SUSE-SU-2015:2167-1: moderate: Security update for kernel-source-rt

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Dec 2 07:10:48 MST 2015


   SUSE Security Update: Security update for kernel-source-rt
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:2167-1
Rating:             moderate
References:         #777565 #867362 #873385 #883380 #884333 #886785 
                    #891116 #894936 #915517 #917968 #920016 #920110 
                    #920733 #923002 #923431 #924701 #925705 #925881 
                    #925903 #927355 #929076 #929142 #929143 #930092 
                    #930934 #931620 #932350 #933721 #935053 #935055 
                    #935572 #935705 #935866 #935906 #936077 #936095 
                    #936118 #936423 #936637 #936831 #936875 #936921 
                    #936925 #937032 #937256 #937402 #937444 #937503 
                    #937641 #937855 #938485 #939910 #939994 #940338 
                    #940398 #940925 #940966 #942204 #942305 #942350 
                    #942367 #942404 #942605 #942688 #942938 #943477 
                    
Cross-References:   CVE-2015-1420 CVE-2015-4700 CVE-2015-5364
                    CVE-2015-5366 CVE-2015-5697 CVE-2015-5707
                    CVE-2015-6252
Affected Products:
                    SUSE Linux Enterprise Real Time Extension 11-SP4
______________________________________________________________________________

   An update that solves 7 vulnerabilities and has 59 fixes is
   now available.

Description:

   The SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to version
   3.0.101.rt130-45.1 to receive various security and bugfixes.

   Following security bugs were fixed:
   * CVE-2015-6252: Possible file descriptor leak for each
     VHOST_SET_LOG_FDcommand issued, this could eventually wasting available
     system resources and creating a denial of service (bsc#942367).
   * CVE-2015-5707: Possible integer overflow in the calculation of total
     number of pages in bio_map_user_iov() (bsc#940338).
   * CVE-2015-5364: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in
     the Linux kernel before 4.0.6 do not properly consider yielding a
     processor, which allowed remote attackers to cause a denial of service
     (system hang) via incorrect checksums within a UDP packet flood
     (bnc#936831).
   * CVE-2015-5366: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in
     the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return
     values, which allowed remote attackers to cause a denial of service
     (EPOLLET epoll application read outage) via an incorrect checksum in a
     UDP packet, a different vulnerability than CVE-2015-5364 (bnc#936831).
   * CVE-2015-1420: Race condition in the handle_to_path function in
     fs/fhandle.c in the Linux kernel through 3.19.1 allowed local users to
     bypass intended size restrictions and trigger read operations on
     additional memory locations by changing the handle_bytes value of a file
     handle during the execution of this function (bnc#915517).
   * CVE-2015-4700: The bpf_int_jit_compile function in
     arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allowed
     local users to cause a denial of service (system crash) by creating a
     packet filter and then loading crafted BPF instructions that trigger
     late convergence by the JIT compiler (bnc#935705).
   * CVE-2015-5697: The get_bitmap_file function in drivers/md/md.c in the
     Linux kernel before 4.1.6 does not initialize a certain bitmap data
     structure, which allows local users to obtain sensitive information from
     kernel memory via a GET_BITMAP_FILE ioctl call. (bnc#939994)

