SUSE-SU-2015:1592-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Sep 22 02:09:39 MDT 2015


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:1592-1
Rating:             important
References:         #851068 #867362 #873385 #883380 #886785 #894936 
                    #915517 #917830 #919463 #920110 #920250 #920733 
                    #921430 #923245 #924701 #925705 #925881 #925903 
                    #926240 #926953 #927355 #927786 #929142 #929143 
                    #930092 #930761 #930934 #931538 #932348 #932458 
                    #933429 #933896 #933904 #933907 #933936 #934742 
                    #934944 #935053 #935572 #935705 #935866 #935906 
                    #936077 #936423 #936637 #936831 #936875 #936925 
                    #937032 #937402 #937444 #937503 #937641 #937855 
                    #939910 #939994 #940338 #940398 #942350 
Cross-References:   CVE-2014-9728 CVE-2014-9729 CVE-2014-9730
                    CVE-2014-9731 CVE-2015-0777 CVE-2015-1420
                    CVE-2015-1805 CVE-2015-2150 CVE-2015-2830
                    CVE-2015-4167 CVE-2015-4700 CVE-2015-5364
                    CVE-2015-5366 CVE-2015-5707
Affected Products:
                    SUSE Linux Enterprise Real Time Extension 11-SP3
                    SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

   An update that solves 14 vulnerabilities and has 45 fixes
   is now available.

Description:


   The SUSE Linux Enterprise 11 SP3 Realtime kernel was updated to receive
   various security and bugfixes.

   The following feature was added for RT:
   - FATE#317131: The SocketCAN (Peak PCI) driver was added for CAN bus
     support.

   Following security bugs were fixed:

   - CVE-2015-5707: An integer overflow in the SCSI generic driver could be
     potentially used by local attackers to crash the kernel or execute code
     (bsc#940338).
   - CVE-2015-5364: A remote denial of service (hang) via UDP flood with
     incorrect package checksums was fixed. (bsc#936831).
   - CVE-2015-5366: A remote denial of service (unexpected error returns) via
     UDP flood with incorrect package checksums was fixed. (bsc#936831).
   - CVE-2015-1420: A race condition in the handle_to_path function in
     fs/fhandle.c in the Linux kernel allowed local users to bypass intended
     size restrictions and trigger read operations on additional memory
     locations by changing the handle_bytes value of a file handle during the
     execution of this function (bnc#915517).
   - CVE-2015-4700: A local user could have created a bad instruction in the
     JIT processed BPF code, leading to a kernel crash (bnc#935705).
   - CVE-2015-4167: The UDF filesystem in the Linux kernel was vulnerable to
     a crash which could occur while fetching inode information from a
     corrupted/malicious udf file system image. (bsc#933907).
   - CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731: Various issues
     in handling UDF filesystems in the Linux kernel allowed the corruption
     of kernel memory and other issues. An attacker able to mount a
     corrupted/malicious UDF file system image could cause the kernel to
     crash. (bsc#933904 bsc#933896)
   - CVE-2015-2150: The Linux kernel did not properly restrict access to PCI
     command registers, which might have allowed local guest users to cause a
     denial of service (non-maskable interrupt and host crash) by disabling
     the (1) memory or (2) I/O decoding for a PCI Express device and then
     accessing the device, which triggers an Unsupported Request (UR)
     response (bsc#919463).
   - CVE-2015-0777: drivers/xen/usbback/usbback.c as used in the Linux kernel
     2.6.x and 3.x in SUSE Linux distributions, allowed guest OS users to
     obtain sensitive information from uninitialized locations in host OS
     kernel memory via unspecified vectors (bnc#917830).
   - CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel did not
     prevent the TS_COMPAT flag from reaching a user-mode task, which might
     have allowed local users to bypass the seccomp or audit protection
     mechanism via a crafted application that uses the (1) fork or (2) close
     system call, as demonstrated by an attack against seccomp before 3.16
     (bnc#926240).
   - CVE-2015-1805: The Linux kernels implementation of vectored pipe read
     and write functionality did not take into account the I/O vectors that
     were already processed when retrying after a failed atomic access
     operation, potentially resulting in memory corruption due to an I/O
      vector array overrun. A local, unprivileged user could use this flaw to
      crash the system or, potentially, escalate their privileges on the
      system. (bsc#933429).


