- dasd: Fix device having no paths after suspend/resume (bsc#927308,
LTC#123896).
- dasd: Fix inability to set a DASD device offline (bsc#927308,
LTC#123905).
- dasd: Fix unresumed device after suspend/resume (bsc#927308, LTC#123892).
- dasd: Missing partition after online processing (bsc#917125, LTC#120565).
- drm/radeon/cik: Add macrotile mode array query (bsc#927285).
- drm/radeon: fix display tiling setup on SI (bsc#927285).
- drm/radeon: set correct number of banks for CIK chips in DCE
(bsc#927285).
- iommu/amd: Correctly encode huge pages in iommu page tables (bsc#931014).
- iommu/amd: Optimize alloc_new_range for new fetch_pte interface
(bsc#931014).
- iommu/amd: Optimize amd_iommu_iova_to_phys for new fetch_pte interface
(bsc#931014).
- iommu/amd: Optimize iommu_unmap_page for new fetch_pte interface
(bsc#931014).
- iommu/amd: Return the pte page-size in fetch_pte (bsc#931014).
- ipc/shm.c: fix overly aggressive shmdt() when calls span multiple
segments (ipc fixes).
- ipmi: Turn off all activity on an idle ipmi interface (bsc#915540).
- ixgbe: fix detection of SFP+ capable interfaces (bsc#922734).
- kgr: add error code to the message in kgr_revert_replaced_funs.
- kgr: add kgraft annotations to kthreads wait_event_freezable() API calls.
- kgr: correct error handling of the first patching stage.
- kgr: handle the delayed patching of the modules.
- kgr: handle the failure of finalization stage.
- kgr: return error in kgr_init if notifier registration fails.
- kgr: take switching of the fops out of kgr_patch_code to new function.
- kgr: use for_each_process_thread (bsc#929883).
- kgr: use kgr_in_progress for all threads (bnc#929883).
- libata: Blacklist queued TRIM on Samsung SSD 850 Pro (bsc#926156).
- mlx4: Call dev_kfree_skby_any instead of dev_kfree_skb (bsc#928708).
- mm, numa: really disable NUMA balancing by default on single node
machines (Automatic NUMA Balancing).
- mm: vmscan: do not throttle based on pfmemalloc reserves if node has no
reclaimable pages (bsc#924803, VM Functionality).
- net/mlx4: Cache line CQE/EQE stride fixes (bsc#927084).
- net/mlx4_core: Cache line EQE size support (bsc#927084).
- net/mlx4_core: Enable CQE/EQE stride support (bsc#927084).
- net/mlx4_en: Add mlx4_en_get_cqe helper (bsc#927084).
- perf/x86/amd/ibs: Update IBS MSRs and feature definitions.
- powerpc/mm: Fix mmap errno when MAP_FIXED is set and mapping exceeds the
allowed address space (bsc#930669).
- powerpc/numa: Add ability to disable and debug topology updates
(bsc#924809).
- powerpc/numa: Enable CONFIG_HAVE_MEMORYLESS_NODES (bsc#924809).
- powerpc/numa: Enable USE_PERCPU_NUMA_NODE_ID (bsc#924809).
- powerpc/numa: check error return from proc_create (bsc#924809).
- powerpc/numa: ensure per-cpu NUMA mappings are correct on topology
update (bsc#924809).
- powerpc/numa: use cached value of update->cpu in update_cpu_topology
(bsc#924809).
- powerpc/perf: Cap 64bit userspace backtraces to PERF_MAX_STACK_DEPTH
(bsc#928141).
- powerpc/pseries: Introduce api_version to migration sysfs interface
(bsc#926314).
- powerpc/pseries: Little endian fixes for post mobility device tree
update (bsc#926314).
- powerpc/pseries: Simplify check for suspendability during
suspend/migration (bsc#926314).
- powerpc: Fix sys_call_table declaration to enable syscall tracing.
- powerpc: Fix warning reported by verify_cpu_node_mapping() (bsc#924809).
- powerpc: Only set numa node information for present cpus at boottime
(bsc#924809).
- powerpc: reorder per-cpu NUMA information initialization (bsc#924809).
- powerpc: some changes in numa_setup_cpu() (bsc#924809).
- quota: Fix use of units in quota getting / setting interfaces
(bsc#913232).
- rpm/kernel-binary.spec.in: Fix build if there is no *.crt file
- rpm/kernel-obs-qa.spec.in: Do not fail if the kernel versions do not
match
- s390/bpf: Fix ALU_NEG (A = -A) (bsc#917125, LTC#121759).
- s390/bpf: Fix JMP_JGE_K (A >= K) and JMP_JGT_K (A > K) (bsc#917125,
LTC#121759).
