[security-announce] SUSE-SU-2016:3069-1: important: Security update for the Linux Kernel

9 Dec 2016

      SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2016:3069-1
Rating:             important
References:         #1000189 #1001419 #1002165 #1004418 #732582 
                    #839104 #843236 #909994 #911687 #915183 #920016 
                    #934760 #951392 #956514 #960689 #963655 #971975 
                    #971989 #974620 #976867 #977687 #979514 #979595 
                    #979681 #980371 #982218 #982783 #983535 #983619 
                    #984102 #984194 #984992 #985206 #986362 #986365 
                    #986445 #987565 #988440 #989152 #989261 #989779 
                    #991608 #991665 #991923 #992566 #993127 #993890 
                    #993891 #994296 #994436 #994618 #994759 #994926 
                    #996329 #996664 #997708 #998399 #999584 #999600 
                    #999932 
Cross-References:   CVE-2013-4312 CVE-2015-7513 CVE-2016-0823
                    CVE-2016-3841 CVE-2016-4997 CVE-2016-4998
                    CVE-2016-5195 CVE-2016-5696 CVE-2016-6480
                    CVE-2016-6828 CVE-2016-7425
Affected Products:
                    SUSE Linux Enterprise Real Time Extension 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that solves 11 vulnerabilities and has 49 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various
   security and bugfixes.

   This feature was added:

   - Support for the 2017 Intel Purley platform.

   The following security bugs were fixed:

   - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed,
     which is reportedly exploited in the wild (bsc#1004418).
   - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the
     Linux kernel allowed local users to obtain sensitive physical-address
     information by reading a pagemap file, aka Android internal bug 25739721
     (bnc#994759).
   - CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options
     data, which allowed local users to gain privileges or cause a denial of
     service (use-after-free and system crash) via a crafted sendmsg system
     call (bnc#992566).
   - CVE-2016-6828: Use after free in tcp_xmit_retransmit_queue or other tcp_
     functions (bsc#994296)
   - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly
     determine the rate of challenge ACK segments, which made it easier for
     man-in-the-middle attackers to hijack TCP sessions via a blind in-window
     attack (bnc#989152)
   - CVE-2016-6480: Race condition in the ioctl_send_fib function in
     drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users
     to cause a denial of service (out-of-bounds access or system crash) by
     changing a certain size value, aka a "double fetch" vulnerability
     (bnc#991608)
   - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE
     setsockopt implementations in the netfilter subsystem in the Linux
     kernel allowed local users to gain privileges or cause a denial of
     service (memory corruption) by leveraging in-container root access to
     provide a crafted offset value that triggers an unintended decrement
     (bnc#986362).
   - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the
     PIT counter values during state restoration, which allowed guest OS
     users to cause a denial of service (divide-by-zero error and host OS
     crash) via a zero value, related to the kvm_vm_ioctl_set_pit and
     kvm_vm_ioctl_set_pit2 functions (bnc#960689).
   - CVE-2013-4312: The Linux kernel allowed local users to bypass
     file-descriptor limits and cause a denial of service (memory
     consumption) by sending each descriptor over a UNIX socket closing it,
     related to net/unix/af_unix.c and net/unix/garbage.c (bnc#839104).
   - CVE-2016-7425: A buffer overflow in the Linux Kernel in
     arcmsr_iop_message_xfer() could have caused kernel heap corruption and
     arbitraty kernel code execution (bsc#999932)

   The following non-security bugs were fixed:

