SUSE-SU-2015:1324-1: important: Security update for the SUSE Linux Enterprise 12 kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Jul 31 02:08:46 MDT 2015


   SUSE Security Update: Security update for the SUSE Linux Enterprise 12 kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:1324-1
Rating:             important
References:         #854817 #854824 #858727 #866911 #867362 #895814 
                    #903279 #907092 #908491 #915183 #917630 #918618 
                    #921430 #924071 #924526 #926369 #926953 #927455 
                    #927697 #927786 #928131 #929475 #929696 #929879 
                    #929974 #930092 #930399 #930579 #930599 #930972 
                    #931124 #931403 #931538 #931620 #931860 #931988 
                    #932348 #932793 #932897 #932898 #932899 #932900 
                    #932967 #933117 #933429 #933637 #933896 #933904 
                    #933907 #934160 #935083 #935085 #935088 #935174 
                    #935542 #935881 #935918 #936012 #936423 #936445 
                    #936446 #936502 #936556 #936831 #936875 #937032 
                    #937087 #937609 #937612 #937613 #937616 #938022 
                    #938023 #938024 
Cross-References:   CVE-2014-9728 CVE-2014-9729 CVE-2014-9730
                    CVE-2014-9731 CVE-2015-1805 CVE-2015-3212
                    CVE-2015-4036 CVE-2015-4167 CVE-2015-4692
                    CVE-2015-5364 CVE-2015-5366
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 12
                    SUSE Linux Enterprise Software Development Kit 12
                    SUSE Linux Enterprise Server 12
                    SUSE Linux Enterprise Module for Public Cloud 12
                    SUSE Linux Enterprise Live Patching 12
                    SUSE Linux Enterprise Desktop 12
______________________________________________________________________________

   An update that solves 11 vulnerabilities and has 63 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 12 kernel was updated to 3.12.44 to receive
   various security and bugfixes.

   These features were added:
   - mpt2sas: Added Reply Descriptor Post Queue (RDPQ) Array support
     (bsc#854824).
   - mpt3sas: Bump mpt3sas driver version to 04.100.00.00 (bsc#854817).

   Following security bugs were fixed:
   - CVE-2015-1805: iov overrun for failed atomic copy could have lead to DoS
     or privilege escalation (bsc#933429).
   - CVE-2015-3212: A race condition in the way the Linux kernel handled
     lists of associations in SCTP sockets could have lead to list corruption
     and kernel panics (bsc#936502).
   - CVE-2015-4036: DoS via memory corruption in vhost/scsi driver
     (bsc#931988).
   - CVE-2015-4167: Linux kernel built with the UDF file
     system(CONFIG_UDF_FS) support was vulnerable to a crash. It occurred
     while fetching inode information from a corrupted/malicious udf file
     system image (bsc#933907).
   - CVE-2015-4692: DoS via NULL pointer dereference in kvm_apic_has_events
     function (bsc#935542).
   - CVE-2015-5364: Remote DoS via flood of UDP packets with invalid
     checksums (bsc#936831).
   - CVE-2015-5366: Remote DoS of EPOLLET epoll applications via flood of UDP
     packets with invalid checksums (bsc#936831).

   Security issues already fixed in the previous update but not referenced by
   CVE:
   - CVE-2014-9728: Kernel built with the UDF file system(CONFIG_UDF_FS)
     support were vulnerable to a crash (bsc#933904).
   - CVE-2014-9729: Kernel built with the UDF file system(CONFIG_UDF_FS)
     support were vulnerable to a crash (bsc#933904).
   - CVE-2014-9730: Kernel built with the UDF file system(CONFIG_UDF_FS)
     support were vulnerable to a crash (bsc#933904).
   - CVE-2014-9731: Kernel built with the UDF file system(CONFIG_UDF_FS)
     support were vulnerable to information leakage (bsc#933896).

