SUSE-SU-2016:0168-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Jan 19 06:12:52 MST 2016


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2016:0168-1
Rating:             important
References:         #758040 #902606 #924919 #935087 #937261 #943959 
                    #945649 #949440 #951155 #951199 #951392 #951615 
                    #951638 #952579 #952976 #956708 #956801 #956876 
                    #957395 #957546 #957988 #957990 #958463 #958504 
                    #958510 #958647 #958886 #958951 #959190 #959364 
                    #959399 #959436 #959705 #960300 
Cross-References:   CVE-2015-7550 CVE-2015-8539 CVE-2015-8543
                    CVE-2015-8550 CVE-2015-8551 CVE-2015-8552
                    CVE-2015-8569 CVE-2015-8575
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 12
                    SUSE Linux Enterprise Software Development Kit 12
                    SUSE Linux Enterprise Server 12
                    SUSE Linux Enterprise Module for Public Cloud 12
                    SUSE Linux Enterprise Live Patching 12
                    SUSE Linux Enterprise Desktop 12
______________________________________________________________________________

   An update that solves 8 vulnerabilities and has 26 fixes is
   now available.

Description:

   The SUSE Linux Enterprise 12 kernel was updated to receive various
   security and bugfixes.

   Following security bugs were fixed:
   - CVE-2015-7550: A local user could have triggered a race between read and
     revoke in keyctl (bnc#958951).
   - CVE-2015-8539: A negatively instantiated user key could have been used
     by a local user to leverage privileges (bnc#958463).
   - CVE-2015-8543: The networking implementation in the Linux kernel did not
     validate protocol identifiers for certain protocol families, which
     allowed local users to cause a denial of service (NULL function pointer
     dereference and system crash) or possibly gain privileges by leveraging
     CLONE_NEWUSER support to execute a crafted SOCK_RAW application
     (bnc#958886).
   - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers
     could have lead to double fetch vulnerabilities, causing denial of
     service or arbitrary code execution (depending on the configuration)
     (bsc#957988).
   - CVE-2015-8551, CVE-2015-8552: xen/pciback: For
     XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled
     (bsc#957990).
   - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in
     drivers/net/ppp/pptp.c in the Linux kernel did not verify an address
     length, which allowed local users to obtain sensitive information from
     kernel memory and bypass the KASLR protection mechanism via a crafted
     application (bnc#959190).
   - CVE-2015-8575: Validate socket address length in sco_sock_bind() to
     prevent information leak (bsc#959399).