   - ahci: Order SATA device IDs for codename Lewisburg.
   - AHCI: Remove obsolete Intel Lewisburg SATA RAID device IDs.
   - ALSA: hda - Add Intel Lewisburg device IDs Audio.
   - avoid dentry crash triggered by NFS (bsc#984194).
   - blktap2: eliminate deadlock potential from shutdown path (bsc#909994).
   - blktap2: eliminate race from deferred work queue handling (bsc#911687).
   - bonding: always set recv_probe to bond_arp_rcv in arp monitor
     (bsc#977687).
   - bonding: fix bond_arp_rcv setting and arp validate desync state
     (bsc#977687).
   - btrfs: account for non-CoW'd blocks in btrfs_abort_transaction
     (bsc#983619).
   - btrfs: ensure that file descriptor used with subvol ioctls is a dir
     (bsc#999600).
   - cdc-acm: added sanity checking for probe() (bsc#993891).
   - cxgb4: Set VPD size so we can read both VPD structures (bsc#976867).
   - Delete patches.fixes/net-fix-crash-due-to-wrong-dev-in-calling.patch.
     (bsc#979514)
   - fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681)
   - fs/select: add vmalloc fallback for select(2) (bsc#1000189).
   - fs/select: introduce SIZE_MAX (bsc#1000189).
   - i2c: i801: add Intel Lewisburg device IDs.
   - include/linux/mmdebug.h: should include linux/bug.h (bnc#971975 VM
     performance -- git fixes).
   - increase CONFIG_NR_IRQS 512 -> 2048 reportedly irq error with multiple
     nvme and tg3 in the same machine is resolved by increasing
     CONFIG_NR_IRQS (bsc#998399)
   - kabi, unix: properly account for FDs passed over unix sockets
     (bnc#839104).
   - kaweth: fix firmware download (bsc#993890).
   - kaweth: fix oops upon failed memory allocation (bsc#993890).
   - KVM: x86: SYSENTER emulation is broken (bsc#994618).
   - libfc: sanity check cpu number extracted from xid (bsc#988440).
   - lpfc: call lpfc_sli_validate_fcp_iocb() with the hbalock held
     (bsc#951392).
   - md: lockless I/O submission for RAID1 (bsc#982783).
   - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED
     (VM Functionality, bnc#986445).
   - mpt2sas, mpt3sas: Fix panic when aer correct error occurred (bsc#997708).
   - net: add pfmemalloc check in sk_add_backlog() (bnc#920016).
   - netback: fix flipping mode (bsc#996664).
   - nfs: Do not drop directory dentry which is in use (bsc#993127).
   - nfs: Don't disconnect open-owner on NFS4ERR_BAD_SEQID (bsc#989261).
   - nfs: Don't write enable new pages while an invalidation is proceeding
     (bsc#999584).
   - nfs: Fix a regression in the read() syscall (bsc#999584).
   - nfs: Fix races in nfs_revalidate_mapping (bsc#999584).
   - nfs: fix the handling of NFS_INO_INVALID_DATA flag in
     nfs_revalidate_mapping (bsc#999584).
   - nfs: Fix writeback performance issue on cache invalidation (bsc#999584).
   - nfs: Refresh open-owner id when server says SEQID is bad (bsc#989261).
   - nfsv4: do not check MAY_WRITE access bit in OPEN (bsc#985206).
   - nfsv4: fix broken patch relating to v4 read delegations (bsc#956514,
     bsc#989261, bsc#979595).
   - nfsv4: Fix range checking in __nfs4_get_acl_uncached and
     __nfs4_proc_set_acl (bsc#982218).
   - pci: Add pci_set_vpd_size() to set VPD size (bsc#976867).
   - pciback: fix conf_space read/write overlap check.
   - powerpc: add kernel parameter iommu_alloc_quiet (bsc#994926).
   - ppp: defer netns reference release for ppp channel (bsc#980371).
   - random32: add prandom_u32_max (bsc#989152).
   - rpm/constraints.in: Bump x86 disk space requirement to 20GB Clamav tends
     to run out of space nowadays.
   - s390/dasd: fix hanging device after clear subchannel (bnc#994436).
   - sata: Adding Intel Lewisburg device IDs for SATA.
   - sched/core: Fix an SMP ordering race in try_to_wake_up() vs.  schedule()
     (bnc#1001419).
   - sched/core: Fix a race between try_to_wake_up() and a woken up task
     (bnc#1002165).
   - sched: Fix possible divide by zero in avg_atom() calculation
     (bsc#996329).
   - scsi_dh_rdac: retry inquiry for UNIT ATTENTION (bsc#934760).
   - scsi: do not print "reservation conflict" for TEST UNIT READY
     (bsc#984102).
   - scsi: ibmvfc: add FC Class 3 Error Recovery support (bsc#984992).
   - scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989)
   - scsi: ibmvfc: Set READ FCP_XFER_READY DISABLED bit in PRLI (bsc#984992).
   - scsi_scan: Send TEST UNIT READY to LUN0 before LUN scanning
     (bnc#843236,bsc#989779).
   - tmpfs: change final i_blocks BUG to WARNING (bsc#991923).
   - Update
   patches.drivers/fcoe-0102-fcoe-ensure-that-skb-placed-on-the-fip_recv_list-
     are.patch (add bsc#732582 reference).
   - USB: fix typo in wMaxPacketSize validation (bsc#991665).
   - USB: validate wMaxPacketValue entries in endpoint descriptors
     (bnc#991665).
   - vlan: don't deliver frames for unknown vlans to protocols (bsc#979514).
   - vlan: mask vlan prio bits (bsc#979514).
   - xenbus: inspect the correct type in xenbus_dev_request_and_reply().
   - xen: x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620).
   - xfs: Avoid grabbing ilock when file size is not changed (bsc#983535).
   - xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565).