   The following non-security bugs were fixed:
   - ALSA: hda - add codec ID for Skylake display audio codec (bsc#936556).
   - ALSA: hda/hdmi - apply Haswell fix-ups to Skylake display codec
     (bsc#936556).
   - ALSA: hda_controller: Separate stream_tag for input and output streams
     (bsc#936556).
   - ALSA: hda_intel: add AZX_DCAPS_I915_POWERWELL for SKL and BSW
     (bsc#936556).
   - ALSA: hda_intel: apply the Seperate stream_tag for Skylake (bsc#936556).
   - ALSA: hda_intel: apply the Seperate stream_tag for Sunrise Point
     (bsc#936556).
   - Btrfs: Handle unaligned length in extent_same (bsc#937609).
   - Btrfs: add missing inode item update in fallocate() (bsc#938023).
   - Btrfs: check pending chunks when shrinking fs to avoid corruption
     (bsc#936445).
   - Btrfs: do not update mtime/ctime on deduped inodes (bsc#937616).
   - Btrfs: fix block group ->space_info null pointer dereference
     (bsc#935088).
   - Btrfs: fix clone / extent-same deadlocks (bsc#937612).
   - Btrfs: fix deadlock with extent-same and readpage (bsc#937612).
   - Btrfs: fix fsync data loss after append write (bsc#936446).
   - Btrfs: fix hang during inode eviction due to concurrent readahead
     (bsc#935085).
   - Btrfs: fix memory leak in the extent_same ioctl (bsc#937613).
   - Btrfs: fix race when reusing stale extent buffers that leads to BUG_ON
     (bsc#926369).
   - Btrfs: fix use after free when close_ctree frees the orphan_rsv
     (bsc#938022).
   - Btrfs: pass unaligned length to btrfs_cmp_data() (bsc#937609).
   - Btrfs: provide super_operations->inode_get_dev (bsc#927455).
   - Drivers: hv: balloon: check if ha_region_mutex was acquired in
     MEM_CANCEL_ONLINE case.
   - Drivers: hv: fcopy: process deferred messages when we complete the
     transaction.
   - Drivers: hv: fcopy: rename fcopy_work -> fcopy_timeout_work.
   - Drivers: hv: fcopy: set .owner reference for file operations.
   - Drivers: hv: fcopy: switch to using the hvutil_device_state state
     machine.
   - Drivers: hv: hv_balloon: correctly handle num_pages>INT_MAX case.
   - Drivers: hv: hv_balloon: correctly handle val.freeram lower than
     num_pages case.
   - Drivers: hv: hv_balloon: do not lose memory when onlining order is not
     natural.
   - Drivers: hv: hv_balloon: do not online pages in offline blocks.
   - Drivers: hv: hv_balloon: eliminate jumps in piecewiese linear floor
     function.
   - Drivers: hv: hv_balloon: eliminate the trylock path in
     acquire/release_region_mutex.
   - Drivers: hv: hv_balloon: keep locks balanced on add_memory() failure.
   - Drivers: hv: hv_balloon: refuse to balloon below the floor.
   - Drivers: hv: hv_balloon: report offline pages as being used.
   - Drivers: hv: hv_balloon: survive ballooning request with num_pages=0.
   - Drivers: hv: kvp: move poll_channel() to hyperv_vmbus.h.
   - Drivers: hv: kvp: rename kvp_work -> kvp_timeout_work.
   - Drivers: hv: kvp: reset kvp_context.
   - Drivers: hv: kvp: switch to using the hvutil_device_state state machine.
   - Drivers: hv: util: Fix a bug in the KVP code. reapply upstream change
     ontop of v3.12-stable change
   - Drivers: hv: util: On device remove, close the channel after
     de-initializing the service.
   - Drivers: hv: util: introduce hv_utils_transport abstraction.
   - Drivers: hv: util: introduce state machine for util drivers.
   - Drivers: hv: util: move kvp/vss function declarations to hyperv_vmbus.h.
   - Drivers: hv: vmbus: Add device and vendor ID to vmbus devices.
   - Drivers: hv: vmbus: Add support for VMBus panic notifier handler
     (bsc#934160).
   - Drivers: hv: vmbus: Add support for the NetworkDirect GUID.