   The following non-security bugs were fixed:
   - ACPICA: Correctly cleanup after a ACPI table load failure (bnc#937261).
   - ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504).
   - Input: aiptek - fix crash on detecting device without endpoints
     (bnc#956708).
   - Re-add copy_page_vector_to_user()
   - Refresh patches.xen/xen3-patch-3.12.46-47 (bsc#959705).
   - Refresh patches.xen/xen3-patch-3.9 (bsc#951155).
   - Update
   patches.suse/btrfs-8361-Btrfs-keep-dropped-roots-in-cache-until-transaction
     -.patch (bnc#935087, bnc#945649, bnc#951615).
   - bcache: Add btree_insert_node() (bnc#951638).
   - bcache: Add explicit keylist arg to btree_insert() (bnc#951638).
   - bcache: Clean up keylist code (bnc#951638).
   - bcache: Convert btree_insert_check_key() to btree_insert_node()
     (bnc#951638).
   - bcache: Convert bucket_wait to wait_queue_head_t (bnc#951638).
   - bcache: Convert try_wait to wait_queue_head_t (bnc#951638).
   - bcache: Explicitly track btree node's parent (bnc#951638).
   - bcache: Fix a bug when detaching (bsc#951638).
   - bcache: Fix a lockdep splat in an error path (bnc#951638).
   - bcache: Fix a shutdown bug (bsc#951638).
   - bcache: Fix more early shutdown bugs (bsc#951638).
   - bcache: Fix sysfs splat on shutdown with flash only devs (bsc#951638).
   - bcache: Insert multiple keys at a time (bnc#951638).
   - bcache: Refactor journalling flow control (bnc#951638).
   - bcache: Refactor request_write() (bnc#951638).
   - bcache: Use blkdev_issue_discard() (bnc#951638).
   - bcache: backing device set to clean after finishing detach (bsc#951638).
   - bcache: kill closure locking usage (bnc#951638).
   - blktap: also call blkif_disconnect() when frontend switched to closed
     (bsc#952976).
   - blktap: refine mm tracking (bsc#952976).
   - block: Always check queue limits for cloned requests (bsc#902606).
   - btrfs: Add qgroup tracing (bnc#935087, bnc#945649).
   - btrfs: Adjust commit-transaction condition to avoid NO_SPACE more
     (bsc#958647).
   - btrfs: Fix out-of-space bug (bsc#958647).
   - btrfs: Fix tail space processing in find_free_dev_extent() (bsc#958647).
   - btrfs: Set relative data on clear btrfs_block_group_cache->pinned
     (bsc#958647).
   - btrfs: Update btrfs qgroup status item when rescan is done (bnc#960300).
   - btrfs: backref: Add special time_seq == (u64)-1 case for
     btrfs_find_all_roots() (bnc#935087, bnc#945649).
   - btrfs: backref: Do not merge refs which are not for same block
     (bnc#935087, bnc#945649).
   - btrfs: cleanup: remove no-used alloc_chunk in
     btrfs_check_data_free_space() (bsc#958647).
   - btrfs: delayed-ref: Cleanup the unneeded functions (bnc#935087,
     bnc#945649).
   - btrfs: delayed-ref: Use list to replace the ref_root in ref_head
     (bnc#935087, bnc#945649).
   - btrfs: extent-tree: Use ref_node to replace unneeded parameters in
     __inc_extent_ref() and __free_extent() (bnc#935087, bnc#945649).
   - btrfs: fix comp_oper to get right order (bnc#935087, bnc#945649).
   - btrfs: fix condition of commit transaction (bsc#958647).
   - btrfs: fix leak in qgroup_subtree_accounting() error path (bnc#935087,
     bnc#945649).
   - btrfs: fix order by which delayed references are run (bnc#949440).
   - btrfs: fix qgroup sanity tests (bnc#951615).
   - btrfs: fix race waiting for qgroup rescan worker (bnc#960300).
   - btrfs: fix regression running delayed references when using qgroups
     (bnc#951615).
   - btrfs: fix regression when running delayed references (bnc#951615).
   - btrfs: fix sleeping inside atomic context in qgroup rescan worker
     (bnc#960300).
   - btrfs: fix the number of transaction units needed to remove a block
     group (bsc#958647).
   - btrfs: keep dropped roots in cache until transaction commit (bnc#935087,
     bnc#945649).
   - btrfs: qgroup: Add function qgroup_update_counters() (bnc#935087,
     bnc#945649).
   - btrfs: qgroup: Add function qgroup_update_refcnt() (bnc#935087,
     bnc#945649).
   - btrfs: qgroup: Add new function to record old_roots (bnc#935087,
     bnc#945649).
   - btrfs: qgroup: Add new qgroup calculation function
     btrfs_qgroup_account_extents() (bnc#935087, bnc#945649).
   - btrfs: qgroup: Add the ability to skip given qgroup for old/new_roots
     (bnc#935087, bnc#945649).
   - btrfs: qgroup: Cleanup open-coded old/new_refcnt update and read
     (bnc#935087, bnc#945649).
   - btrfs: qgroup: Cleanup the old ref_node-oriented mechanism (bnc#935087,
     bnc#945649).
   - btrfs: qgroup: Do not copy extent buffer to do qgroup rescan
     (bnc#960300).
   - btrfs: qgroup: Fix a regression in qgroup reserved space (bnc#935087,
     bnc#945649).
   - btrfs: qgroup: Make snapshot accounting work with new extent-oriented
     qgroup (bnc#935087, bnc#945649).
   - btrfs: qgroup: Record possible quota-related extent for qgroup
     (bnc#935087, bnc#945649).
   - btrfs: qgroup: Switch rescan to new mechanism (bnc#935087, bnc#945649).
   - btrfs: qgroup: Switch self test to extent-oriented qgroup mechanism
     (bnc#935087, bnc#945649).
   - btrfs: qgroup: Switch to new extent-oriented qgroup mechanism
     (bnc#935087, bnc#945649).
   - btrfs: qgroup: account shared subtree during snapshot delete
     (bnc#935087, bnc#945649).
   - btrfs: qgroup: clear STATUS_FLAG_ON in disabling quota (bnc#960300).
   - btrfs: qgroup: exit the rescan worker during umount (bnc#960300).
   - btrfs: qgroup: fix quota disable during rescan (bnc#960300).
   - btrfs: qgroup: move WARN_ON() to the correct location (bnc#935087,
     bnc#945649).
   - btrfs: remove transaction from send (bnc#935087, bnc#945649).
   - btrfs: ulist: Add ulist_del() function (bnc#935087, bnc#945649).
   - btrfs: use btrfs_get_fs_root in resolve_indirect_ref (bnc#935087,
     bnc#945649).
   - btrfs: use global reserve when deleting unused block group after ENOSPC
     (bsc#958647).
   - cache: Fix sysfs splat on shutdown with flash only devs (bsc#951638).
   - cpusets, isolcpus: exclude isolcpus from load balancing in cpusets
     (bsc#957395).
   - drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040).
   - drm: Allocate new master object when client becomes master (bsc#956876,
     bsc#956801).
   - drm: Fix KABI of "struct drm_file" (bsc#956876, bsc#956801).
   - e1000e: Do not read ICR in Other interrupt (bsc#924919).
   - e1000e: Do not write lsc to ics in msi-x mode (bsc#924919).
   - e1000e: Fix msi-x interrupt automask (bsc#924919).
   - e1000e: Remove unreachable code (bsc#924919).
   - genksyms: Handle string literals with spaces in reference files
     (bsc#958510).
   - ipv6: fix tunnel error handling (bsc#952579).
   - lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392).
   - mm/mempolicy.c: convert the shared_policy lock to a rwlock (bnc#959436).
   - mm: remove PG_waiters from PAGE_FLAGS_CHECK_AT_FREE (bnc#943959).
   - pm, hinernate: use put_page in release_swap_writer (bnc#943959).
   - sched, isolcpu: make cpu_isolated_map visible outside scheduler
     (bsc#957395).
   - udp: properly support MSG_PEEK with truncated buffers (bsc#951199
     bsc#959364).
   - xhci: Workaround to get Intel xHCI reset working more reliably
     (bnc#957546).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12:

