[security-announce] SUSE-SU-2016:0168-1: important: Security update for the Linux Kernel

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0168-1 Rating: important References: #758040 #902606 #924919 #935087 #937261 #943959 #945649 #949440 #951155 #951199 #951392 #951615 #951638 #952579 #952976 #956708 #956801 #956876 #957395 #957546 #957988 #957990 #958463 #958504 #958510 #958647 #958886 #958951 #959190 #959364 #959399 #959436 #959705 #960300 Cross-References: CVE-2015-7550 CVE-2015-8539 CVE-2015-8543 CVE-2015-8550 CVE-2015-8551 CVE-2015-8552 CVE-2015-8569 CVE-2015-8575 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 26 fixes is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2015-7550: A local user could have triggered a race between read and revoke in keyctl (bnc#958951). - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958463). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988). - CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled (bsc#957990). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8575: Validate socket address length in sco_sock_bind() to prevent information leak (bsc#959399). The following non-security bugs were fixed: - ACPICA: Correctly cleanup after a ACPI table load failure (bnc#937261). - ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504). - Input: aiptek - fix crash on detecting device without endpoints (bnc#956708). - Re-add copy_page_vector_to_user() - Refresh patches.xen/xen3-patch-3.12.46-47 (bsc#959705). - Refresh patches.xen/xen3-patch-3.9 (bsc#951155). - Update patches.suse/btrfs-8361-Btrfs-keep-dropped-roots-in-cache-until-transaction -.patch (bnc#935087, bnc#945649, bnc#951615). - bcache: Add btree_insert_node() (bnc#951638). - bcache: Add explicit keylist arg to btree_insert() (bnc#951638). - bcache: Clean up keylist code (bnc#951638). - bcache: Convert btree_insert_check_key() to btree_insert_node() (bnc#951638). - bcache: Convert bucket_wait to wait_queue_head_t (bnc#951638). - bcache: Convert try_wait to wait_queue_head_t (bnc#951638). - bcache: Explicitly track btree node's parent (bnc#951638). - bcache: Fix a bug when detaching (bsc#951638). - bcache: Fix a lockdep splat in an error path (bnc#951638). - bcache: Fix a shutdown bug (bsc#951638). - bcache: Fix more early shutdown bugs (bsc#951638). - bcache: Fix sysfs splat on shutdown with flash only devs (bsc#951638). - bcache: Insert multiple keys at a time (bnc#951638). - bcache: Refactor journalling flow control (bnc#951638). - bcache: Refactor request_write() (bnc#951638). - bcache: Use blkdev_issue_discard() (bnc#951638). - bcache: backing device set to clean after finishing detach (bsc#951638). - bcache: kill closure locking usage (bnc#951638). - blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976). - blktap: refine mm tracking (bsc#952976). - block: Always check queue limits for cloned requests (bsc#902606). - btrfs: Add qgroup tracing (bnc#935087, bnc#945649). - btrfs: Adjust commit-transaction condition to avoid NO_SPACE more (bsc#958647). - btrfs: Fix out-of-space bug (bsc#958647). - btrfs: Fix tail space processing in find_free_dev_extent() (bsc#958647). - btrfs: Set relative data on clear btrfs_block_group_cache->pinned (bsc#958647). - btrfs: Update btrfs qgroup status item when rescan is done (bnc#960300). - btrfs: backref: Add special time_seq == (u64)-1 case for btrfs_find_all_roots() (bnc#935087, bnc#945649). - btrfs: backref: Do not merge refs which are not for same block (bnc#935087, bnc#945649). - btrfs: cleanup: remove no-used alloc_chunk in btrfs_check_data_free_space() (bsc#958647). - btrfs: delayed-ref: Cleanup the unneeded functions (bnc#935087, bnc#945649). - btrfs: delayed-ref: Use list to replace the ref_root in ref_head (bnc#935087, bnc#945649). - btrfs: extent-tree: Use ref_node to replace unneeded parameters in __inc_extent_ref() and __free_extent() (bnc#935087, bnc#945649). - btrfs: fix comp_oper to get right order (bnc#935087, bnc#945649). - btrfs: fix condition