   - Drivers: hv: vmbus: Correcting truncation error for constant
     HV_CRASH_CTL_CRASH_NOTIFY (bsc#934160).
   - Drivers: hv: vmbus: Export the vmbus_sendpacket_pagebuffer_ctl().
   - Drivers: hv: vmbus: Fix a bug in rescind processing in
     vmbus_close_internal().
   - Drivers: hv: vmbus: Fix a siganlling host signalling issue.
   - Drivers: hv: vmbus: Get rid of some unnecessary messages.
   - Drivers: hv: vmbus: Get rid of some unused definitions.
   - Drivers: hv: vmbus: Handle both rescind and offer messages in the same
     context.
   - Drivers: hv: vmbus: Implement the protocol for tearing down vmbus state.
   - Drivers: hv: vmbus: Introduce a function to remove a rescinded offer.
   - Drivers: hv: vmbus: Perform device register in the per-channel work
     element.
   - Drivers: hv: vmbus: Permit sending of packets without payload.
   - Drivers: hv: vmbus: Properly handle child device remove.
   - Drivers: hv: vmbus: Remove the channel from the channel list(s) on
     failure.
   - Drivers: hv: vmbus: Suport an API to send packet with additional control.
   - Drivers: hv: vmbus: Suport an API to send pagebuffers with additional
     control.
   - Drivers: hv: vmbus: Teardown clockevent devices on module unload.
   - Drivers: hv: vmbus: Teardown synthetic interrupt controllers on module
     unload.
   - Drivers: hv: vmbus: Use a round-robin algorithm for picking the
     outgoing channel.
   - Drivers: hv: vmbus: Use the vp_index map even for channels bound to CPU
     0.
   - Drivers: hv: vmbus: avoid double kfree for device_obj.
   - Drivers: hv: vmbus: briefly comment num_sc and next_oc.
   - Drivers: hv: vmbus: decrease num_sc on subchannel removal.
   - Drivers: hv: vmbus: distribute subchannels among all vcpus.
   - Drivers: hv: vmbus: do cleanup on all vmbus_open() failure paths.
   - Drivers: hv: vmbus: introduce vmbus_acpi_remove.
   - Drivers: hv: vmbus: kill tasklets on module unload.
   - Drivers: hv: vmbus: move init_vp_index() call to vmbus_process_offer().
   - Drivers: hv: vmbus: prevent cpu offlining on newer hypervisors.
   - Drivers: hv: vmbus: rename channel work queues.
   - Drivers: hv: vmbus: teardown hv_vmbus_con workqueue and vmbus_connection
     pages on shutdown.
   - Drivers: hv: vmbus: unify calls to percpu_channel_enq().
   - Drivers: hv: vmbus: unregister panic notifier on module unload.
   - Drivers: hv: vmbus:Update preferred vmbus protocol version to windows 10.
   - Drivers: hv: vss: process deferred messages when we complete the
     transaction.
   - Drivers: hv: vss: switch to using the hvutil_device_state state machine.
   - Enable CONFIG_BRIDGE_NF_EBTABLES on s390x (bsc#936012)
   - Fix connection reuse when sk_error_report is used (bsc#930972).
   - GHES: Carve out error queueing in a separate function (bsc#917630).
   - GHES: Carve out the panic functionality (bsc#917630).
   - GHES: Elliminate double-loop in the NMI handler (bsc#917630).
   - GHES: Make NMI handler have a single reader (bsc#917630).
   - GHES: Panic right after detection (bsc#917630).
   - IB/mlx4: Fix wrong usage of IPv4 protocol for multicast attach/detach
     (bsc#918618).
   - Initialize hv_netvsc_packet->xmit_more to avoid transfer stalls
   - KVM: PPC: BOOK3S: HV: CMA: Reserve cma region only in hypervisor mode
     (bsc#908491).
   - KVM: s390: virtio-ccw: Handle command rejects (bsc#931860).
   - MODSIGN: loading keys from db when SecureBoot disabled (bsc#929696).
   - MODSIGN: loading keys from db when SecureBoot disabled (bsc#929696).
   - PCI: pciehp: Add hotplug_lock to serialize hotplug events (bsc#866911).
   - Revert "MODSIGN: loading keys from db when SecureBoot disabled". This