      zypper in -t patch SUSE-SLE-WE-12-2016-107=1

   - SUSE Linux Enterprise Software Development Kit 12:

      zypper in -t patch SUSE-SLE-SDK-12-2016-107=1

   - SUSE Linux Enterprise Server 12:

      zypper in -t patch SUSE-SLE-SERVER-12-2016-107=1

   - SUSE Linux Enterprise Module for Public Cloud 12:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-107=1

   - SUSE Linux Enterprise Live Patching 12:

      zypper in -t patch SUSE-SLE-Live-Patching-12-2016-107=1

   - SUSE Linux Enterprise Desktop 12:

      zypper in -t patch SUSE-SLE-DESKTOP-12-2016-107=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Workstation Extension 12 (x86_64):

      kernel-default-debuginfo-3.12.51-52.34.1
      kernel-default-debugsource-3.12.51-52.34.1
      kernel-default-extra-3.12.51-52.34.1
      kernel-default-extra-debuginfo-3.12.51-52.34.1

   - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):

      kernel-obs-build-3.12.51-52.34.1
      kernel-obs-build-debugsource-3.12.51-52.34.1

   - SUSE Linux Enterprise Software Development Kit 12 (noarch):

      kernel-docs-3.12.51-52.34.3

   - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):

      kernel-default-3.12.51-52.34.1
      kernel-default-base-3.12.51-52.34.1
      kernel-default-base-debuginfo-3.12.51-52.34.1
      kernel-default-debuginfo-3.12.51-52.34.1
      kernel-default-debugsource-3.12.51-52.34.1
      kernel-default-devel-3.12.51-52.34.1
      kernel-syms-3.12.51-52.34.1

