SUSE-SU-2015:0529-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Mar 18 15:04:55 MDT 2015


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:0529-1
Rating:             important
References:         #799216 #800255 #860346 #875220 #877456 #884407 
                    #895805 #896484 #897736 #898687 #900270 #902286 
                    #902346 #902349 #903640 #904177 #904883 #904899 
                    #904901 #905100 #905304 #905329 #905482 #905783 
                    #906196 #907069 #908069 #908322 #908825 #908904 
                    #909829 #910322 #911326 #912202 #912654 #912705 
                    #913059 #914112 #914126 #914254 #914291 #914294 
                    #914300 #914457 #914464 #914726 #915188 #915322 
                    #915335 #915425 #915454 #915456 #915550 #915660 
                    #916107 #916513 #916646 #917089 #917128 #918161 
                    #918255 
Cross-References:   CVE-2014-3673 CVE-2014-3687 CVE-2014-7822
                    CVE-2014-7841 CVE-2014-8160 CVE-2014-8559
                    CVE-2014-9419 CVE-2014-9584
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 12
                    SUSE Linux Enterprise Software Development Kit 12
                    SUSE Linux Enterprise Server 12
                    SUSE Linux Enterprise Module for Public Cloud 12
                    SUSE Linux Enterprise Live Patching 12
                    SUSE Linux Enterprise Desktop 12
______________________________________________________________________________

   An update that solves 8 vulnerabilities and has 53 fixes is
   now available.

Description:


   The SUSE Linux Enterprise 12 kernel was updated to 3.12.38 to receive
   various security and bugfixes.

   This update contains the following feature enablements:
   - The remote block device (rbd) and ceph drivers have been enabled and are
     now supported. (FATE#318350) These can be used e.g. for accessing the
     SUSE Enterprise Storage product services.

   - Support for Intel Select Bay trail CPUs has been added. (FATE#316038)

   Following security issues were fixed:
   - CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c
     in the Linux kernel through 3.18.1 did not ensure that Thread Local
     Storage (TLS) descriptors were loaded before proceeding with other
     steps, which made it easier for local users to bypass the ASLR
     protection mechanism via a crafted application that reads a TLS base
     address (bnc#911326).

   - CVE-2014-7822: A flaw was found in the way the Linux kernels splice()
     system call validated its parameters. On certain file systems, a local,
     unprivileged user could have used this flaw to write past the maximum
     file size, and thus crash the system.

   - CVE-2014-8160: The connection tracking module could be bypassed if a
     specific protocol module was not loaded, e.g. allowing SCTP traffic
     while the firewall should have filtered it.

   - CVE-2014-9584: The parse_rock_ridge_inode_internal function in
     fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a
     length value in the Extensions Reference (ER) System Use Field, which
     allowed local users to obtain sensitive information from kernel memory
     via a crafted iso9660 image (bnc#912654).