   The following non-security bugs were fixed:
   - Btrfs: be aware of btree inode write errors to avoid fs corruption
     (bnc#942350).
   - Btrfs: be aware of btree inode write errors to avoid fs corruption
     (bnc#942404).
   - Btrfs: check if previous transaction aborted to avoid fs corruption
     (bnc#942350).
   - Btrfs: check if previous transaction aborted to avoid fs corruption
     (bnc#942404).
   - Btrfs: deal with convert_extent_bit errors to avoid fs corruption
     (bnc#942350).
   - Btrfs: deal with convert_extent_bit errors to avoid fs corruption
     (bnc#942404).
   - Btrfs: fix hang when failing to submit bio of directIO (bnc#942688).
   - Btrfs: fix memory corruption on failure to submit bio for direct IO
     (bnc#942688).
   - Btrfs: fix put dio bio twice when we submit dio bio fail (bnc#942688).
   - DRM/I915: Add enum hpd_pin to intel_encoder (bsc#942938).
   - DRM/i915: Convert HPD interrupts to make use of HPD pin assignment in
     encoders (v2) (bsc#942938).
   - DRM/i915: Get rid if the "hotplug_supported_mask" in struct
     drm_i915_private (bsc#942938).
   - DRM/i915: Remove i965_hpd_irq_setup (bsc#942938).
   - DRM/i915: Remove valleyview_hpd_irq_setup (bsc#942938).
   - CIFS: Fix missing crypto allocation (bnc#937402).
   - IB/core: Fix mismatch between locked and pinned pages (bnc#937855).
   - IB/iser: Add Discovery support (bsc#923002).
   - IB/iser: Move informational messages from error to info level
     (bsc#923002).
   - SCSI: Moved iscsi kabi patch to patches.kabi (bsc#923002)
   - SCSI: kabi: allow iscsi disocvery session support (bsc#923002).
   - SCSI: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398 bsc#930934).
   - SCSI: fix scsi_error_handler vs. scsi_host_dev_release race (bnc#942204).
   - SCSI: scsi_error: add missing case statements in
     scsi_decide_disposition() (bsc#920733).
   - SCSI: scsi_transport_iscsi: Exporting new attrs for iscsi session and
     connection in sysfs (bsc#923002).
   - NFSD: Fix nfsv4 opcode decoding error (bsc#935906).
   - NFSv4: Minor cleanups for nfs4_handle_exception and
     nfs4_async_handle_error (bsc#939910).
   - New patches: patches.fixes/hrtimer-Prevent-timer-interrupt-DoS.patch
   - PCI: Disable Bus Master only on kexec reboot (bsc#920110).
   - PCI: Disable Bus Master unconditionally in pci_device_shutdown()
     (bsc#920110).
   - PCI: Do not try to disable Bus Master on disconnected PCI devices
     (bsc#920110).
   - PCI: Lock down register access when trusted_kernel is true (bnc#884333,
     bsc#923431).
   - PCI: disable Bus Master on PCI device shutdown (bsc#920110).
   - Set hostbyte status in scsi_check_sense() (bsc#920733).
   - USB: xhci: Reset a halted endpoint immediately when we encounter a stall
     (bnc#933721).
   - USB: xhci: do not start a halted endpoint before its new dequeue is set
     (bnc#933721).
   - apparmor: fix file_permission if profile is updated (bsc#917968).
   - drm/cirrus: do not attempt to acquire a reservation while in an
     interrupt handler (bsc#935572).
   - drm/i915: (re)init HPD interrupt storm statistics (bsc#942938).
   - drm/i915: Add HPD IRQ storm detection (v5) (bsc#942938).
   - drm/i915: Add Reenable Timer to turn Hotplug Detection back on (v4)
     (bsc#942938).
   - drm/i915: Add bit field to record which pins have received HPD events
     (v3) (bsc#942938).
   - drm/i915: Add messages useful for HPD storm detection debugging (v2)
     (bsc#942938).
   - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt
     (bsc#942938).
   - drm/i915: Disable HPD interrupt on pin when irq storm is detected (v3)
     (bsc#942938).
   - drm/i915: Do not WARN nor handle unexpected hpd interrupts on gmch
     platforms (bsc#942938).
   - drm/i915: Enable hotplug interrupts after querying hw capabilities
     (bsc#942938).
   - drm/i915: Fix hotplug interrupt enabling for SDVOC (bsc#942938).
   - drm/i915: Fix up sdvo hpd pins for i965g/gm (bsc#942938).
   - drm/i915: Make hpd arrays big enough to avoid out of bounds access