     reverts commit b45412d4, because it breaks legacy boot.
   - SUNRPC: Report connection error values to rpc_tasks on the pending queue
     (bsc#930972).
   - Update s390x kabi files with netfilter change (bsc#936012)
   - client MUST ignore EncryptionKeyLength if CAP_EXTENDED_SECURITY is set
     (bsc#932348).
   - cpufreq: pcc: Enable autoload of pcc-cpufreq for ACPI processors
     (bsc#933117).
   - dmapi: fix value from newer Linux strnlen_user() (bsc#932897).
   - drm/i915/hsw: Fix workaround for server AUX channel clock divisor
     (bsc#935918).
   - drm/i915: Evict CS TLBs between batches (bsc#935918).
   - drm/i915: Fix DDC probe for passive adapters (bsc#935918).
   - drm/i915: Handle failure to kick out a conflicting fb driver
     (bsc#935918).
   - drm/i915: drop WaSetupGtModeTdRowDispatch:snb (bsc#935918).
   - drm/i915: save/restore GMBUS freq across suspend/resume on gen4
     (bsc#935918).
   - edd: support original Phoenix EDD 3.0 information (bsc#929974).
   - ext4: fix over-defensive complaint after journal abort (bsc#935174).
   - fs/cifs: Fix corrupt SMB2 ioctl requests (bsc#931124).
   - ftrace: add oco handling patch (bsc#924526).
   - ftrace: allow architectures to specify ftrace compile options
     (bsc#924526).
   - ftrace: let notrace function attribute disable hotpatching if necessary
     (bsc#924526).
   - hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES
     (bsc#930092).
   - hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bsc#930092).
   - hv: channel: match var type to return type of wait_for_completion.
   - hv: do not schedule new works in vmbus_onoffer()/vmbus_onoffer_rescind().
   - hv: hv_balloon: match var type to return type of wait_for_completion.
   - hv: hv_util: move vmbus_open() to a later place.
   - hv: hypervvssd: call endmntent before call setmntent again.
   - hv: no rmmod for hv_vmbus and hv_utils.
   - hv: remove the per-channel workqueue.
   - hv: run non-blocking message handlers in the dispatch tasklet.
   - hv: vmbus: missing curly braces in vmbus_process_offer().
   - hv: vmbus_free_channels(): remove the redundant free_channel().
   - hv: vmbus_open(): reset the channel state on ENOMEM.
   - hv: vmbus_post_msg: retry the hypercall on some transient errors.
   - hv_netvsc: Allocate the receive buffer from the correct NUMA node.
   - hv_netvsc: Allocate the sendbuf in a NUMA aware way.
   - hv_netvsc: Clean up two unused variables.
   - hv_netvsc: Cleanup the test for freeing skb when we use sendbuf
     mechanism.
   - hv_netvsc: Define a macro RNDIS_AND_PPI_SIZE.
   - hv_netvsc: Eliminate memory allocation in the packet send path.
   - hv_netvsc: Fix a bug in netvsc_start_xmit().
   - hv_netvsc: Fix the packet free when it is in skb headroom.
   - hv_netvsc: Implement batching in send buffer.
   - hv_netvsc: Implement partial copy into send buffer.
   - hv_netvsc: Use the xmit_more skb flag to optimize signaling the host.
   - hv_netvsc: change member name of struct netvsc_stats.
   - hv_netvsc: introduce netif-msg into netvsc module.
   - hv_netvsc: remove unused variable in netvsc_send().
   - hv_netvsc: remove vmbus_are_subchannels_present() in
     rndis_filter_device_add().
   - hv_netvsc: try linearizing big SKBs before dropping them.
   - hv_netvsc: use per_cpu stats to calculate TX/RX data.
   - hv_netvsc: use single existing drop path in netvsc_start_xmit.
   - hv_vmbus: Add gradually increased delay for retries in vmbus_post_msg().
   - hyperv: Implement netvsc_get_channels() ethool op.
   - hyperv: hyperv_fb: match wait_for_completion_timeout return type.
   - iommu/amd: Handle integer overflow in dma_ops_area_alloc (bsc#931538).