   The following non-security bugs were fixed:
   - audit: Allow login in non-init namespaces (bnc#916107).
   - btrfs: avoid unnecessary switch of path locks to blocking mode.
   - btrfs: fix directory inconsistency after fsync log replay (bnc#915425).
   - btrfs: fix fsync log replay for inodes with a mix of regular refs and
     extrefs (bnc#915425).
   - btrfs: fix fsync race leading to ordered extent memory leaks
     (bnc#917128).
   - btrfs: fix fsync when extend references are added to an inode
     (bnc#915425).
   - btrfs: fix missing error handler if submiting re-read bio fails.
   - btrfs: fix race between transaction commit and empty block group removal
     (bnc#915550).
   - btrfs: fix scrub race leading to use-after-free (bnc#915456).
   - btrfs: fix setup_leaf_for_split() to avoid leaf corruption (bnc#915454).
   - btrfs: improve free space cache management and space allocation.
   - btrfs: make btrfs_search_forward return with nodes unlocked.
   - btrfs: scrub, fix sleep in atomic context (bnc#915456).
   - btrfs: unlock nodes earlier when inserting items in a btree.
   - drm/i915: On G45 enable cursor plane briefly after enabling the display
     plane (bnc#918161).
   - Fix Module.supported handling for external modules (bnc#905304).
   - keys: close race between key lookup and freeing (bnc#912202).
   - msi: also reject resource with flags all clear.
   - pci: Add ACS quirk for Emulex NICs (bug#917089).
   - pci: Add ACS quirk for Intel 10G NICs (bug#917089).
   - pci: Add ACS quirk for Solarflare SFC9120 & SFC9140 (bug#917089).
   - Refresh other Xen patches (bsc#909829).
   - Update
   patches.suse/btrfs-8177-improve-free-space-cache-management-and-space-.patc
     h (bnc#895805).
   - be2net: avoid flashing SH-B0 UFI image on SH-P2 chip (bug#908322).
   - be2net: refactor code that checks flash file compatibility (bug#908322).
   - ceph: Add necessary clean up if invalid reply received in handle_reply()
     (bsc#918255).
   - crush: CHOOSE_LEAF -> CHOOSELEAF throughout (bsc#918255).
   - crush: add SET_CHOOSE_TRIES rule step (bsc#918255).
   - crush: add note about r in recursive choose (bsc#918255).
   - crush: add set_choose_local_[fallback_]tries steps (bsc#918255).
   - crush: apply chooseleaf_tries to firstn mode too (bsc#918255).
   - crush: attempts -> tries (bsc#918255).
   - crush: clarify numrep vs endpos (bsc#918255).
   - crush: eliminate CRUSH_MAX_SET result size limitation (bsc#918255).
   - crush: factor out (trivial) crush_destroy_rule() (bsc#918255).
   - crush: fix crush_choose_firstn comment (bsc#918255).
   - crush: fix some comments (bsc#918255).
   - crush: generalize descend_once (bsc#918255).
   - crush: new SET_CHOOSE_LEAF_TRIES command (bsc#918255).
   - crush: pass parent r value for indep call (bsc#918255).
   - crush: pass weight vector size to map function (bsc#918255).
   - crush: reduce scope of some local variables (bsc#918255).
   - crush: return CRUSH_ITEM_UNDEF for failed placements with indep
     (bsc#918255).
   - crush: strip firstn conditionals out of crush_choose, rename
     (bsc#918255).
   - crush: use breadth-first search for indep mode (bsc#918255).
   - crypto: drbg - panic on continuous self test error (bsc#905482).
   - dasd: List corruption in error recovery (bnc#914291, LTC#120865).
   - epoll: optimize setting task running after blocking (epoll-performance).
   - fips: We need to activate gcm(aes) in FIPS mode, RFCs 4106 and 4543
     (bsc#914126,bsc#914457).
   - fips: __driver-gcm-aes-aesni needs to be listed explicitly inside the
     testmgr.c file (bsc#914457).
   - flow_dissector: add tipc support (bnc#916513).
   - hotplug, powerpc, x86: Remove cpu_hotplug_driver_lock() (bsc#907069).
   - hyperv: Add support for vNIC hot removal.
   - kernel: incorrect clock_gettime result (bnc#914291, LTC#121184).
   - kvm: iommu: Add cond_resched to legacy device assignment code
     (bsc#898687).
   - libceph: CEPH_OSD_FLAG_* enum update (bsc#918255).
   - libceph: add ceph_kv{malloc,free}() and switch to them (bsc#918255).
   - libceph: add ceph_pg_pool_by_id() (bsc#918255).
   - libceph: all features fields must be u64 (bsc#918255).
   - libceph: dout() is missing a newline (bsc#918255).
   - libceph: factor out logic from ceph_osdc_start_request() (bsc#918255).
   - libceph: fix error handling in ceph_osdc_init() (bsc#918255).
   - libceph: follow redirect replies from osds (bsc#918255).
   - libceph: follow {read,write}_tier fields on osd request submission
     (bsc#918255).
   - libceph: introduce and start using oid abstraction (bsc#918255).
   - libceph: rename MAX_OBJ_NAME_SIZE to CEPH_MAX_OID_NAME_LEN (bsc#918255).
   - libceph: rename ceph_osd_request::r_{oloc,oid} to r_base_{oloc,oid}
     (bsc#918255).
   - libceph: replace ceph_calc_ceph_pg() with ceph_oloc_oid_to_pg()
     (bsc#918255).
