SUSE-SU-2015:1224-1: important: Security update for the Linux Kernel

Fri Jul 10 08:08:14 MDT 2015

   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:1224-1
Rating:             important
References:         #915517 #919007 #922583 #923908 #927355 #929525 
                    #929647 #930786 #933429 #933896 #933904 #933907 
                    #935705 #936831 
Affected Products:
                    SUSE Linux Enterprise Server 11-SP3-TERADATA
______________________________________________________________________________

   An update that contains security fixes can now be installed.

Description:

   The SUSE Linux Enterprise 11 SP3 Teradata kernel was updated to fix the
   following bugs and security issues.

   The following security issues have been fixed:

   - Update patches.fixes/udp-fix-behavior-of-wrong-checksums.patch
     (bsc#936831, CVE-2015-5364, CVE-2015-5366).
   - Btrfs: make xattr replace operations atomic (bnc#923908, CVE-2014-9710).
   - udp: fix behavior of wrong checksums (bsc#936831, CVE-2015-5364,
     CVE-2015-5366).
   - vfs: read file_handle only once in handle_to_path (bsc#915517,
     CVE-2015-1420).
   - x86: bpf_jit: fix compilation of large bpf programs
     (bnc#935705,CVE-2015-4700).
   - udf: Check length of extended attributes and allocation (bsc#936831,
     CVE-2015-5364, CVE-2015-5366).
   - Update patches.fixes/udf-Check-component-length-before-reading-it.patch
     (bsc#933904, CVE-2014-9728, CVE-2014-9730).
   - Update patches.fixes/udf-Verify-i_size-when-loading-inode.patch
     (bsc#933904, CVE-2014-9728, CVE-2014-9729).
   - Update patches.fixes/udf-Verify-symlink-size-before-loading-it.patch
     (bsc#933904, CVE-2014-9728).
   - Update patches.fixes/udf-Check-path-length-when-reading-symlink.patch
     (bnc#933896, CVE-2014-9731).
   - pipe: fix iov overrun for failed atomic copy (bsc#933429, CVE-2015-1805).
   - ipv6: Don't reduce hop limit for an interface (bsc#922583,
     CVE-2015-2922).
   - net: llc: use correct size for sysctl timeout entries (bsc#919007,
     CVE-2015-2041).
   - ipv4: Missing sk_nulls_node_init() in ping_unhash() (bsc#929525,
     CVE-2015-3636).
   - ipv6: Don't reduce hop limit for an interface (bsc#922583,
     CVE-2015-2922).
   - net: llc: use correct size for sysctl timeout entries (bsc#919007,
     CVE-2015-2041).
   - ipv4: Missing sk_nulls_node_init() in ping_unhash() (bsc#929525,
     CVE-2015-3636).

   The following non-security issues have been fixed:

   - mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355).
   - ixgbe: Use pci_vfs_assigned instead of ixgbe_vfs_are_assigned
     (bsc#927355).
   - pci: Add SRIOV helper function to determine if VFs are assigned to guest
     (bsc#927355).
   - net/mlx4_core: Don't disable SRIOV if there are active VFs (bsc#927355).
   - udf: Remove repeated loads blocksize (bsc#933907).
   - Refresh patches.fixes/deal-with-deadlock-in-d_walk-fix.patch. based on
     3.2 stable fix 20defcec264c ("dcache: Fix locking bugs in backported
     "deal with deadlock in d_walk()""). Not harmfull for regular SLES
     kernels but RT or PREEMPT kernels would see disbalance.
   - sched: Fix potential near-infinite distribute_cfs_runtime() loop
     (bnc#930786)
   - tty: Correct tty buffer flush (bnc#929647).
   - tty: hold lock across tty buffer finding and buffer filling (bnc#929647).

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP3-TERADATA:

      zypper in -t patch slessp3-kernel-201507-2=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Server 11-SP3-TERADATA (x86_64):

      kernel-default-3.0.101-57.TDC.2
      kernel-default-base-3.0.101-57.TDC.2
      kernel-default-devel-3.0.101-57.TDC.2
      kernel-source-3.0.101-57.TDC.2
      kernel-syms-3.0.101-57.TDC.2
      kernel-trace-3.0.101-57.TDC.2
      kernel-trace-base-3.0.101-57.TDC.2
      kernel-trace-devel-3.0.101-57.TDC.2
      kernel-xen-3.0.101-57.TDC.2
      kernel-xen-base-3.0.101-57.TDC.2
      kernel-xen-devel-3.0.101-57.TDC.2

References:

   https://bugzilla.suse.com/915517
   https://bugzilla.suse.com/919007
   https://bugzilla.suse.com/922583
   https://bugzilla.suse.com/923908
   https://bugzilla.suse.com/927355
   https://bugzilla.suse.com/929525
   https://bugzilla.suse.com/929647
   https://bugzilla.suse.com/930786
   https://bugzilla.suse.com/933429
   https://bugzilla.suse.com/933896
   https://bugzilla.suse.com/933904
   https://bugzilla.suse.com/933907
   https://bugzilla.suse.com/935705
   https://bugzilla.suse.com/936831