   Also the following non-security bugs were fixed:
   - audit: keep inode pinned (bsc#851068).
   - btrfs: be aware of btree inode write errors to avoid fs corruption
     (bnc#942350).
   - btrfs: check if previous transaction aborted to avoid fs corruption
     (bnc#942350).
   - btrfs: deal with convert_extent_bit errors to avoid fs corruption
     (bnc#942350).
   - cifs: Fix missing crypto allocation (bnc#937402).
   - client MUST ignore EncryptionKeyLength if CAP_EXTENDED_SECURITY is set
     (bnc#932348).
   - drm: ast,cirrus,mgag200: use drm_can_sleep (bnc#883380, bsc#935572).
   - drm/cirrus: do not attempt to acquire a reservation while in an
     interrupt handler (bsc#935572).
   - drm/mgag200: do not attempt to acquire a reservation while in an
     interrupt handler (bsc#935572).
   - drm/mgag200: Do not do full cleanup if mgag200_device_init fails.
   - ext3: Fix data corruption in inodes with journalled data (bsc#936637)
   - ext4: handle SEEK_HOLE/SEEK_DATA generically (bsc#934944).
   - fanotify: Fix deadlock with permission events (bsc#935053).
   - fork: reset mm->pinned_vm (bnc#937855).
   - hrtimer: prevent timer interrupt DoS (bnc#886785).
   - hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092).
   - hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES
     (bnc#930092).
   - IB/core: Fix mismatch between locked and pinned pages (bnc#937855).
   - iommu/amd: Fix memory leak in free_pagetable (bsc#935866).
   - iommu/amd: Handle integer overflow in dma_ops_area_alloc (bsc#931538).
   - iommu/amd: Handle large pages correctly in free_pagetable (bsc#935866).
   - ipr: Increase default adapter init stage change timeout (bsc#930761).
   - ixgbe: Use pci_vfs_assigned instead of ixgbe_vfs_are_assigned
     (bsc#927355).
   - kdump: fix crash_kexec()/smp_send_stop() race in panic() (bnc#937444).
   - kernel: add panic_on_warn. (bsc#934742)
   - kvm: irqchip: Break up high order allocations of kvm_irq_routing_table
     (bnc#926953).
   - libata: prevent HSM state change race between ISR and PIO (bsc#923245).
   - md: use kzalloc() when bitmap is disabled (bsc#939994).
   - megaraid_sas: Use correct reset sequence in adp_reset() (bsc#894936).
   - mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355).
   - mm/hugetlb: check for pte NULL pointer in __page_check_address()
     (bnc#929143).
   - mm: restrict access to slab files under procfs and sysfs (bnc#936077).
   - net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference
     (bsc#867362).
   - net: Fix "ip rule delete table 256" (bsc#873385).
   - net: ipv6: fib: do not sleep inside atomic lock (bsc#867362).
   - net/mlx4_core: Do not disable SRIOV if there are active VFs (bsc#927355).
   - nfsd: Fix nfsv4 opcode decoding error (bsc#935906).
   - nfsd: support disabling 64bit dir cookies (bnc#937503).
   - nfs: never queue requests with rq_cong set on the sending queue
     (bsc#932458).
   - nfsv4: Minor cleanups for nfs4_handle_exception and
     nfs4_async_handle_error (bsc#939910).
   - pagecache limit: add tracepoints (bnc#924701).
   - pagecache limit: Do not skip over small zones that easily (bnc#925881).
   - pagecache limit: export debugging counters via /proc/vmstat (bnc#924701).
   - pagecache limit: fix wrong nr_reclaimed count (bnc#924701).
   - pagecache limit: reduce starvation due to reclaim retries (bnc#925903).
   - pci: Add SRIOV helper function to determine if VFs are assigned to guest
     (bsc#927355).
   - pci: Disable Bus Master only on kexec reboot (bsc#920110).
   - pci: disable Bus Master on PCI device shutdown (bsc#920110).
   - pci: Disable Bus Master unconditionally in pci_device_shutdown()
     (bsc#920110).
   - pci: Don't try to disable Bus Master on disconnected PCI devices
     (bsc#920110).
   - perf, nmi: Fix unknown NMI warning (bsc#929142).
   - perf/x86/intel: Move NMI clearing to end of PMI handler  (bsc#929142).
   - rtlwifi: rtl8192cu: Fix kernel deadlock (bnc#927786).
   - sched: fix __sched_setscheduler() vs load balancing race (bnc#921430)
   - scsi_error: add missing case statements in scsi_decide_disposition()
     (bsc#920733).
   - scsi: Set hostbyte status in scsi_check_sense() (bsc#920733).
   - scsi: set host msg status correctly (bnc#933936)
   - scsi: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398 bsc#930934).
   - st: null pointer dereference panic caused by use after kref_put by
     st_open (bsc#936875).
   - udf: Remove repeated loads blocksize (bsc#933907).
   - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub
     port reset (bnc#937641).
   - vmxnet3: Bump up driver version number (bsc#936423).
   - vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423).
   - vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423).
   - vmxnet3: Register shutdown handler for device (fwd) (bug#936423).
   - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032).
   - x86, tls: Interpret an all-zero struct user_desc as "no segment"
     (bsc#920250).
   - x86, tls, ldt: Stop checking lm in LDT_empty (bsc#920250).
   - xenbus: add proper handling of XS_ERROR from Xenbus for transactions.
   - xfs: avoid mounting of xfs filesystems with inconsistent option
     (bnc#925705)
   - zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936925,
     LTC#126491).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Real Time Extension 11-SP3:

      zypper in -t patch slertesp3-kernel-rt-201509-12099=1

   - SUSE Linux Enterprise Debuginfo 11-SP3:

      zypper in -t patch dbgsp3-kernel-rt-201509-12099=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Real Time Extension 11-SP3 (x86_64):

      kernel-rt-3.0.101.rt130-0.33.40.1
      kernel-rt-base-3.0.101.rt130-0.33.40.1
      kernel-rt-devel-3.0.101.rt130-0.33.40.1
      kernel-rt_trace-3.0.101.rt130-0.33.40.1
      kernel-rt_trace-base-3.0.101.rt130-0.33.40.1
      kernel-rt_trace-devel-3.0.101.rt130-0.33.40.1
      kernel-source-rt-3.0.101.rt130-0.33.40.1
      kernel-syms-rt-3.0.101.rt130-0.33.40.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64):

      kernel-rt-debuginfo-3.0.101.rt130-0.33.40.1
      kernel-rt-debugsource-3.0.101.rt130-0.33.40.1
      kernel-rt_trace-debuginfo-3.0.101.rt130-0.33.40.1
      kernel-rt_trace-debugsource-3.0.101.rt130-0.33.40.1


References:

   https://www.suse.com/security/cve/CVE-2014-9728.html
   https://www.suse.com/security/cve/CVE-2014-9729.html
   https://www.suse.com/security/cve/CVE-2014-9730.html
   https://www.suse.com/security/cve/CVE-2014-9731.html
   https://www.suse.com/security/cve/CVE-2015-0777.html
   https://www.suse.com/security/cve/CVE-2015-1420.html
   https://www.suse.com/security/cve/CVE-2015-1805.html
   https://www.suse.com/security/cve/CVE-2015-2150.html
   https://www.suse.com/security/cve/CVE-2015-2830.html
   https://www.suse.com/security/cve/CVE-2015-4167.html
   https://www.suse.com/security/cve/CVE-2015-4700.html
   https://www.suse.com/security/cve/CVE-2015-5364.html
   https://www.suse.com/security/cve/CVE-2015-5366.html
   https://www.suse.com/security/cve/CVE-2015-5707.html
   https://bugzilla.suse.com/851068
   https://bugzilla.suse.com/867362
   https://bugzilla.suse.com/873385
   https://bugzilla.suse.com/883380
   https://bugzilla.suse.com/886785
   https://bugzilla.suse.com/894936
   https://bugzilla.suse.com/915517
   https://bugzilla.suse.com/917830
   https://bugzilla.suse.com/919463
   https://bugzilla.suse.com/920110
   https://bugzilla.suse.com/920250
   https://bugzilla.suse.com/920733
   https://bugzilla.suse.com/921430
   https://bugzilla.suse.com/923245
   https://bugzilla.suse.com/924701
   https://bugzilla.suse.com/925705
   https://bugzilla.suse.com/925881
   https://bugzilla.suse.com/925903
   https://bugzilla.suse.com/926240
   https://bugzilla.suse.com/926953
   https://bugzilla.suse.com/927355
   https://bugzilla.suse.com/927786
   https://bugzilla.suse.com/929142
   https://bugzilla.suse.com/929143
   https://bugzilla.suse.com/930092
   https://bugzilla.suse.com/930761
   https://bugzilla.suse.com/930934
   https://bugzilla.suse.com/931538
   https://bugzilla.suse.com/932348
   https://bugzilla.suse.com/932458
   https://bugzilla.suse.com/933429
   https://bugzilla.suse.com/933896
   https://bugzilla.suse.com/933904
   https://bugzilla.suse.com/933907
   https://bugzilla.suse.com/933936
   https://bugzilla.suse.com/934742
   https://bugzilla.suse.com/934944
   https://bugzilla.suse.com/935053
   https://bugzilla.suse.com/935572
   https://bugzilla.suse.com/935705
   https://bugzilla.suse.com/935866
   https://bugzilla.suse.com/935906
   https://bugzilla.suse.com/936077
   https://bugzilla.suse.com/936423
   https://bugzilla.suse.com/936637
   https://bugzilla.suse.com/936831
   https://bugzilla.suse.com/936875
   https://bugzilla.suse.com/936925
   https://bugzilla.suse.com/937032
   https://bugzilla.suse.com/937402
   https://bugzilla.suse.com/937444
   https://bugzilla.suse.com/937503
   https://bugzilla.suse.com/937641
   https://bugzilla.suse.com/937855
   https://bugzilla.suse.com/939910
   https://bugzilla.suse.com/939994
   https://bugzilla.suse.com/940338
   https://bugzilla.suse.com/940398
   https://bugzilla.suse.com/942350



More information about the sle-security-updates mailing list