   - SUSE Linux Enterprise Server 12 (x86_64):

      kernel-xen-3.12.51-52.34.1
      kernel-xen-base-3.12.51-52.34.1
      kernel-xen-base-debuginfo-3.12.51-52.34.1
      kernel-xen-debuginfo-3.12.51-52.34.1
      kernel-xen-debugsource-3.12.51-52.34.1
      kernel-xen-devel-3.12.51-52.34.1

   - SUSE Linux Enterprise Server 12 (noarch):

      kernel-devel-3.12.51-52.34.1
      kernel-macros-3.12.51-52.34.1
      kernel-source-3.12.51-52.34.1

   - SUSE Linux Enterprise Server 12 (s390x):

      kernel-default-man-3.12.51-52.34.1

   - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64):

      kernel-ec2-3.12.51-52.34.1
      kernel-ec2-debuginfo-3.12.51-52.34.1
      kernel-ec2-debugsource-3.12.51-52.34.1
      kernel-ec2-devel-3.12.51-52.34.1
      kernel-ec2-extra-3.12.51-52.34.1
      kernel-ec2-extra-debuginfo-3.12.51-52.34.1

   - SUSE Linux Enterprise Live Patching 12 (x86_64):

      kgraft-patch-3_12_51-52_34-default-1-2.1
      kgraft-patch-3_12_51-52_34-xen-1-2.1

   - SUSE Linux Enterprise Desktop 12 (x86_64):

      kernel-default-3.12.51-52.34.1
      kernel-default-debuginfo-3.12.51-52.34.1
      kernel-default-debugsource-3.12.51-52.34.1
      kernel-default-devel-3.12.51-52.34.1
      kernel-default-extra-3.12.51-52.34.1
      kernel-default-extra-debuginfo-3.12.51-52.34.1
      kernel-syms-3.12.51-52.34.1
      kernel-xen-3.12.51-52.34.1
      kernel-xen-debuginfo-3.12.51-52.34.1
      kernel-xen-debugsource-3.12.51-52.34.1
      kernel-xen-devel-3.12.51-52.34.1

   - SUSE Linux Enterprise Desktop 12 (noarch):

      kernel-devel-3.12.51-52.34.1
      kernel-macros-3.12.51-52.34.1
      kernel-source-3.12.51-52.34.1


References:

   https://www.suse.com/security/cve/CVE-2015-7550.html
   https://www.suse.com/security/cve/CVE-2015-8539.html
   https://www.suse.com/security/cve/CVE-2015-8543.html
   https://www.suse.com/security/cve/CVE-2015-8550.html
   https://www.suse.com/security/cve/CVE-2015-8551.html
   https://www.suse.com/security/cve/CVE-2015-8552.html
   https://www.suse.com/security/cve/CVE-2015-8569.html
   https://www.suse.com/security/cve/CVE-2015-8575.html
   https://bugzilla.suse.com/758040
   https://bugzilla.suse.com/902606
   https://bugzilla.suse.com/924919
   https://bugzilla.suse.com/935087
   https://bugzilla.suse.com/937261
   https://bugzilla.suse.com/943959
   https://bugzilla.suse.com/945649
   https://bugzilla.suse.com/949440
   https://bugzilla.suse.com/951155
   https://bugzilla.suse.com/951199
   https://bugzilla.suse.com/951392
   https://bugzilla.suse.com/951615
   https://bugzilla.suse.com/951638
   https://bugzilla.suse.com/952579
   https://bugzilla.suse.com/952976
   https://bugzilla.suse.com/956708
   https://bugzilla.suse.com/956801
   https://bugzilla.suse.com/956876
   https://bugzilla.suse.com/957395
   https://bugzilla.suse.com/957546
   https://bugzilla.suse.com/957988
   https://bugzilla.suse.com/957990
   https://bugzilla.suse.com/958463
   https://bugzilla.suse.com/958504
   https://bugzilla.suse.com/958510
   https://bugzilla.suse.com/958647
   https://bugzilla.suse.com/958886
   https://bugzilla.suse.com/958951
   https://bugzilla.suse.com/959190
   https://bugzilla.suse.com/959364
   https://bugzilla.suse.com/959399
   https://bugzilla.suse.com/959436
   https://bugzilla.suse.com/959705
   https://bugzilla.suse.com/960300



More information about the sle-security-updates mailing list