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Real Time Extension 11-SP4:

      zypper in -t patch slertesp4-kernel-source-12880=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-kernel-source-12880=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64):

      kernel-rt-3.0.101.rt130-65.1
      kernel-rt-base-3.0.101.rt130-65.1
      kernel-rt-devel-3.0.101.rt130-65.1
      kernel-rt_trace-3.0.101.rt130-65.1
      kernel-rt_trace-base-3.0.101.rt130-65.1
      kernel-rt_trace-devel-3.0.101.rt130-65.1
      kernel-source-rt-3.0.101.rt130-65.1
      kernel-syms-rt-3.0.101.rt130-65.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64):

      kernel-rt-debuginfo-3.0.101.rt130-65.1
      kernel-rt-debugsource-3.0.101.rt130-65.1
      kernel-rt_debug-debuginfo-3.0.101.rt130-65.1
      kernel-rt_debug-debugsource-3.0.101.rt130-65.1
      kernel-rt_trace-debuginfo-3.0.101.rt130-65.1
      kernel-rt_trace-debugsource-3.0.101.rt130-65.1

References:

   https://www.suse.com/security/cve/CVE-2013-4312.html
   https://www.suse.com/security/cve/CVE-2015-7513.html
   https://www.suse.com/security/cve/CVE-2016-0823.html
   https://www.suse.com/security/cve/CVE-2016-3841.html
   https://www.suse.com/security/cve/CVE-2016-4997.html
   https://www.suse.com/security/cve/CVE-2016-4998.html
   https://www.suse.com/security/cve/CVE-2016-5195.html
   https://www.suse.com/security/cve/CVE-2016-5696.html
   https://www.suse.com/security/cve/CVE-2016-6480.html
   https://www.suse.com/security/cve/CVE-2016-6828.html
   https://www.suse.com/security/cve/CVE-2016-7425.html
   https://bugzilla.suse.com/1000189
   https://bugzilla.suse.com/1001419
   https://bugzilla.suse.com/1002165
   https://bugzilla.suse.com/1004418
   https://bugzilla.suse.com/732582
   https://bugzilla.suse.com/839104
   https://bugzilla.suse.com/843236
   https://bugzilla.suse.com/909994
   https://bugzilla.suse.com/911687
   https://bugzilla.suse.com/915183
   https://bugzilla.suse.com/920016
   https://bugzilla.suse.com/934760
   https://bugzilla.suse.com/951392
   https://bugzilla.suse.com/956514
   https://bugzilla.suse.com/960689
   https://bugzilla.suse.com/963655
   https://bugzilla.suse.com/971975
   https://bugzilla.suse.com/971989
   https://bugzilla.suse.com/974620
   https://bugzilla.suse.com/976867
   https://bugzilla.suse.com/977687
   https://bugzilla.suse.com/979514
   https://bugzilla.suse.com/979595
   https://bugzilla.suse.com/979681
   https://bugzilla.suse.com/980371
   https://bugzilla.suse.com/982218
   https://bugzilla.suse.com/982783
   https://bugzilla.suse.com/983535
   https://bugzilla.suse.com/983619
   https://bugzilla.suse.com/984102
   https://bugzilla.suse.com/984194
   https://bugzilla.suse.com/984992
   https://bugzilla.suse.com/985206
   https://bugzilla.suse.com/986362
   https://bugzilla.suse.com/986365
   https://bugzilla.suse.com/986445
   https://bugzilla.suse.com/987565
   https://bugzilla.suse.com/988440
   https://bugzilla.suse.com/989152
   https://bugzilla.suse.com/989261
   https://bugzilla.suse.com/989779
   https://bugzilla.suse.com/991608
   https://bugzilla.suse.com/991665
   https://bugzilla.suse.com/991923
   https://bugzilla.suse.com/992566
   https://bugzilla.suse.com/993127
   https://bugzilla.suse.com/993890
   https://bugzilla.suse.com/993891
   https://bugzilla.suse.com/994296
   https://bugzilla.suse.com/994436
   https://bugzilla.suse.com/994618
   https://bugzilla.suse.com/994759
   https://bugzilla.suse.com/994926
   https://bugzilla.suse.com/996329
   https://bugzilla.suse.com/996664
   https://bugzilla.suse.com/997708
   https://bugzilla.suse.com/998399
   https://bugzilla.suse.com/999584
   https://bugzilla.suse.com/999600
   https://bugzilla.suse.com/999932

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

[security-announce] SUSE-SU-2016:3069-1: important: Security update for the Linux Kernel

opensuse-security＠opensuse.org