     (bsc#942938).
   - drm/i915: Mask out the HPD irq bits before setting them individually
     (bsc#942938).
   - drm/i915: Only print hotplug event message when hotplug bit is set
     (bsc#942938).
   - drm/i915: Only reprobe display on encoder which has received an HPD
     event (v2) (bsc#942938).
   - drm/i915: Queue reenable timer also when enable_hotplug_processing is
     false (bsc#942938).
   - drm/i915: Remove pch_rq_mask from struct drm_i915_private (bsc#942938).
   - drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler()
     (bsc#942938).
   - drm/i915: WARN_ONCE() about unexpected interrupts for all chipsets
     (bsc#942938).
   - drm/i915: assert_spin_locked for pipestat interrupt enable/disable
     (bsc#942938).
   - drm/i915: clear crt hotplug compare voltage field before setting
     (bsc#942938).
   - drm/i915: close tiny race in the ilk pcu even interrupt setup
     (bsc#942938).
   - drm/i915: fix hotplug event bit tracking (bsc#942938).
   - drm/i915: fix hpd interrupt register locking (bsc#942938).
   - drm/i915: fix hpd work vs. flush_work in the pageflip code deadlock
     (bsc#942938).
   - drm/i915: fix locking around ironlake_enable|disable_display_irq
     (bsc#942938).
   - drm/i915: fold the hpd_irq_setup call into intel_hpd_irq_handler
     (bsc#942938).
   - drm/i915: fold the no-irq check into intel_hpd_irq_handler (bsc#942938).
   - drm/i915: fold the queue_work into intel_hpd_irq_handler (bsc#942938).
   - drm/i915: implement ibx_hpd_irq_setup (bsc#942938).
   - drm/i915: s/hotplug_irq_storm_detect/intel_hpd_irq_handler/ (bsc#942938).
   - drm: ast,cirrus,mgag200: use drm_can_sleep (bnc#883380, bsc#935572).
   - ehci-pci: enable interrupt on BayTrail (bnc926007).
   - exec: kill the unnecessary mm->def_flags setting in load_elf_binary()
     (bnc#891116).
   - ext3: Fix data corruption in inodes with journalled data (bsc#936637).
   - fanotify: Fix deadlock with permission events (bsc#935053).
   - fork: reset mm->pinned_vm (bnc#937855).
   - hrtimer: prevent timer interrupt DoS (bnc#886785).
   - hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES
     (bnc#930092).
   - hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092).
   - hv_storvsc: use small sg_tablesize on x86 (bnc#937256).
   - ibmveth: Add GRO support (bsc#935055).
   - ibmveth: Add support for Large Receive Offload (bsc#935055).
   - ibmveth: Add support for TSO (bsc#935055).
   - ibmveth: add support for TSO6.
   - ibmveth: change rx buffer default allocation for CMO (bsc#935055).
   - igb: do not reuse pages with pfmemalloc flag fix (bnc#920016).
   - inotify: Fix nested sleeps in inotify_read() (bsc#940925).
   - iommu/amd: Fix memory leak in free_pagetable (bsc#935866).
   - iommu/amd: Handle large pages correctly in free_pagetable (bsc#935866).
   - ipv6: probe routes asynchronous in rt6_probe (bsc#936118).
   - ixgbe: Use pci_vfs_assigned instead of ixgbe_vfs_are_assigned
     (bsc#927355).
   - kabi: patches.fixes/mm-make-page-pfmemalloc-check-more-robust.patch
     (bnc#920016).
   - kabi: wrapper include file with __GENKSYMS__ check to avoid kabi change
     (bsc920110).
   - kdump: fix crash_kexec()/smp_send_stop() race in panic() (bnc#937444).
   - kernel: do full redraw of the 3270 screen on reconnect (bnc#943477,
     LTC#129509).
   - libiscsi: Exporting new attrs for iscsi session and connection in sysfs
     (bsc#923002).
   - megaraid_sas: Use correct reset sequence in adp_reset() (bsc#894936).
   - megaraid_sas: Use correct reset sequence in adp_reset() (bsc#938485).
   - mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355).
   - mm, THP: do not hold mmap_sem in khugepaged when allocating THP (VM
     Performance).
   - mm, mempolicy: remove duplicate code (VM Functionality, bnc#931620).
   - mm, thp: fix collapsing of hugepages on madvise (VM Functionality).
   - mm, thp: only collapse hugepages to nodes with affinity for
     zone_reclaim_mode (VM Functionality, bnc#931620).
   - mm, thp: really limit transparent hugepage allocation to local node (VM