   - iommu/amd: Handle large pages correctly in free_pagetable (bsc#935881).
   - ipr: Increase default adapter init stage change timeout (bsc#930579).
   - ipv6: do not delete previously existing ECMP routes if add fails
     (bsc#930399).
   - ipv6: fix ECMP route replacement (bsc#930399).
   - jbd2: improve error messages for inconsistent journal heads (bsc#935174).
   - jbd2: revise KERN_EMERG error messages (bsc#935174).
   - kabi/severities: Add s390 symbols allowed to change in bsc#931860
   - kabi: only use sops->get_inode_dev with proper fsflag.
   - kernel: add panic_on_warn.
   - kexec: allocate the kexec control page with KEXEC_CONTROL_MEMORY_GFP
     (bsc#928131).
   - kgr: fix redirection on s390x arch (bsc#903279).
   - kgr: move kgr_task_in_progress() to sched.h.
   - kgr: send a fake signal to all blocking tasks.
   - kvm: irqchip: Break up high order allocations of kvm_irq_routing_table
     (bsc#926953).
   - libata: Blacklist queued TRIM on all Samsung 800-series (bsc#930599).
   - mei: bus: () can be static.
   - mm, thp: really limit transparent hugepage allocation to local node (VM
     Performance, bsc#931620).
   - mm, thp: respect MPOL_PREFERRED policy with non-local node (VM
     Performance, bsc#931620).
   - mm/mempolicy.c: merge alloc_hugepage_vma to alloc_pages_vma (VM
     Performance, bsc#931620).
   - mm/thp: allocate transparent hugepages on local node (VM Performance,
     bsc#931620).
   - net/mlx4_en: Call register_netdevice in the proper location (bsc#858727).
   - net/mlx4_en: Do not attempt to TX offload the outer UDP checksum for
     VXLAN (bsc#858727).
   - net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference
     (bsc#867362).
   - net: introduce netdev_alloc_pcpu_stats() for drivers.
   - net: ipv6: fib: do not sleep inside atomic lock (bsc#867362).
   - netdev: set __percpu attribute on netdev_alloc_pcpu_stats.
   - netdev_alloc_pcpu_stats: use less common iterator variable.
   - netfilter: xt_NFQUEUE: fix --queue-bypass regression (bsc#935083)
   - ovl: default permissions (bsc#924071).
   - ovl: move s_stack_depth .
   - powerpc/perf/hv-24x7: use kmem_cache instead of aligned stack
     allocations (bsc#931403).
   - powerpc/pseries: Correct cpu affinity for dlpar added cpus (bsc#932967).
   - powerpc: Add VM_FAULT_HWPOISON handling to powerpc page fault handler
     (bsc#929475).
   - powerpc: Fill in si_addr_lsb siginfo field (bsc#929475).
   - powerpc: Simplify do_sigbus (bsc#929475).
   - reiserfs: Fix use after free in journal teardown (bsc#927697).
   - rtlwifi: rtl8192cu: Fix kernel deadlock (bsc#927786).
   - s390/airq: add support for irq ranges (bsc#931860).
   - s390/airq: silence lockdep warning (bsc#931860).
   - s390/compat,signal: change return values to -EFAULT (bsc#929879).
   - s390/ftrace: hotpatch support for function tracing (bsc#924526).
   - s390/irq: improve displayed interrupt order in /proc/interrupts
     (bsc#931860).
   - s390/kernel: use stnsm 255 instead of stosm 0 (bsc#929879).
   - s390/kgr: reorganize kgr infrastructure in entry64.S.
   - s390/mm: align 64-bit PIE binaries to 4GB (bsc#929879).
   - s390/mm: limit STACK_RND_MASK for compat tasks (bsc#929879).
   - s390/rwlock: add missing local_irq_restore calls (bsc#929879).
   - s390/sclp_vt220: Fix kernel panic due to early terminal input
     (bsc#931860).
   - s390/smp: only send external call ipi if needed (bsc#929879).
   - s390/spinlock,rwlock: always to a load-and-test first (bsc#929879).
   - s390/spinlock: cleanup spinlock code (bsc#929879).
   - s390/spinlock: optimize spin_unlock code (bsc#929879).
   - s390/spinlock: optimize spinlock code sequence (bsc#929879).