- s390/bpf: Fix JMP_JGE_X (A > X) and JMP_JGT_X (A >= X) (bsc#917125,
LTC#121759).
- s390/bpf: Fix offset parameter for skb_copy_bits() (bsc#917125,
LTC#121759).
- s390/bpf: Fix sk_load_byte_msh() (bsc#917125, LTC#121759).
- s390/bpf: Fix skb_copy_bits() parameter passing (bsc#917125, LTC#121759).
- s390/bpf: Zero extend parameters before calling C function (bsc#917125,
LTC#121759).
- s390/sclp: Consolidate early sclp init calls to sclp_early_detect()
(bsc#917125, LTC#122429).
- s390/sclp: Determine HSA size dynamically for zfcpdump (bsc#917125,
LTC#122429).
- s390/sclp: Move declarations for sclp_sdias into separate header file
(bsc#917125, LTC#122429).
- s390/sclp: Move early code from sclp_cmd.c to sclp_early.c (bsc#917125,
LTC#122429).
- s390/sclp: replace uninitialized early_event_mask_sccb variable with
sccb_early (bsc#917125, LTC#122429).
- s390/sclp: revert smp-detect-possible-cpus.patch (bsc#917125,
LTC#122429).
- s390/sclp_early: Add function to detect sclp console capabilities
(bsc#917125, LTC#122429).
- s390/sclp_early: Get rid of sclp_early_read_info_sccb_valid (bsc#917125,
LTC#122429).
- s390/sclp_early: Pass sccb pointer to every *_detect() function
(bsc#917125, LTC#122429).
- s390/sclp_early: Replace early_read_info_sccb with sccb_early
(bsc#917125, LTC#122429).
- s390/sclp_early: Return correct HSA block count also for zero
(bsc#917125, LTC#122429).
- s390/smp: limit number of cpus in possible cpu mask (bsc#917125,
LTC#122429).
- s390: kgr, change the kgraft state only if enabled.
- sched, time: Fix lock inversion in thread_group_cputime()
- sched: Fix potential near-infinite distribute_cfs_runtime() loop
(bsc#930786)
- sched: Robustify topology setup (bsc#924809).
- seqlock: Add irqsave variant of read_seqbegin_or_lock() (Time
scalability).
- storvsc: Set the SRB flags correctly when no data transfer is needed
(bsc#931130).
- x86/apic/uv: Update the APIC UV OEM check (bsc#929145).
- x86/apic/uv: Update the UV APIC HUB check (bsc#929145).
- x86/apic/uv: Update the UV APIC driver check (bsc#929145).
- x86/microcode/intel: Guard against stack overflow in the loader
(bsc#922944).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12:
zypper in -t patch SUSE-SLE-WE-12-2015-269=1
- SUSE Linux Enterprise Software Development Kit 12:
zypper in -t patch SUSE-SLE-SDK-12-2015-269=1
- SUSE Linux Enterprise Server 12:
zypper in -t patch SUSE-SLE-SERVER-12-2015-269=1
- SUSE Linux Enterprise Module for Public Cloud 12:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-269=1
- SUSE Linux Enterprise Live Patching 12:
zypper in -t patch SUSE-SLE-Live-Patching-12-2015-269=1
- SUSE Linux Enterprise Desktop 12:
zypper in -t patch SUSE-SLE-DESKTOP-12-2015-269=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Workstation Extension 12 (x86_64):
- kernel-default-debuginfo-3.12.43-52.6.1
- kernel-default-debugsource-3.12.43-52.6.1
- kernel-default-extra-3.12.43-52.6.1
- kernel-default-extra-debuginfo-3.12.43-52.6.1
- SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):
- kernel-obs-build-3.12.43-52.6.2
- kernel-obs-build-debugsource-3.12.43-52.6.2
- SUSE Linux Enterprise Software Development Kit 12 (noarch):
- kernel-docs-3.12.43-52.6.2
- SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):
- kernel-default-3.12.43-52.6.1
- kernel-default-base-3.12.43-52.6.1
- kernel-default-base-debuginfo-3.12.43-52.6.1
- kernel-default-debuginfo-3.12.43-52.6.1
- kernel-default-debugsource-3.12.43-52.6.1
- kernel-default-devel-3.12.43-52.6.1
- kernel-syms-3.12.43-52.6.1
- SUSE Linux Enterprise Server 12 (x86_64):
- kernel-xen-3.12.43-52.6.1
- kernel-xen-base-3.12.43-52.6.1