   - libceph: start using oloc abstraction (bsc#918255).
   - libceph: take map_sem for read in handle_reply() (bsc#918255).
   - libceph: update ceph_features.h (bsc#918255).
   - libceph: use CEPH_MON_PORT when the specified port is 0 (bsc#918255).
   - locking/mutex: Explicitly mark task as running after wakeup (mutex
     scalability).
   - locking/osq: No need for load/acquire when acquire-polling (mutex
     scalability).
   - locking/rtmutex: Optimize setting task running after being blocked
     (mutex scalability).
   - mm/compaction: fix wrong order check in compact_finished() (VM
     Performance, bnc#904177).
   - mm/compaction: stop the isolation when we isolate enough freepage (VM
     Performance, bnc#904177).
   - mm: fix negative nr_isolated counts (VM Performance).
   - mutex-debug: Always clear owner field upon mutex_unlock() (mutex bugfix).
   - net: 8021q/bluetooth/bridge/can/ceph: Remove extern from function
     prototypes (bsc#918255).
   - net: allow macvlans to move to net namespace (bnc#915660).
   - net:socket: set msg_namelen to 0 if msg_name is passed as NULL in msghdr
     struct from userland (bnc#900270).
   - nfs_prime_dcache needs fh to be set (bnc#908069 bnc#896484).
   - ocfs2: remove filesize checks for sync I/O journal commit (bnc#800255).
     Update references.
   - powerpc/xmon: Fix another endiannes issue in RTAS call from xmon
     (bsc#915188).
   - pvscsi: support suspend/resume (bsc#902286).
   - random: account for entropy loss due to overwrites
     (bsc#904883,bsc#904901).
   - random: allow fractional bits to be tracked (bsc#904883,bsc#904901).
   - random: statically compute poolbitshift, poolbytes, poolbits
     (bsc#904883,bsc#904901).
   - rbd: add "^A" sysfs rbd device attribute (bsc#918255).
   - rbd: add support for single-major device number allocation scheme
     (bsc#918255).
   - rbd: enable extended devt in single-major mode (bsc#918255).
   - rbd: introduce rbd_dev_header_unwatch_sync() and switch to it
     (bsc#918255).
   - rbd: rbd_device::dev_id is an int, format it as such (bsc#918255).
   - rbd: refactor rbd_init() a bit (bsc#918255).
   - rbd: switch to ida for rbd id assignments (bsc#918255).
   - rbd: tear down watch request if rbd_dev_device_setup() fails
     (bsc#918255).
   - rbd: tweak "loaded" message and module description (bsc#918255).
   - rbd: wire up is_visible() sysfs callback for rbd bus (bsc#918255).
   - rpm/kernel-binary.spec.in: Own the modules directory in the devel
     package (bnc#910322)
   - s390/dasd: fix infinite loop during format (bnc#914291, LTC#120608).
   - s390/dasd: remove unused code (bnc#914291, LTC#120608).
   - sched/Documentation: Remove unneeded word (mutex scalability).
   - sched/completion: Add lock-free checking of the blocking case (scheduler
     scalability).
   - scsifront: avoid acquiring same lock twice if ring is full.
   - scsifront: do not use bitfields for indicators modified under different
     locks.
   - swiotlb: Warn on allocation failure in swiotlb_alloc_coherent
     (bsc#905783).
   - uas: Add NO_ATA_1X for VIA VL711 devices (bnc#914254).
   - uas: Add US_FL_NO_ATA_1X for 2 more Seagate disk enclosures (bnc#914254).
   - uas: Add US_FL_NO_ATA_1X for Seagate devices with usb-id 0bc2:a013
     (bnc#914254).
   - uas: Add US_FL_NO_ATA_1X quirk for 1 more Seagate model (bnc#914254).
   - uas: Add US_FL_NO_ATA_1X quirk for 2 more Seagate models (bnc#914254).
   - uas: Add US_FL_NO_ATA_1X quirk for Seagate (0bc2:ab20) drives
     (bnc#914254).
   - uas: Add a quirk for rejecting ATA_12 and ATA_16 commands (bnc#914254).
   - uas: Add missing le16_to_cpu calls to asm1051 / asm1053 usb-id check
     (bnc#914294).
   - uas: Add no-report-opcodes quirk (bnc#914254).
   - uas: Disable uas on ASM1051 devices (bnc#914294).
   - uas: Do not blacklist ASM1153 disk enclosures (bnc#914294).
   - uas: Use streams on upcoming 10Gbps / 3.1 USB (bnc#914464).
   - uas: disable UAS on Apricorn SATA dongles (bnc#914300).
   - usb-storage: support for more than 8 LUNs (bsc#906196).
   - x86, crash: Allocate enough low-mem when crashkernel=high (bsc#905783).
   - x86, crash: Allocate enough low-mem when crashkernel=high (bsc#905783).
   - x86, swiotlb: Try coherent allocations with __GFP_NOWARN (bsc#905783).
   - x86/hpet: Make boot_hpet_disable extern (bnc#916646).
   - x86/intel: Add quirk to disable HPET for the Baytrail platform
     (bnc#916646).
   - x86: irq: Check for valid irq descriptor
     incheck_irq_vectors_for_cpu_disable (bnc#914726).
   - x86: irq: Check for valid irq descriptor in
     check_irq_vectors_for_cpu_disable (bnc#914726).
   - xhci: Add broken-streams quirk for Fresco Logic FL1000G xhci controllers
     (bnc#914112).
   - zcrypt: Number of supported ap domains is not retrievable (bnc#914291,
     LTC#120788).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12:

      zypper in -t patch SUSE-SLE-WE-12-2015-130=1

   - SUSE Linux Enterprise Software Development Kit 12:

      zypper in -t patch SUSE-SLE-SDK-12-2015-130=1

   - SUSE Linux Enterprise Server 12:

      zypper in -t patch SUSE-SLE-SERVER-12-2015-130=1

   - SUSE Linux Enterprise Module for Public Cloud 12:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-130=1

   - SUSE Linux Enterprise Live Patching 12:

      zypper in -t patch SUSE-SLE-Live-Patching-12-2015-130=1

   - SUSE Linux Enterprise Desktop 12:

      zypper in -t patch SUSE-SLE-DESKTOP-12-2015-130=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Workstation Extension 12 (x86_64):

      kernel-default-debuginfo-3.12.38-44.1
      kernel-default-debugsource-3.12.38-44.1
      kernel-default-extra-3.12.38-44.1
      kernel-default-extra-debuginfo-3.12.38-44.1

   - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):

      kernel-obs-build-3.12.38-44.1
      kernel-obs-build-debugsource-3.12.38-44.1

   - SUSE Linux Enterprise Software Development Kit 12 (noarch):

      kernel-docs-3.12.38-44.5

   - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):

      kernel-default-3.12.38-44.1
      kernel-default-base-3.12.38-44.1
      kernel-default-base-debuginfo-3.12.38-44.1
      kernel-default-debuginfo-3.12.38-44.1
      kernel-default-debugsource-3.12.38-44.1
      kernel-default-devel-3.12.38-44.1
      kernel-syms-3.12.38-44.1

   - SUSE Linux Enterprise Server 12 (x86_64):

      kernel-xen-3.12.38-44.1
      kernel-xen-base-3.12.38-44.1
      kernel-xen-base-debuginfo-3.12.38-44.1
      kernel-xen-debuginfo-3.12.38-44.1
      kernel-xen-debugsource-3.12.38-44.1
      kernel-xen-devel-3.12.38-44.1

   - SUSE Linux Enterprise Server 12 (noarch):

      kernel-devel-3.12.38-44.1
      kernel-macros-3.12.38-44.1
      kernel-source-3.12.38-44.1

   - SUSE Linux Enterprise Server 12 (s390x):

      kernel-default-man-3.12.38-44.1

   - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):

      kernel-ec2-3.12.38-44.1
      kernel-ec2-debuginfo-3.12.38-44.1
      kernel-ec2-debugsource-3.12.38-44.1
      kernel-ec2-devel-3.12.38-44.1
      kernel-ec2-extra-3.12.38-44.1
      kernel-ec2-extra-debuginfo-3.12.38-44.1