   - s390/spinlock: refactor arch_spin_lock_wait[_flags] (bsc#929879).
   - s390/time: use stck clock fast for do_account_vtime (bsc#929879).
   - s390: Remove zfcpdump NR_CPUS dependency (bsc#929879).
   - s390: add z13 code generation support (bsc#929879).
   - s390: avoid z13 cache aliasing (bsc#929879).
   - s390: fix control register update (bsc#929879).
   - s390: optimize control register update (bsc#929879).
   - s390: z13 base performance (bsc#929879).
   - sched: fix __sched_setscheduler() vs load balancing race (bsc#921430)
   - scsi: retry MODE SENSE on unit attention (bsc#895814).
   - scsi_dh_alua: Recheck state on unit attention (bsc#895814).
   - scsi_dh_alua: fixup crash in alua_rtpg_work() (bsc#895814).
   - scsi_dh_alua: parse device id instead of target id (bsc#895814).
   - scsi_dh_alua: recheck RTPG in regular intervals (bsc#895814).
   - scsi_dh_alua: update all port states (bsc#895814).
   - sd: always retry READ CAPACITY for ALUA state transition (bsc#895814).
   - st: null pointer dereference panic caused by use after kref_put by
     st_open (bsc#936875).
   - supported.conf: add btrfs to kernel-$flavor-base (bsc#933637)
   - udf: Remove repeated loads blocksize (bsc#933907).
   - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub
     port reset (bsc#938024).
   - vTPM: set virtual device before passing to ibmvtpm_reset_crq
     (bsc#937087).
   - vfs: add super_operations->get_inode_dev (bsc#927455).
   - virtio-ccw: virtio-ccw adapter interrupt support (bsc#931860).
   - virtio-rng: do not crash if virtqueue is broken (bsc#931860).
   - virtio: fail adding buffer on broken queues (bsc#931860).
   - virtio: virtio_break_device() to mark all virtqueues broken (bsc#931860).
   - virtio_blk: verify if queue is broken after virtqueue_get_buf()
     (bsc#931860).
   - virtio_ccw: fix hang in set offline processing (bsc#931860).
   - virtio_ccw: fix vcdev pointer handling issues (bsc#931860).
   - virtio_ccw: introduce device_lost in virtio_ccw_device (bsc#931860).
   - virtio_net: do not crash if virtqueue is broken (bsc#931860).
   - virtio_net: verify if queue is broken after virtqueue_get_buf()
     (bsc#931860).
   - virtio_ring: adapt to notify() returning bool (bsc#931860).
   - virtio_ring: add new function virtqueue_is_broken() (bsc#931860).
   - virtio_ring: change host notification API (bsc#931860).
   - virtio_ring: let virtqueue_{kick()/notify()} return a bool (bsc#931860).
   - virtio_ring: plug kmemleak false positive (bsc#931860).
   - virtio_scsi: do not call virtqueue_add_sgs(... GFP_NOIO) holding
     spinlock (bsc#931860).
   - virtio_scsi: verify if queue is broken after virtqueue_get_buf()
     (bsc#931860).
   - vmxnet3: Bump up driver version number (bsc#936423).
   - vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423).
   - vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423).
   - vmxnet3: Register shutdown handler for device (fwd) (bug#936423).
   - x86/PCI: Use host bridge _CRS info on Foxconn K8M890-8237A (bsc#907092).
   - x86/PCI: Use host bridge _CRS info on systems with >32 bit addressing
     (bsc#907092).
   - x86/kgr: move kgr infrastructure from asm to C.
   - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032).
   - xfrm: release dst_orig in case of error in xfrm_lookup() (bsc#932793).
   - xfs: Skip dirty pages in ->releasepage (bsc#915183).
   - xfs: fix xfs_setattr for DMAPI (bsc#932900).
   - xfs_dmapi: fix transaction ilocks (bsc#932899).
   - xfs_dmapi: fix value from newer Linux strnlen_user() (bsc#932897).
   - xfs_dmapi: xfs_dm_rdwr() uses dir file ops not file's ops (bsc#932898).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12:

      zypper in -t patch SUSE-SLE-WE-12-2015-356=1

   - SUSE Linux Enterprise Software Development Kit 12:

      zypper in -t patch SUSE-SLE-SDK-12-2015-356=1

   - SUSE Linux Enterprise Server 12:

      zypper in -t patch SUSE-SLE-SERVER-12-2015-356=1

   - SUSE Linux Enterprise Module for Public Cloud 12:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-356=1

   - SUSE Linux Enterprise Live Patching 12:

      zypper in -t patch SUSE-SLE-Live-Patching-12-2015-356=1

   - SUSE Linux Enterprise Desktop 12:

      zypper in -t patch SUSE-SLE-DESKTOP-12-2015-356=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Workstation Extension 12 (x86_64):

      kernel-default-debuginfo-3.12.44-52.10.1
      kernel-default-debugsource-3.12.44-52.10.1
      kernel-default-extra-3.12.44-52.10.1
      kernel-default-extra-debuginfo-3.12.44-52.10.1

   - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):

      kernel-obs-build-3.12.44-52.10.1
      kernel-obs-build-debugsource-3.12.44-52.10.1

   - SUSE Linux Enterprise Software Development Kit 12 (noarch):

      kernel-docs-3.12.44-52.10.3

   - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):

      kernel-default-3.12.44-52.10.1
      kernel-default-base-3.12.44-52.10.1
      kernel-default-base-debuginfo-3.12.44-52.10.1
      kernel-default-debuginfo-3.12.44-52.10.1
      kernel-default-debugsource-3.12.44-52.10.1
      kernel-default-devel-3.12.44-52.10.1
      kernel-syms-3.12.44-52.10.1

   - SUSE Linux Enterprise Server 12 (x86_64):

      kernel-xen-3.12.44-52.10.1
      kernel-xen-base-3.12.44-52.10.1
      kernel-xen-base-debuginfo-3.12.44-52.10.1
      kernel-xen-debuginfo-3.12.44-52.10.1
      kernel-xen-debugsource-3.12.44-52.10.1
      kernel-xen-devel-3.12.44-52.10.1

   - SUSE Linux Enterprise Server 12 (noarch):

      kernel-devel-3.12.44-52.10.1
      kernel-macros-3.12.44-52.10.1
      kernel-source-3.12.44-52.10.1

   - SUSE Linux Enterprise Server 12 (s390x):

      kernel-default-man-3.12.44-52.10.1

   - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):

      kernel-ec2-3.12.44-52.10.1
      kernel-ec2-debuginfo-3.12.44-52.10.1
      kernel-ec2-debugsource-3.12.44-52.10.1
      kernel-ec2-devel-3.12.44-52.10.1
      kernel-ec2-extra-3.12.44-52.10.1
      kernel-ec2-extra-debuginfo-3.12.44-52.10.1

   - SUSE Linux Enterprise Live Patching 12 (x86_64):

      kgraft-patch-3_12_44-52_10-default-1-2.1
      kgraft-patch-3_12_44-52_10-xen-1-2.1

   - SUSE Linux Enterprise Desktop 12 (x86_64):

      kernel-default-3.12.44-52.10.1
      kernel-default-debuginfo-3.12.44-52.10.1
      kernel-default-debugsource-3.12.44-52.10.1
      kernel-default-devel-3.12.44-52.10.1
      kernel-default-extra-3.12.44-52.10.1
      kernel-default-extra-debuginfo-3.12.44-52.10.1
      kernel-syms-3.12.44-52.10.1
      kernel-xen-3.12.44-52.10.1
      kernel-xen-debuginfo-3.12.44-52.10.1
      kernel-xen-debugsource-3.12.44-52.10.1
      kernel-xen-devel-3.12.44-52.10.1