of commit transaction (bsc#958647). - btrfs: fix leak in qgroup_subtree_accounting() error path (bnc#935087, bnc#945649). - btrfs: fix order by which delayed references are run (bnc#949440). - btrfs: fix qgroup sanity tests (bnc#951615). - btrfs: fix race waiting for qgroup rescan worker (bnc#960300). - btrfs: fix regression running delayed references when using qgroups (bnc#951615). - btrfs: fix regression when running delayed references (bnc#951615). - btrfs: fix sleeping inside atomic context in qgroup rescan worker (bnc#960300). - btrfs: fix the number of transaction units needed to remove a block group (bsc#958647). - btrfs: keep dropped roots in cache until transaction commit (bnc#935087, bnc#945649). - btrfs: qgroup: Add function qgroup_update_counters() (bnc#935087, bnc#945649). - btrfs: qgroup: Add function qgroup_update_refcnt() (bnc#935087, bnc#945649). - btrfs: qgroup: Add new function to record old_roots (bnc#935087, bnc#945649). - btrfs: qgroup: Add new qgroup calculation function btrfs_qgroup_account_extents() (bnc#935087, bnc#945649). - btrfs: qgroup: Add the ability to skip given qgroup for old/new_roots (bnc#935087, bnc#945649). - btrfs: qgroup: Cleanup open-coded old/new_refcnt update and read (bnc#935087, bnc#945649). - btrfs: qgroup: Cleanup the old ref_node-oriented mechanism (bnc#935087, bnc#945649). - btrfs: qgroup: Do not copy extent buffer to do qgroup rescan (bnc#960300). - btrfs: qgroup: Fix a regression in qgroup reserved space (bnc#935087, bnc#945649). - btrfs: qgroup: Make snapshot accounting work with new extent-oriented qgroup (bnc#935087, bnc#945649). - btrfs: qgroup: Record possible quota-related extent for qgroup (bnc#935087, bnc#945649). - btrfs: qgroup: Switch rescan to new mechanism (bnc#935087, bnc#945649). - btrfs: qgroup: Switch self test to extent-oriented qgroup mechanism (bnc#935087, bnc#945649). - btrfs: qgroup: Switch to new extent-oriented qgroup mechanism (bnc#935087, bnc#945649). - btrfs: qgroup: account shared subtree during snapshot delete (bnc#935087, bnc#945649). - btrfs: qgroup: clear STATUS_FLAG_ON in disabling quota (bnc#960300). - btrfs: qgroup: exit the rescan worker during umount (bnc#960300). - btrfs: qgroup: fix quota disable during rescan (bnc#960300). - btrfs: qgroup: move WARN_ON() to the correct location (bnc#935087, bnc#945649). - btrfs: remove transaction from send (bnc#935087, bnc#945649). - btrfs: ulist: Add ulist_del() function (bnc#935087, bnc#945649). - btrfs: use btrfs_get_fs_root in resolve_indirect_ref (bnc#935087, bnc#945649). - btrfs: use global reserve when deleting unused block group after ENOSPC (bsc#958647). - cache: Fix sysfs splat on shutdown with flash only devs (bsc#951638). - cpusets, isolcpus: exclude isolcpus from load balancing in cpusets (bsc#957395). - drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040). - drm: Allocate new master object when client becomes master (bsc#956876, bsc#956801). - drm: Fix KABI of "struct drm_file" (bsc#956876, bsc#956801). - e1000e: Do not read ICR in Other interrupt (bsc#924919). - e1000e: Do not write lsc to ics in msi-x mode (bsc#924919). - e1000e: Fix msi-x interrupt automask (bsc#924919). - e1000e: Remove unreachable code (bsc#924919). - genksyms: Handle string literals with spaces in reference files (bsc#958510). - ipv6: fix tunnel error handling (bsc#952579). - lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392). - mm/mempolicy.c: convert the shared_policy lock to a rwlock (bnc#959436). - mm: remove PG_waiters from PAGE_FLAGS_CHECK_AT_FREE (bnc#943959). - pm, hinernate: use put_page in release_swap_writer (bnc#943959). - sched, isolcpu: make cpu_isolated_map visible outside scheduler (bsc#957395). - udp: properly support MSG_PEEK with truncated buffers (bsc#951199 bsc#959364). - xhci: Workaround to get Intel xHCI reset working more reliably (bnc#957546). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-107=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-107=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-107=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-107=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-107=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-107=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): kernel-default-debuginfo-3.12.51-52.34.1 kernel-default-debugsource-3.12.51-52.34.1 kernel-default-extra-3.12.51-52.34.1 kernel-default-extra-debuginfo-3.12.51-52.34.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): kernel-obs-build-3.12.51-52.34.1 kernel-obs-build-debugsource-3.12.51-52.34.1 - SUSE Linux Enterprise Software Development Kit 12 (noarch): kernel-docs-3.12.51-52.34.3 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): kernel-default-3.12.51-52.34.1 kernel-default-base-3.12.51-52.34.1 kernel-default-base-debuginfo-3.12.51-52.34.1 kernel-default-debuginfo-3.12.51-52.34.1 kernel-default-debugsource-3.12.51-52.34.1 kernel-default-devel-3.12.51-52.34.1 kernel-syms-3.12.51-52.34.1 - SUSE Linux Enterprise Server 12 (x86_64): kernel-xen-3.12.51-52.34.1 kernel-xen-base-3.12.51-52.34.1 kernel-xen-base-debuginfo-3.12.51-52.34.1 kernel-xen-debuginfo-3.12.51-52.34.1 kernel-xen-debugsource-3.12.51-52.34.1 kernel-xen-devel-3.12.51-52.34.1 - SUSE Linux Enterprise Server 12 (noarch): kernel-devel-3.12.51-52.34.1 kernel-macros-3.12.51-52.34.1 kernel-source-3.12.51-52.34.1 - SUSE Linux Enterprise Server 12 (s390x): kernel-default-man-3.12.51-52.34.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.51-52.34.1 kernel-ec2-debuginfo-3.12.51-52.34.1 kernel-ec2-debugsource-3.12.51-52.34.1 kernel-ec2-devel-3.12.51-52.34.1 kernel-ec2-extra-3.12.51-52.34.1 kernel-ec2-extra-debuginfo-3.12.51-52.34.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_51-52_34-default-1-2.1 kgraft-patch-3_12_51-52_34-xen-1-2.1 - SUSE Linux Enterprise Desktop 12 (x86_64): kernel-default-3.12.51-52.34.1 kernel-default-debuginfo-3.12.51-52.34.1 kernel-default-debugsource-3.12.51-52.34.1 kernel-default-devel-3.12.51-52.34.1 kernel-default-extra-3.12.51-52.34.1 kernel-default-extra-debuginfo-3.12.51-52.34.1 kernel-syms-3.12.51-52.34.1 kernel-xen-3.12.51-52.34.1 kernel-xen-debuginfo-3.12.51-52.34.1 kernel-xen-debugsource-3.12.51-52.34.1 kernel-xen-devel-3.12.51-52.34.1 - SUSE Linux Enterprise Desktop 12 (noarch): kernel-devel-3.12.51-52.34.1 kernel-macros-3.12.51-52.34.1 kernel-source-3.12.51-52.34.1 References: https://www.suse.com/security/cve/CVE-2015-7550.html https://www.suse.com/security/cve/CVE-2015-8539.html https://www.suse.com/security/cve/CVE-2015-8543.html https://www.suse.com/security/cve/CVE-2015-8550.html https://www.suse.com/security/cve/CVE-2015-8551.html https://www.suse.com/security/cve/CVE-2015-8552.html https://www.suse.com/security/cve/CVE-2015-8569.html https://www.suse.com/security/cve/CVE-2015-8575.html https://bugzilla.suse.com/758040 https://bugzilla.suse.com/902606 https://bugzilla.suse.com/924919 https://bugzilla.suse.com/935087 https://bugzilla.suse.com/937261 https://bugzilla.suse.com/943959 https://bugzilla.suse.com/945649 https://bugzilla.suse.com/949440 https://bugzilla.suse.com/951155 https://bugzilla.suse.com/951199 https://bugzilla.suse.com/951392 https://bugzilla.suse.com/951615 https://bugzilla.suse.com/951638 https://bugzilla.suse.com/952579 https://bugzilla.suse.com/952976 https://bugzilla.suse.com/956708 https://bugzilla.suse.com/956801 https://bugzilla.suse.com/956876 https://bugzilla.suse.com/957395 https://bugzilla.suse.com/957546 https://bugzilla.suse.com/957988 https://bugzilla.suse.com/957990 https://bugzilla.suse.com/958463 https://bugzilla.suse.com/958504 https://bugzilla.suse.com/958510 https://bugzilla.suse.com/958647 https://bugzilla.suse.com/958886 https://bugzilla.suse.com/958951 https://bugzilla.suse.com/959190 https://bugzilla.suse.com/959364 https://bugzilla.suse.com/959399 https://bugzilla.suse.com/959436 https://bugzilla.suse.com/959705 https://bugzilla.suse.com/960300 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org