   - SUSE Linux Enterprise Live Patching 12 (x86_64):

      kgraft-patch-3_12_38-44-default-1-2.2
      kgraft-patch-3_12_38-44-xen-1-2.2

   - SUSE Linux Enterprise Desktop 12 (x86_64):

      kernel-default-3.12.38-44.1
      kernel-default-debuginfo-3.12.38-44.1
      kernel-default-debugsource-3.12.38-44.1
      kernel-default-devel-3.12.38-44.1
      kernel-default-extra-3.12.38-44.1
      kernel-default-extra-debuginfo-3.12.38-44.1
      kernel-syms-3.12.38-44.1
      kernel-xen-3.12.38-44.1
      kernel-xen-debuginfo-3.12.38-44.1
      kernel-xen-debugsource-3.12.38-44.1
      kernel-xen-devel-3.12.38-44.1

   - SUSE Linux Enterprise Desktop 12 (noarch):

      kernel-devel-3.12.38-44.1
      kernel-macros-3.12.38-44.1
      kernel-source-3.12.38-44.1


References:

   http://support.novell.com/security/cve/CVE-2014-3673.html
   http://support.novell.com/security/cve/CVE-2014-3687.html
   http://support.novell.com/security/cve/CVE-2014-7822.html
   http://support.novell.com/security/cve/CVE-2014-7841.html
   http://support.novell.com/security/cve/CVE-2014-8160.html
   http://support.novell.com/security/cve/CVE-2014-8559.html
   http://support.novell.com/security/cve/CVE-2014-9419.html
   http://support.novell.com/security/cve/CVE-2014-9584.html
   https://bugzilla.suse.com/799216
   https://bugzilla.suse.com/800255
   https://bugzilla.suse.com/860346
   https://bugzilla.suse.com/875220
   https://bugzilla.suse.com/877456
   https://bugzilla.suse.com/884407
   https://bugzilla.suse.com/895805
   https://bugzilla.suse.com/896484
   https://bugzilla.suse.com/897736
   https://bugzilla.suse.com/898687
   https://bugzilla.suse.com/900270
   https://bugzilla.suse.com/902286
   https://bugzilla.suse.com/902346
   https://bugzilla.suse.com/902349
   https://bugzilla.suse.com/903640
   https://bugzilla.suse.com/904177
   https://bugzilla.suse.com/904883
   https://bugzilla.suse.com/904899
   https://bugzilla.suse.com/904901
   https://bugzilla.suse.com/905100
   https://bugzilla.suse.com/905304
   https://bugzilla.suse.com/905329
   https://bugzilla.suse.com/905482
   https://bugzilla.suse.com/905783
   https://bugzilla.suse.com/906196
   https://bugzilla.suse.com/907069
   https://bugzilla.suse.com/908069
   https://bugzilla.suse.com/908322
   https://bugzilla.suse.com/908825
   https://bugzilla.suse.com/908904
   https://bugzilla.suse.com/909829
   https://bugzilla.suse.com/910322
   https://bugzilla.suse.com/911326
   https://bugzilla.suse.com/912202
   https://bugzilla.suse.com/912654
   https://bugzilla.suse.com/912705
   https://bugzilla.suse.com/913059
   https://bugzilla.suse.com/914112
   https://bugzilla.suse.com/914126
   https://bugzilla.suse.com/914254
   https://bugzilla.suse.com/914291
   https://bugzilla.suse.com/914294
   https://bugzilla.suse.com/914300
   https://bugzilla.suse.com/914457
   https://bugzilla.suse.com/914464
   https://bugzilla.suse.com/914726
   https://bugzilla.suse.com/915188
   https://bugzilla.suse.com/915322
   https://bugzilla.suse.com/915335
   https://bugzilla.suse.com/915425
   https://bugzilla.suse.com/915454
   https://bugzilla.suse.com/915456
   https://bugzilla.suse.com/915550
   https://bugzilla.suse.com/915660
   https://bugzilla.suse.com/916107
   https://bugzilla.suse.com/916513
   https://bugzilla.suse.com/916646
   https://bugzilla.suse.com/917089
   https://bugzilla.suse.com/917128
   https://bugzilla.suse.com/918161
   https://bugzilla.suse.com/918255



More information about the sle-security-updates mailing list