   - SUSE Linux Enterprise Desktop 12 (noarch):

      kernel-devel-3.12.44-52.10.1
      kernel-macros-3.12.44-52.10.1
      kernel-source-3.12.44-52.10.1


References:

   https://www.suse.com/security/cve/CVE-2014-9728.html
   https://www.suse.com/security/cve/CVE-2014-9729.html
   https://www.suse.com/security/cve/CVE-2014-9730.html
   https://www.suse.com/security/cve/CVE-2014-9731.html
   https://www.suse.com/security/cve/CVE-2015-1805.html
   https://www.suse.com/security/cve/CVE-2015-3212.html
   https://www.suse.com/security/cve/CVE-2015-4036.html
   https://www.suse.com/security/cve/CVE-2015-4167.html
   https://www.suse.com/security/cve/CVE-2015-4692.html
   https://www.suse.com/security/cve/CVE-2015-5364.html
   https://www.suse.com/security/cve/CVE-2015-5366.html
   https://bugzilla.suse.com/854817
   https://bugzilla.suse.com/854824
   https://bugzilla.suse.com/858727
   https://bugzilla.suse.com/866911
   https://bugzilla.suse.com/867362
   https://bugzilla.suse.com/895814
   https://bugzilla.suse.com/903279
   https://bugzilla.suse.com/907092
   https://bugzilla.suse.com/908491
   https://bugzilla.suse.com/915183
   https://bugzilla.suse.com/917630
   https://bugzilla.suse.com/918618
   https://bugzilla.suse.com/921430
   https://bugzilla.suse.com/924071
   https://bugzilla.suse.com/924526
   https://bugzilla.suse.com/926369
   https://bugzilla.suse.com/926953
   https://bugzilla.suse.com/927455
   https://bugzilla.suse.com/927697
   https://bugzilla.suse.com/927786
   https://bugzilla.suse.com/928131
   https://bugzilla.suse.com/929475
   https://bugzilla.suse.com/929696
   https://bugzilla.suse.com/929879
   https://bugzilla.suse.com/929974
   https://bugzilla.suse.com/930092
   https://bugzilla.suse.com/930399
   https://bugzilla.suse.com/930579
   https://bugzilla.suse.com/930599
   https://bugzilla.suse.com/930972
   https://bugzilla.suse.com/931124
   https://bugzilla.suse.com/931403
   https://bugzilla.suse.com/931538
   https://bugzilla.suse.com/931620
   https://bugzilla.suse.com/931860
   https://bugzilla.suse.com/931988
   https://bugzilla.suse.com/932348
   https://bugzilla.suse.com/932793
   https://bugzilla.suse.com/932897
   https://bugzilla.suse.com/932898
   https://bugzilla.suse.com/932899
   https://bugzilla.suse.com/932900
   https://bugzilla.suse.com/932967
   https://bugzilla.suse.com/933117
   https://bugzilla.suse.com/933429
   https://bugzilla.suse.com/933637
   https://bugzilla.suse.com/933896
   https://bugzilla.suse.com/933904
   https://bugzilla.suse.com/933907
   https://bugzilla.suse.com/934160
   https://bugzilla.suse.com/935083
   https://bugzilla.suse.com/935085
   https://bugzilla.suse.com/935088
   https://bugzilla.suse.com/935174
   https://bugzilla.suse.com/935542
   https://bugzilla.suse.com/935881
   https://bugzilla.suse.com/935918
   https://bugzilla.suse.com/936012
   https://bugzilla.suse.com/936423
   https://bugzilla.suse.com/936445
   https://bugzilla.suse.com/936446
   https://bugzilla.suse.com/936502
   https://bugzilla.suse.com/936556
   https://bugzilla.suse.com/936831
   https://bugzilla.suse.com/936875
   https://bugzilla.suse.com/937032
   https://bugzilla.suse.com/937087
   https://bugzilla.suse.com/937609
   https://bugzilla.suse.com/937612
   https://bugzilla.suse.com/937613
   https://bugzilla.suse.com/937616
   https://bugzilla.suse.com/938022
   https://bugzilla.suse.com/938023
   https://bugzilla.suse.com/938024



More information about the sle-security-updates mailing list