     Performance, bnc#931620).
   - mm, thp: respect MPOL_PREFERRED policy with non-local node (VM
     Performance, bnc#931620).
   - mm/hugetlb: check for pte NULL pointer in __page_check_address()
     (bnc#929143).
   - mm/mempolicy.c: merge alloc_hugepage_vma to alloc_pages_vma (VM
     Performance, bnc#931620).
   - mm/thp: allocate transparent hugepages on local node (VM Performance,
     bnc#931620).
   - mm: make page pfmemalloc check more robust (bnc#920016).
   - mm: restrict access to slab files under procfs and sysfs (bnc#936077).
   - mm: thp: khugepaged: add policy for finding target node (VM
     Functionality, bnc#931620).
   - net/mlx4_core: Do not disable SRIOV if there are active VFs (bsc#927355).
   - net: Fix "ip rule delete table 256" (bsc#873385).
   - net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference
     (bsc#867362).
   - net: ipv6: fib: do not sleep inside atomic lock (bsc#867362).
   - netfilter: nf_conntrack_proto_sctp: minimal multihoming support
     (bsc#932350).
   - nfsd: support disabling 64bit dir cookies (bnc#937503).
   - pagecache limit: Do not skip over small zones that easily (bnc#925881).
   - pagecache limit: add tracepoints (bnc#924701).
   - pagecache limit: export debugging counters via /proc/vmstat (bnc#924701).
   - pagecache limit: fix wrong nr_reclaimed count (bnc#924701).
   - pagecache limit: reduce starvation due to reclaim retries (bnc#925903).
   - pci: Add SRIOV helper function to determine if VFs are assigned to guest
     (bsc#927355).
   - pci: Add flag indicating device has been assigned by KVM (bnc#777565).
   - pci: Add flag indicating device has been assigned by KVM (bnc#777565).
   - perf, nmi: Fix unknown NMI warning (bsc#929142).
   - perf/x86/intel: Move NMI clearing to end of PMI handler (bsc#929142).
   - qlcnic: Fix NULL pointer dereference in qlcnic_hwmon_show_temp()
     (bsc#936095).
   - r8169: remember WOL preferences on driver load (bsc#942305).
   - s390/dasd: fix kernel panic when alias is set offline (bnc#940966,
     LTC#128595).
   - sg_start_req(): make sure that there's not too many elements in iovec
     (bsc#940338).
   - st: null pointer dereference panic caused by use after kref_put by
     st_open (bsc#936875).
   - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub
     port reset (bnc#937641).
   - usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb
     (bnc#933721).
   - usb: xhci: handle Config Error Change (CEC) in xhci driver (bnc#933721).
   - vmxnet3: Bump up driver version number (bsc#936423).
   - vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423).
   - vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423).
   - vmxnet3: Register shutdown handler for device (fwd) (bug#936423).
   - x86-64: Do not apply destructive erratum workaround on unaffected CPUs
     (bsc#929076).
   - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032).
   - x86/tsc: Change Fast TSC calibration failed from error to info
     (bnc#942605).
   - xfs: fix problem when using md+XFS under high load (bnc#925705).
   - xhci: Allocate correct amount of scratchpad buffers (bnc#933721).
   - xhci: Do not enable/disable RWE on bus suspend/resume (bnc#933721).
   - xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256
     (bnc#933721).
   - xhci: Treat not finding the event_seg on COMP_STOP the same as
     COMP_STOP_INVAL (bnc#933721).
   - xhci: Workaround for PME stuck issues in Intel xhci (bnc#933721).
   - xhci: do not report PLC when link is in internal resume state
     (bnc#933721).
   - xhci: fix reporting of 0-sized URBs in control endpoint (bnc#933721).
   - xhci: report U3 when link is in resume state (bnc#933721).
   - xhci: rework cycle bit checking for new dequeue pointers (bnc#933721).
   - zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936921,
     LTC#126491).
   - zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936925,
     LTC#126491).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Real Time Extension 11-SP4:

      zypper in -t patch slertesp4-kernel-rt-20150914-12238=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64):

      kernel-rt-3.0.101.rt130-45.1
      kernel-rt-base-3.0.101.rt130-45.1
      kernel-rt-devel-3.0.101.rt130-45.1
      kernel-rt_trace-3.0.101.rt130-45.1
      kernel-rt_trace-base-3.0.101.rt130-45.1
      kernel-rt_trace-devel-3.0.101.rt130-45.1
      kernel-source-rt-3.0.101.rt130-45.1
      kernel-syms-rt-3.0.101.rt130-45.1


References:

   https://www.suse.com/security/cve/CVE-2015-1420.html
   https://www.suse.com/security/cve/CVE-2015-4700.html
   https://www.suse.com/security/cve/CVE-2015-5364.html
   https://www.suse.com/security/cve/CVE-2015-5366.html
   https://www.suse.com/security/cve/CVE-2015-5697.html
   https://www.suse.com/security/cve/CVE-2015-5707.html
   https://www.suse.com/security/cve/CVE-2015-6252.html
   https://bugzilla.suse.com/777565
   https://bugzilla.suse.com/867362
   https://bugzilla.suse.com/873385
   https://bugzilla.suse.com/883380
   https://bugzilla.suse.com/884333
   https://bugzilla.suse.com/886785
   https://bugzilla.suse.com/891116
   https://bugzilla.suse.com/894936
   https://bugzilla.suse.com/915517
   https://bugzilla.suse.com/917968
   https://bugzilla.suse.com/920016
   https://bugzilla.suse.com/920110
   https://bugzilla.suse.com/920733
   https://bugzilla.suse.com/923002
   https://bugzilla.suse.com/923431
   https://bugzilla.suse.com/924701
   https://bugzilla.suse.com/925705
   https://bugzilla.suse.com/925881
   https://bugzilla.suse.com/925903
   https://bugzilla.suse.com/927355
   https://bugzilla.suse.com/929076
   https://bugzilla.suse.com/929142
   https://bugzilla.suse.com/929143
   https://bugzilla.suse.com/930092
   https://bugzilla.suse.com/930934
   https://bugzilla.suse.com/931620
   https://bugzilla.suse.com/932350
   https://bugzilla.suse.com/933721
   https://bugzilla.suse.com/935053
   https://bugzilla.suse.com/935055
   https://bugzilla.suse.com/935572
   https://bugzilla.suse.com/935705
   https://bugzilla.suse.com/935866
   https://bugzilla.suse.com/935906
   https://bugzilla.suse.com/936077
   https://bugzilla.suse.com/936095
   https://bugzilla.suse.com/936118
   https://bugzilla.suse.com/936423
   https://bugzilla.suse.com/936637
   https://bugzilla.suse.com/936831
   https://bugzilla.suse.com/936875
   https://bugzilla.suse.com/936921
   https://bugzilla.suse.com/936925
   https://bugzilla.suse.com/937032
   https://bugzilla.suse.com/937256
   https://bugzilla.suse.com/937402
   https://bugzilla.suse.com/937444
   https://bugzilla.suse.com/937503
   https://bugzilla.suse.com/937641
   https://bugzilla.suse.com/937855
   https://bugzilla.suse.com/938485
   https://bugzilla.suse.com/939910
   https://bugzilla.suse.com/939994
   https://bugzilla.suse.com/940338
   https://bugzilla.suse.com/940398
   https://bugzilla.suse.com/940925
   https://bugzilla.suse.com/940966
   https://bugzilla.suse.com/942204
   https://bugzilla.suse.com/942305
   https://bugzilla.suse.com/942350
   https://bugzilla.suse.com/942367
   https://bugzilla.suse.com/942404
   https://bugzilla.suse.com/942605
   https://bugzilla.suse.com/942688
   https://bugzilla.suse.com/942938
   https://bugzilla.suse.com/943477



More information about the sle-security-updates mailing list