- kernel-xen-base-debuginfo-3.12.43-52.6.1
- kernel-xen-debuginfo-3.12.43-52.6.1
- kernel-xen-debugsource-3.12.43-52.6.1
- kernel-xen-devel-3.12.43-52.6.1
- SUSE Linux Enterprise Server 12 (noarch):
- kernel-devel-3.12.43-52.6.1
- kernel-macros-3.12.43-52.6.1
- kernel-source-3.12.43-52.6.1
- SUSE Linux Enterprise Server 12 (s390x):
- kernel-default-man-3.12.43-52.6.1
- SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):
- kernel-ec2-3.12.43-52.6.1
- kernel-ec2-debuginfo-3.12.43-52.6.1
- kernel-ec2-debugsource-3.12.43-52.6.1
- kernel-ec2-devel-3.12.43-52.6.1
- kernel-ec2-extra-3.12.43-52.6.1
- kernel-ec2-extra-debuginfo-3.12.43-52.6.1
- SUSE Linux Enterprise Live Patching 12 (x86_64):
- kgraft-patch-3_12_43-52_6-default-1-2.3
- kgraft-patch-3_12_43-52_6-xen-1-2.3
- SUSE Linux Enterprise Desktop 12 (x86_64):
- kernel-default-3.12.43-52.6.1
- kernel-default-debuginfo-3.12.43-52.6.1
- kernel-default-debugsource-3.12.43-52.6.1
- kernel-default-devel-3.12.43-52.6.1
- kernel-default-extra-3.12.43-52.6.1
- kernel-default-extra-debuginfo-3.12.43-52.6.1
- kernel-syms-3.12.43-52.6.1
- kernel-xen-3.12.43-52.6.1
- kernel-xen-debuginfo-3.12.43-52.6.1
- kernel-xen-debugsource-3.12.43-52.6.1
- kernel-xen-devel-3.12.43-52.6.1
- SUSE Linux Enterprise Desktop 12 (noarch):
- kernel-devel-3.12.43-52.6.1
- kernel-macros-3.12.43-52.6.1
- kernel-source-3.12.43-52.6.1
References:
- https://www.suse.com/security/cve/CVE-2014-3647.html
- https://www.suse.com/security/cve/CVE-2014-8086.html
- https://www.suse.com/security/cve/CVE-2014-8159.html
- https://www.suse.com/security/cve/CVE-2015-1465.html
- https://www.suse.com/security/cve/CVE-2015-2041.html
- https://www.suse.com/security/cve/CVE-2015-2042.html
- https://www.suse.com/security/cve/CVE-2015-2666.html
- https://www.suse.com/security/cve/CVE-2015-2830.html
- https://www.suse.com/security/cve/CVE-2015-2922.html
- https://www.suse.com/security/cve/CVE-2015-3331.html
- https://www.suse.com/security/cve/CVE-2015-3332.html
- https://www.suse.com/security/cve/CVE-2015-3339.html
- https://www.suse.com/security/cve/CVE-2015-3636.html
- https://bugzilla.suse.com/899192
- https://bugzilla.suse.com/900881
- https://bugzilla.suse.com/909312
- https://bugzilla.suse.com/913232
- https://bugzilla.suse.com/914742
- https://bugzilla.suse.com/915540
- https://bugzilla.suse.com/916225
- https://bugzilla.suse.com/917125
- https://bugzilla.suse.com/919007
- https://bugzilla.suse.com/919018
- https://bugzilla.suse.com/920262
- https://bugzilla.suse.com/921769
- https://bugzilla.suse.com/922583
- https://bugzilla.suse.com/922734
- https://bugzilla.suse.com/922944
- https://bugzilla.suse.com/924664
- https://bugzilla.suse.com/924803
- https://bugzilla.suse.com/924809
- https://bugzilla.suse.com/925567
- https://bugzilla.suse.com/926156
- https://bugzilla.suse.com/926240
- https://bugzilla.suse.com/926314
- https://bugzilla.suse.com/927084
- https://bugzilla.suse.com/927115
- https://bugzilla.suse.com/927116
- https://bugzilla.suse.com/927257
- https://bugzilla.suse.com/927285
- https://bugzilla.suse.com/927308
- https://bugzilla.suse.com/927455
- https://bugzilla.suse.com/928122
- https://bugzilla.suse.com/928130
- https://bugzilla.suse.com/928135
- https://bugzilla.suse.com/928141
- https://bugzilla.suse.com/928708
- https://bugzilla.suse.com/929092
- https://bugzilla.suse.com/929145
- https://bugzilla.suse.com/929525
- https://bugzilla.suse.com/929883
- https://bugzilla.suse.com/930224
- https://bugzilla.suse.com/930226
- https://bugzilla.suse.com/930669
- https://bugzilla.suse.com/930786
- https://bugzilla.suse.com/931014
- https://bugzilla.suse.com/931130